[squid-users] Interesting problem

Alex Samad alex at samad.com.au
Wed Feb 25 04:18:03 UTC 2015


Hi

I am running squid on Centos 6.5
squid-3.1.10-29.el6.x86_64

when I browse to https://www.quadriserv.com from IE or Chrome via the
squid proxy, it seems to corrupt the server cert.

when i browse to the site by passing squid it works fine.

I have tried wget from the squid box works fine also tried openssl s_client

openssl s_client -connect www.quadriserv.com:443 -showcerts </dev/null | less

-----BEGIN CERTIFICATE-----
MIIFyTCCBLGgAwIBAgIRAJfNWR72clr8JgXbvgA+uqgwDQYJKoZIhvcNAQEFBQAw
YjELMAkGA1UEBhMCVVMxITAfBgNVBAoTGE5ldHdvcmsgU29sdXRpb25zIEwuTC5D
LjEwMC4GA1UEAxMnTmV0d29yayBTb2x1dGlvbnMgQ2VydGlmaWNhdGUgQXV0aG9y
aXR5MB4XDTEzMTAyMjAwMDAwMFoXDTE4MDQxMjIzNTk1OVowgdMxCzAJBgNVBAYT
AlVTMQ4wDAYDVQQREwUxMDAxNzELMAkGA1UECBMCTlkxFjAUBgNVBAcTDU5ldyBZ
b3JrIENpdHkxEzARBgNVBAkTCjE0dGggRmxvb3IxFjAUBgNVBAkTDTUyOSBGaWZ0
aCBBdmUxFzAVBgNVBAoTDlF1YWRyaXNlcnYgSW5jMQswCQYDVQQLEwJJVDEhMB8G
A1UECxMYU2VjdXJlIExpbmsgU1NMIFdpbGRjYXJkMRkwFwYDVQQDFBAqLnF1YWRy
aXNlcnYuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3Oa12dWu
84WE2CeA0hVoFAw50+HpoB30Gi7uQ9/NK0A+gt8Igk5Vcwub6atldIiVc62k7v/9
DPZNoBxsOVopaTuDA54E6wnHEYve6VCr2xlQAnJEraIDZnvvQG/YnC8/ll44Yg06
MWVvMSug7oDSLhPPRX5ZjkQikpB6XKO1OhUUOJghUfo0YlG4I/8MBWpvJitaJOH9
pELBmepJFcpBvkij20Nk6MZu8kwzVs21Rp4FTEHpSH9Iagn7kw186nHqZkl+9D7e
UxM4IKc74j++Z2RjEPpPLLMcJYakD6kgkCUSkqiGmUS6R/4KBtbsE39lgJxNQDHU
Kqn5boHiyOjEZwIDAQABo4ICBjCCAgIwHwYDVR0jBBgwFoAUPEHijwgIqUwliY1t
xTjQ/IWMYhcwHQYDVR0OBBYEFCEGQeaf1tkMz9/3AA3y99GiCgzQMA4GA1UdDwEB
/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
BQcDAjB1BgNVHSAEbjBsMGAGDCsGAQQBhg4BAgEDATBQME4GCCsGAQUFBwIBFkJo
dHRwOi8vd3d3Lm5ldHdvcmtzb2x1dGlvbnMuY29tL2xlZ2FsL1NTTC1sZWdhbC1y
ZXBvc2l0b3J5LWNwcy5qc3AwCAYGZ4EMAQICMHoGA1UdHwRzMHEwNqA0oDKGMGh0
dHA6Ly9jcmwubmV0c29sc3NsLmNvbS9OZXR3b3JrU29sdXRpb25zX0NBLmNybDA3
oDWgM4YxaHR0cDovL2NybDIubmV0c29sc3NsLmNvbS9OZXR3b3JrU29sdXRpb25z
X0NBLmNybDBzBggrBgEFBQcBAQRnMGUwPAYIKwYBBQUHMAKGMGh0dHA6Ly93d3cu
bmV0c29sc3NsLmNvbS9OZXR3b3JrU29sdXRpb25zX0NBLmNydDAlBggrBgEFBQcw
AYYZaHR0cDovL29jc3AubmV0c29sc3NsLmNvbTAbBgNVHREEFDASghAqLnF1YWRy
aXNlcnYuY29tMA0GCSqGSIb3DQEBBQUAA4IBAQCsgRiTxwFDYa+3AZFzFj7XuhP3
LuEuI55Ppj0SwLfBjLeiHuQB616V536O1TWqbJGUc1KhXwiTh6kDFx5RXVGohV1f
qoaVFoKMkX+fVkG3VNjGmaqaZalweWRf0s6jMskWuSUQkWdADGnNCnqRxIrtyLfS
7/OHak+o2W0R+0jdsiUiLC7iZLzgpdFwHUa1wEVSjz2rCaI0TjEDkUKGfDITzZ9J
IY64c7QiYjzNF/PzlCIpL6zwPqnswLp25WOPM1jE4mqsK/9Z6Q0SWckk8WRTnlQA
YIbTFxXiY5fkkc4wdNNJZDv2R/nW9VkkK4u4qiJQ5Q5Y3iqHic+D3GZ2l2nT
-----END CERTIFICATE-----

seems to be okay

but the one thing I can't do it verify it. seems lilke
C=US, O=Network Solutions L.L.C., CN=Network Solutions Certificate Authority
is missing from my rootCA bundle.

would that be enough to cause this ?

Alex


More information about the squid-users mailing list