[squid-users] ssl_crtd breaks after short time
Amos Jeffries
squid3 at treenet.co.nz
Tue Jun 2 15:05:54 UTC 2015
On 3/06/2015 2:46 a.m., Klavs Klavsen wrote:
> Amos Jeffries wrote on 06/02/2015 04:10 PM:
>> On 3/06/2015 1:45 a.m., Klavs Klavsen wrote:
>>> Thank you Amos.
>>>
>>> I'll build 3.5.5 then..
>>>
>>> any config changes I need to be aware of?
>>
>> --with-openssl instead of --enable-ssl is the only one that comes to
>> mind right now. The release notes for 3.4 and 3.5 have the lists.
>>
>
> I borrowed the spec from fedora 23.. :)
>
> After installing 3.5.5 instead - it now complains when trying to issue
> certificate :(
>
> squid cache log says:
> Error negotiating SSL connection on FD 10: error:14094412:SSL
> routines:SSL3_READ_BYTES:sslv3 alert bad certificate
>
> client gets:
> curl: (51) SSL: certificate subject name '64.233.184.103' does not match
> target host name 'www.google.com'
>
> any hints for tests I can do, to figure out the problem would be very
> much appreciated :)
James Lay has just done some good investigations in his "SSL-bump deep
dive" thread(s). Compare what he came up with to your config
Amos
More information about the squid-users
mailing list