[squid-users] FW: squid tproxy ssl-bump and Protocol error (TLS code: SQUID_ERR_SSL_HANDSHAKE)

Mon Oct 10 18:55:09 UTC 2016

Thanks for the details!
My SPEC for squid 4.0 seems pretty similar to yours but I haven't published for Fedora 24 yet.

Eliezer

----
Eliezer Croitoru
Linux System Administrator
Mobile+WhatsApp: +972-5-28704261
Email: eliezer at ngtech.co.il


-----Original Message-----
From: Marc [mailto:gaardiolor at gmail.com] 
Sent: Monday, October 10, 2016 4:54 PM
To: Eliezer Croitoru
Cc: squid-users at lists.squid-cache.org
Subject: Re: [squid-users] FW: squid tproxy ssl-bump and Protocol error (TLS code: SQUID_ERR_SSL_HANDSHAKE)

On Mon, Oct 10, 2016 at 11:41 AM, Eliezer Croitoru <eliezer at ngtech.co.il> wrote:
> Thanks for updating!
>
> May I ask what version of Linux are you using squid ontop?
> I have released couple RPMs and am working on releasing a drop-in tar.xz for debian based systems.

Yeah sure, I'm using Fedora Core 24.
- Installed squid source RPM
- changed the specfile; changed version, removed patches, removed some
configure flags, added --disable-strict-error-checking otherwise it
didn't want to compile.
- built a new rpm .. works on my system, but ymmv
- patch against the Fedora source rpm spec file:

--- rpmbuild-squid-3.5.21/SPECS/squid.spec      2016-10-09
00:33:42.490934810 +0200
+++ rpmbuild-squid-4.0.14/SPECS/squid.spec      2016-10-09
17:33:26.739659533 +0200
@@ -1,7 +1,7 @@
 %define __perl_requires %{SOURCE98}

 Name:     squid
-Version:  3.5.21
+Version:  4.0.14
 Release:  1%{?dist}
 Summary:  The Squid proxy caching server
 Epoch:    7
@@ -9,8 +9,8 @@
 License:  GPLv2+ and (LGPLv2+ and MIT and BSD and Public Domain)
 Group:    System Environment/Daemons
 URL:      http://www.squid-cache.org
-Source0:  http://www.squid-cache.org/Versions/v3/3.5/squid-%{version}.tar.xz
-Source1:  http://www.squid-cache.org/Versions/v3/3.5/squid-%{version}.tar.xz.asc
+Source0:  http://www.squid-cache.org/Versions/v4/squid-%{version}.tar.xz
+Source1:  http://www.squid-cache.org/Versions/v4/squid-%{version}.tar.xz.asc
 Source2:  squid.logrotate
 Source3:  squid.sysconfig
 Source4:  squid.pam
@@ -27,11 +27,6 @@
 # Local patches
 # Applying upstream patches first makes it less likely that local patches
 # will break upstream ones.
-Patch201: squid-3.1.0.9-config.patch
-Patch202: squid-3.1.0.9-location.patch
-Patch203: squid-3.0.STABLE1-perlpath.patch
-Patch204: squid-3.5.9-include-guards.patch
-Patch205: 0001-cppunit-config-no-longer-exists-use-pkg-config.patch

 Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 Requires: bash >= 2.0
@@ -87,11 +82,6 @@
 # Backported patches

 # Local patches
-%patch201 -p1 -b .config
-%patch202 -p1 -b .location
-%patch203 -p1 -b .perlpath
-%patch204 -p0 -b .include-guards
-%patch205 -p1 -b .cppunit-config

 %build
 # cppunit-config patch changes configure.ac
@@ -114,8 +104,8 @@
    --enable-eui \
    --enable-follow-x-forwarded-for \
    --enable-auth \
-   --enable-auth-basic="DB,LDAP,MSNT-multi-domain,NCSA,NIS,PAM,POP3,RADIUS,SASL,SMB,getpwnam"
\
-   --enable-auth-ntlm="smb_lm,fake" \
+   --enable-auth-basic="DB,LDAP,NCSA,NIS,PAM,POP3,RADIUS,SASL,SMB,getpwnam" \
+   --enable-auth-ntlm="fake" \
    --enable-auth-digest="file,LDAP" \
    --enable-auth-negotiate="kerberos" \
    --enable-external-acl-helpers="LDAP_group,time_quota,session,unix_group,wbinfo_group"
\
@@ -145,7 +135,8 @@
    --with-openssl \
    --with-pthreads \
    --disable-arch-native \
-   --with-pic
+   --with-pic \
+   --disable-strict-error-checking

 make \
        DEFAULT_SWAP_DIR=%{_localstatedir}/spool/squid \
@@ -191,7 +182,7 @@
 install -m 644 %{SOURCE5}
$RPM_BUILD_ROOT%{_sysconfdir}/NetworkManager/dispatcher.d/20-squid
 mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/log/squid
 mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/spool/squid
-chmod 644 contrib/url-normalizer.pl contrib/rredir.* contrib/user-agents.pl
+chmod 644 contrib/url-normalizer.pl contrib/user-agents.pl
 iconv -f ISO88591 -t UTF8 ChangeLog -o ChangeLog.tmp
 mv -f ChangeLog.tmp ChangeLog

@@ -213,7 +204,7 @@
 %defattr(-,root,root,-)
 %license COPYING
 %doc CONTRIBUTORS README ChangeLog QUICKSTART src/squid.conf.documented
-%doc contrib/url-normalizer.pl contrib/rredir.* contrib/user-agents.pl
+%doc contrib/url-normalizer.pl contrib/user-agents.pl

 %{_unitdir}/squid.service
 %attr(755,root,root) %dir %{_libexecdir}/squid
@@ -286,6 +277,9 @@

