[squid-users] HTTPS reverse proxy: SSL Certficate verification failed

Amos Jeffries squid3 at treenet.co.nz
Tue Apr 18 10:42:40 UTC 2017


On 18/04/17 21:29, Eric Veiras Galisson wrote:
> I'm back with more information about my problem.
>
> I put squid in front of https://fr.wikipedia.org, I generated a false 
> certificate for my test to avoid problems with my browser and... I 
> still have a problem with squid, the same as before.
>
> I'm thinking that my problem does not come from the upstream 
> certificate itself (which could be the case with ours, but I don't 
> think about wikipedia's ;) and that the root cause is my custom squid 
> build.
>
> I'm running squid Debian Jessie version 3.4.8-6+deb8u4 and I 
> recompiled adding the following options:
> - --enable-ssl --with-open-ssl="/etc/ssl/openssl.cnf"
> - --enable-ssl --with-open-ssl
> - --enable-ssl
> - --enable-ssl --with-open-ssl --with-ssl-crtd
>
> I tried these combinations and none of them solve my problem. I think 
> I may be missing some important compilation option but I can't find which.

You should use: --enable-ssl-crtd --with-openssl


The --enable-ssl option is obsolete.

The --with-openssl option takes a path to where the openssl development 
files are installed. Somehow I doubt that you have a library installed 
as /etc/ssl/openssl.cnf/openssl/libssl.a. When building against the 
systems default openssl installation you can omit the path. You only 
need it if you are building a custom Squid against a custom openssl.


Amos



More information about the squid-users mailing list