[squid-users] (no subject)

Amos Jeffries squid3 at treenet.co.nz
Wed Dec 13 02:53:55 UTC 2017


On 13/12/17 14:11, 赵 俊 wrote:
> Hi,
> 
> When I access SVN ,I want to bump SVN connection.
> 
> 
> Error like this:
> 
> 
> The following error was encountered while trying to retrieve the URL: 
> https://WIN-BEOUENL2N6U/*
> 
>     *Failed to establish a secure connection to 192.168.52.6*
> 
> The system returned:
> 
>     (71) Protocol error (TLS code: X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY)
> 
>     SSL Certficate error: certificate issuer (CA) not known:
>     /CN=WIN-BEOUENL2N6U
> 
> This proxy and the remote host failed to negotiate a mutually acceptable 
> security settings for handling your request. It is possible that the 
> remote host does not support secure connections, or the proxy is not 
> satisfied with the host security credentials.
> 
> 
> My squid.conf :
> 
> acl ssl_step1 at_step SslBump1
> acl ssl_step2 at_step SslBump2
> acl ssl_step3 at_step SslBump3
> 
> ssl_bump stare ssl_step1
> ssl_bump bump ssl_step2
> ssl_bump terminate ssl_step3
> 
> May  i  solve this problem,if I go to the official certification  
> organization certificating myCA ?
> 

Not really. There are two problems;

The first problem is that you are using host names instead of domain name.
 
<https://superuser.com/questions/59093/difference-between-host-name-and-domain-name/59094>


The second problem is that you are bumping at SSL-Bump step #2 before 
any of the real server details are available to Squid.


Amos


More information about the squid-users mailing list