[squid-users] Squid 4.x: Intermediate certificates downloader

Yuri Voinov yvoinov at gmail.com
Tue Jan 24 17:48:46 UTC 2017 

Hm. Another question.

It seems 4.0.17 tries to download certs:

1485279884.648      0 - TCP_DENIED/403 3574 GET
http://repository.certum.pl/ca.cer - HIER_NONE/- text/html;charset=utf-8

but gives deny somewhere.

However, same URL with wget via same proxy works:

root @ khorne /patch # wget -S http://repository.certum.pl/ca.cer
--2017-01-24 23:46:37--  http://repository.certum.pl/ca.cer
Connecting to 127.0.0.1:3128... connected.
Proxy request sent, awaiting response...
  HTTP/1.1 200 OK
  Content-Type: text/plain; charset=UTF-8
  Content-Length: 784
  Last-Modified: Fri, 07 Mar 2014 10:05:14 GMT
  ETag: "34231-310-63d6aa80"
  X-Cached: MISS
  Server: NetDNA-cache/2.2
  X-Cache: HIT
  Accept-Ranges: bytes
  X-Origin-Date: Mon, 23 Jan 2017 06:12:38 GMT
  Date: Tue, 24 Jan 2017 17:46:37 GMT
  X-Cache-Age: 128039
  X-Cache: HIT from khorne
  X-Cache-Lookup: HIT from khorne:3128
  Connection: keep-alive
Length: 784 [text/plain]
Saving to: 'ca.cer.2'

ca.cer.2            100%[==================>]     784  --.-KB/s    in
0s     

2017-01-24 23:46:37 (95.7 MB/s) - 'ca.cer.2' saved [784/784]

Why? Downloader requires special ACL? Or something else undocumented?


24.01.2017 5:08, Amos Jeffries пишет:
> On 24/01/2017 7:06 a.m., Marcus Kool wrote:
>>
>> On 23/01/17 15:31, Alex Rousskov wrote:
>>> On 01/23/2017 04:28 AM, Yuri wrote:
>>>
>>>> 1. How does it work?
>>> My response below and the following commit message might answer some of
>>> your questions:
>>>
>>>     http://bazaar.launchpad.net/~squid/squid/5/revision/14769
>> This seems that the feature only goes to Squid 5.  Will it be ported to
>> Squid 4 ?
> rev.14769 is from before Squid-5 existed (rev.14932). The commits
> labeled 'trunk' at that time were Squid-4.
>
> Amos
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x613DEC46.asc
Type: application/pgp-keys
Size: 2437 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20170124/2f5026e8/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20170124/2f5026e8/attachment.sig>

More information about the squid-users mailing list