[squid-users] Communication fails between parent and child if using SSL/TLS

Jānis je at ktf.rtu.lv
Sun Mar 26 11:56:32 UTC 2017


Hi!

theoretically, I have configured two squids in a parent-child cache structure.

It works perfectly if it is just "plaintext" communications, but is i  
set the to use ssl (for non https traffic),
the following error occurs:
X-Squid-Error: ERR_CONNECT_FAIL 111

and

TCP connection to PARENT/PORT failed

pop: lookup for key {PARENT/PORT} failed

child's cache_peer config:

cache_peer PARENT parent PORT 0 proxy-only ssl \
            sslcert=/path/to/cert.pem \
            sslkey=/path/to/key.key \
            sslflags=DONT_VERIFY_PEER

parent's:

https_port PORT \
     cert=/path/to/parent/cert.pem \
     key=/path/to/parent/key.key \
     sslflags=NO_DEFAULT_CA

yes, and parent for some reason is not listening on PORT (according to  
netstat -l -n)

connection for child to parent - allowed (is stay the same either for  
non-ssl or ssl-enabled cfg.

squid's .configure:
   --prefix=/usr \
   --libdir=/usr/lib${LIBDIRSUFFIX} \
   --sysconfdir=/etc/squid \
   --localstatedir=/var/log/squid \
   --datadir=/usr/share/squid \
   --with-pidfile=/var/run/squid \
   --mandir=/usr/man \
   --with-logdir=/var/log/squid \
   --disable-devpoll \
   --enable-snmp \
   --enable-ssl \
   --enable-linux-netfilter \
   --enable-async-io \
   --disable-translation \
   --build=$ARCH-slackware-linux

What disappoints - with older version of squid it worked. The upgrade  
turned it down.


More information about the squid-users mailing list