[squid-users] Fetch missing certificate feature of Squid_v4
christof.gerber1 at gmail.com
Mon Aug 20 09:10:17 UTC 2018
I am wondering how to verify the feature "Fetch missing certificate"
which was added to Squid v4.
I tried to trigger the feature by requesting some domains via squid
which lack the intermediate certificate (e.g. www.facworld.com,
Because of the following observation I believe something is not
1. Curl retruns with a "SSL certificate problem: Invalid certificate
chain" in all three cases
2. By enabling 33,5 83,5 81,5 88,3 logging and analysing the log trace
I get the feeling that the code of the feature is not called (->
missing certificate not downloaded). See the log trace in the
I verified that these domains deliver an incomplete certificate by:
$ openssl s_client -connect taas.citrix.com:443 -showcerts -verify 32
Which returns "Verify return code: 21 (unable to verify the first
certificate)" for all of them
1. How to verify that the feature is working? Am I doing something wrong?
2. Is this feature always on or do I have to configure/enable it in Squid v4?
Squid Cache: Version v4.0-6d8f397398995c4512cb045920ee2747cc6b14f8
Email: christof.gerber1 at gmail.com
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 25615 bytes
Desc: not available
More information about the squid-users