[squid-users] ERROR: Unknown TLS option clientca

Alex Rousskov rousskov at measurement-factory.com
Fri Jul 13 15:00:10 UTC 2018 

On 07/12/2018 11:35 PM, login mogin wrote:
> Thanks a lot, just tried the patch, sadly still not working.

If you still get "Unknown TLS option" errors when specifying clientca,
then you may not have rebuilt Squid correctly. If you no longer get
those errors, but Squid still does not ask the client for the
certificate, then follow the pull request on GitHub for more
fixes/updates -- there is more work needed to fix the bug than my
configuration parsing patch.

https://github.com/squid-cache/squid/pull/252

Alex.


> Alex Rousskov, 12 Tem 2018 Per, 22:03
> tarihinde şunu yazdı:
> 
>     On 07/12/2018 07:58 PM, login mogin wrote:
>     > Or should I report this as a bug?
> 
>     Your call, but it is a bug. You can also try the following _untested_
>     patch: https://github.com/squid-cache/squid/pull/252.patch
> 
> 
>     Good luck,
> 
>     Alex.
> 
> 
>     > On Thu, Jul 12, 2018 at 4:11 AM login mogin wrote:
>     >
>     >     Hi,
>     >
>     >     We have been using squid 3.5.23 on ubuntu 16 with the
>     configuration
>     >     clientca=CERTPATH without any problem. We decided to run the new
>     >     version squid 4.1 on ubuntu 18 with the same config. But now
>     client
>     >     certificate auth is not working anymore and we got this message on
>     >     debug:
>     >
>     >     ERROR: Unknown TLS option 'clientca=/etc/squid/cert/ca/ca.crt'
>     >     ...
>     >
>     >     Are we missing something
>     >     or http://www.squid-cache.org/Doc/config/http_port/ clientca
>     option
>     >     is broken?
>     >
>     >     By the way we also tried tls-cafile and capath options, we didn't
>     >     get any error messages with these options but still squid
>     server is
>     >     not requesting any client certificate.
>     >
>     >     Appreciate the help.
>     >
>     >     Regards,
>     >     Logan
>     >
>     >
>     >
>     > _______________________________________________
>     > squid-users mailing list
>     > squid-users at lists.squid-cache.org
>     <mailto:squid-users at lists.squid-cache.org>
>     > http://lists.squid-cache.org/listinfo/squid-users
>     >
>

More information about the squid-users mailing list