[squid-users] SSL errors with Squid 3.5.27
Julian Perconti
vh1988 at yahoo.com.ar
Mon Jun 18 11:31:39 UTC 2018
> have you tried -servername option for setting SNI extension?
How can i do this?
Well, debbuging cache.log i found this:
2018/06/18 08:22:08.822 kid1| 83,5| support.cc(300) ssl_verify_cb: Self signed certificate in certificate chain: /CN=courier.push.apple.com/O=Apple Inc./ST=California/C=US
2018/06/18 08:22:08.822 kid1| 83,7| bio.cc(168) stateChanged: FD 16 now: 0x4008 3RSC_B (SSLv3 read server certificate B)
2018/06/18 08:22:08.822 kid1| 83,7| bio.cc(168) stateChanged: FD 16 now: 0x1002 3RSC_B (SSLv3 read server certificate B)
2018/06/18 08:22:08.823 kid1| Error negotiating SSL on FD 16: error:14007086:SSL routines:CONNECT_CR_CERT:certificate verify failed (1/-1/0)
2018/06/18 08:22:08.825 kid1| 4,3| errorpage.cc(1100) Convert: errorConvert: %%D --> 'Self-signed SSL Certificate in chain: /C=US/O=Apple Inc./OU=Apple Certification Authority/CN=Apple Root CA'
2018/06/18 08:22:08.830 kid1| 33,5| client_side.cc(4185) getSslContextStart: Generating SSL certificate for courier.push.apple.com using ssl_crtd.
2018/06/18 08:22:08.831 kid1| 33,5| client_side.cc(4189) getSslContextStart: SSL crtd request: new_certificate 3294 host=courier.push.apple.com
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
2018/06/18 08:22:08.831 kid1| 84,9| helper.cc(386) helperSubmit: buf[3316]=new_certificate] 3294 host=courier.push.apple.com
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
2018/06/18 08:22:08.835 kid1| 84,9| helper.cc(875) helperHandleRead: accumulated[3002]=OK] 2993 -----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
On Android devices WhatsApp Works fine, slow but it woks.
I think that the main problem resides in this line:
ssl_verify_cb: Self signed certificate in certificate chain:
courier.push.apple.com is entrust L1K chain...( if I´m not wrong)
Any idea?
More information about the squid-users
mailing list