[squid-users] cache-peer and tls
squid3 at treenet.co.nz
Sun Aug 4 03:00:52 UTC 2019
On 4/08/19 2:11 am, Eugene M. Zheganin wrote:
> I'm using squid 4.6 and I need to TLS-encrypt the session to the parent
> proxy. I have in config:
> cache_peer proxy.foo.bar parent 3129 3130 tls
Please start with "squid -k parse" and update those to the Squid-4 options.
Also, any errors/warnings mentioned about the PEM files contents need to
> But no matter what I'm doing, squid keeps telling in logs that he
> doesn't like the peer certificate:
> 2019/08/03 18:42:24 kid1| ERROR: negotiating TLS on FD 23:
> error:14090086:SSL routines:ssl3_get_server_certificate:certificate
> verify failed (1/-1/0)
> 2019/08/03 18:42:24 kid1| temporary disabling (Service Unavailable)
> digest from proxy.foo.bar
> and then he's going directly bypassing the peer. :/
> Is there any way to tell him that I don't care ?
You really should care. There is no point in TLS to a peer if you are
going to ignore whether the right peer is even being connected to.
More information about the squid-users