[squid-users] Got [No Error] (TLS code: SQUID_ERR_SSL_HANDSHAKE)
Alex Rousskov
rousskov at measurement-factory.com
Mon Mar 18 14:03:56 UTC 2019
On 3/17/19 1:22 AM, Itai Tieger wrote:
> I'm using squid 4.4 compiled with openssl 1.1.0.
> Sometimes when I try to access a site, I get this error:
> (TLS code: SQUID_ERR_SSL_HANDSHAKE) Handshake with SSL server failed: [No Error]
> how can I debug it myself?
Since the error is probably detected inside OpenSSL SSL_connect(), I
would start by extracting the corresponding server certificate from the
packet capture and asking OpenSSL library on the Squid box to validate it.
> I also get many
> 32 2019/02/25 00:09:19 kid1| ERROR: negotiating TLS on FD 43:
> error:1416F086:SSL routines:tls_process_server_certificate:certificate
> verify failed (1/-1/0)
> in the log, might be related... ?
It is -- SQUID_ERR_SSL_HANDSHAKE is only returned after printing the
above level-1 message AFAICT.
BTW, if Squid does not relay the above OpenSSL error details to the
error page, it is a Squid bug or deficiency.
Alex.
More information about the squid-users
mailing list