<html>
  <head>
    <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    First of all,<br>
    <br>
    read this:<br>
    <br>
    <a class="moz-txt-link-freetext" href="http://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit">http://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit</a><br>
    <br>
    Second - no way to find what site generates this error excluding
    user complains.<br>
    <br>
    WBR, Yuri.<br>
    <br>
    <div class="moz-cite-prefix">11.02.15 11:25, Luis Miguel Silva
      пишет:<br>
    </div>
    <blockquote
cite="mid:CA+suCFgq33avo4GBkcmCFnZFarRM70Ne6sO8Eb2gboLgj4mX2w@mail.gmail.com"
      type="cite">
      <div dir="ltr">Dear all,
        <div><br>
        </div>
        <div>I'm seeing several error messages in my cache.log,
          complaining that the destination certificate is invalid:</div>
        <div>
          <div>2015/02/08 19:27:28 kid1| fwdNegotiateSSL: Error
            negotiating SSL connection on FD 22: error:14090086:SSL
            routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify
            failed (1/-1/0)</div>
          <div>2015/02/08 19:27:28 kid1| clientNegotiateSSL: Error
            negotiating SSL connection on FD 20: error:14094418:SSL
            routines:SSL3_READ_BYTES:tlsv1 alert unknown ca (1/0)</div>
          <div>2015/02/08 19:27:32 kid1| fwdNegotiateSSL: Error
            negotiating SSL connection on FD 50: error:14090086:SSL
            routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify
            failed (1/-1/0)</div>
          <div>2015/02/08 19:27:33 kid1| clientNegotiateSSL: Error
            negotiating SSL connection on FD 49: error:14094416:SSL
            routines:SSL3_READ_BYTES:sslv3 alert certificate unknown
            (1/0)</div>
          <div>2015/02/08 19:27:33 kid1| fwdNegotiateSSL: Error
            negotiating SSL connection on FD 50: error:14090086:SSL
            routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify
            failed (1/-1/0)</div>
          <div>2015/02/08 19:27:33 kid1| clientNegotiateSSL: Error
            negotiating SSL connection on FD 49: error:14094418:SSL
            routines:SSL3_READ_BYTES:tlsv1 alert unknown ca (1/0)</div>
          <div>2015/02/08 19:27:34 kid1| clientNegotiateSSL: Error
            negotiating SSL connection on FD 49: error:14094418:SSL
            routines:SSL3_READ_BYTES:tlsv1 alert unknown ca (1/0)</div>
          <div>2015/02/08 19:27:37 kid1| clientNegotiateSSL: Error
            negotiating SSL connection on FD 50: error:14094418:SSL
            routines:SSL3_READ_BYTES:tlsv1 alert unknown ca (1/0)</div>
          <div>2015/02/08 19:27:37 kid1| fwdNegotiateSSL: Error
            negotiating SSL connection on FD 51: error:14090086:SSL
            routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify
            failed (1/-1/0)</div>
          <div>2015/02/08 19:27:37 kid1| clientNegotiateSSL: Error
            negotiating SSL connection on FD 50: error:14094416:SSL
            routines:SSL3_READ_BYTES:sslv3 alert certificate unknown
            (1/0)</div>
          <div>2015/02/08 19:27:39 kid1| fwdNegotiateSSL: Error
            negotiating SSL connection on FD 51: error:14090086:SSL
            routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify
            failed (1/-1/0)</div>
          <div>2015/02/08 19:27:39 kid1| clientNegotiateSSL: Error
            negotiating SSL connection on FD 50: error:14094416:SSL
            routines:SSL3_READ_BYTES:sslv3 alert certificate unknown
            (1/0)</div>
          <div>2015/02/08 19:27:40 kid1| clientNegotiateSSL: Error
            negotiating SSL connection on FD 50: error:14094416:SSL
            routines:SSL3_READ_BYTES:sslv3 alert certificate unknown
            (1/0)</div>
          <div>2015/02/08 19:27:40 kid1| clientNegotiateSSL: Error
            negotiating SSL connection on FD 50: error:14094416:SSL
            routines:SSL3_READ_BYTES:sslv3 alert certificate unknown
            (1/0)</div>
          <div>2015/02/08 19:27:41 kid1| clientNegotiateSSL: Error
            negotiating SSL connection on FD 50: error:14094416:SSL
            routines:SSL3_READ_BYTES:sslv3 alert certificate unknown
            (1/0)</div>
          <div>2015/02/08 19:27:42 kid1| fwdNegotiateSSL: Error
            negotiating SSL connection on FD 51: error:14090086:SSL
            routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify
            failed (1/-1/0)</div>
          <div>2015/02/08 19:27:42 kid1| clientNegotiateSSL: Error
            negotiating SSL connection on FD 50: error:14094416:SSL
            routines:SSL3_READ_BYTES:sslv3 alert certificate unknown
            (1/0)</div>
          <div>2015/02/08 19:27:42 kid1| clientNegotiateSSL: Error
            negotiating SSL connection on FD 52: error:14094416:SSL
            routines:SSL3_READ_BYTES:sslv3 alert certificate unknown
            (1/0)</div>
        </div>
        <div><br>
        </div>
        <div>Is there a way for me to intercept these and, when they
          happen, allow a direct connection between the client and the
          destination?<br>
        </div>
        <div><br>
        </div>
        <div>In other words, I want to ssl-bump ALL connections *but*,
          if we encounter certificate errors, I would like to make a
          direct connection instead. Is this possible?</div>
        <div><br>
        </div>
        <div>Thank you,</div>
        <div>Luis</div>
      </div>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
squid-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a>
<a class="moz-txt-link-freetext" href="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</a>
</pre>
    </blockquote>
    <br>
  </body>
</html>