<html><head></head><body><div style="color:#000; background-color:#fff; font-family:Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:13px"><div id="yui_3_16_0_ym19_1_1492528168938_5241"><span>Would you mind sharing the script you use?</span></div><div></div><div id="yui_3_16_0_ym19_1_1492528168938_5242"> </div><div class="signature" id="yui_3_16_0_ym19_1_1492528168938_5243">oliver@lennox-it.uk<br><a rel="nofollow" target="_blank" href="http://lennox-it.uk/">lennox-it.uk</a><br>tel: 07900 648 252</div><div class="qtdSeparateBR" id="yui_3_16_0_ym19_1_1492528168938_5244"><br><br></div><div class="yahoo_quoted" id="yui_3_16_0_ym19_1_1492528168938_5251" style="display: block;"> <div style="font-family: Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 13px;" id="yui_3_16_0_ym19_1_1492528168938_5250"> <div style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, Sans-Serif; font-size: 16px;" id="yui_3_16_0_ym19_1_1492528168938_5249"> <div dir="ltr" id="yui_3_16_0_ym19_1_1492528168938_5248"> <font size="2" face="Arial" id="yui_3_16_0_ym19_1_1492528168938_5252"> <hr size="1"> <b><span style="font-weight:bold;">From:</span></b> Yuri Voinov <yvoinov@gmail.com><br> <b><span style="font-weight: bold;">To:</span></b> Olly Lennox <oliver@lennox-it.uk>; "squid-users@lists.squid-cache.org" <squid-users@lists.squid-cache.org> <br> <b><span style="font-weight: bold;">Sent:</span></b> Tuesday, 18 April 2017, 16:00<br> <b><span style="font-weight: bold;">Subject:</span></b> Re: [squid-users] HTTPS woes<br> </font> </div> <div class="y_msg_container" id="yui_3_16_0_ym19_1_1492528168938_5253"><br><div id="yiv1902097244"><div id="yui_3_16_0_ym19_1_1492528168938_5255">
<div id="yui_3_16_0_ym19_1_1492528168938_5254">I have automated cron job to refresh Mozilla CA's bundle by
monthly basis.</div>
<div id="yui_3_16_0_ym19_1_1492528168938_5256">Intermediate CA's, however, requires non-scheduled maintenance.
I've maintain it by demand.<br clear="none">
</div>
<br clear="none">
<div class="yiv1902097244moz-cite-prefix" id="yui_3_16_0_ym19_1_1492528168938_5257">18.04.2017 20:17, Olly Lennox пишет:<br clear="none">
</div>
<div class="yiv1902097244yqt9262985019" id="yiv1902097244yqt62421"><blockquote type="cite" id="yui_3_16_0_ym19_1_1492528168938_5259">
<div style="color:#000;background-color:#fff;font-family:Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:13px;" id="yui_3_16_0_ym19_1_1492528168938_5258">
<div id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_63787"><span id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_63786">Thanks Yuri! The
Mozilla Bundle has worked!! Most of the major sites seem to
be working which is all we need. How often do these
certificates refresh? Would they need updating every month
or so?</span></div>
<div id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_63788"> </div>
<div class="yiv1902097244signature" id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_63683"><a rel="nofollow" shape="rect" class="yiv1902097244moz-txt-link-abbreviated" ymailto="mailto:oliver@lennox-it.uk" target="_blank" href="mailto:oliver@lennox-it.uk">oliver@lennox-it.uk</a><br clear="none">
<a rel="nofollow" shape="rect" target="_blank" href="http://lennox-it.uk/">lennox-it.uk</a><br clear="none">
tel: 07900 648 252</div>
<div class="yiv1902097244qtdSeparateBR" id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_63628"><br clear="none">
<br clear="none">
</div>
<div class="yiv1902097244yahoo_quoted" id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_63643" style="display:block;">
<div id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_63642" style="font-family:Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:13px;">
<div id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_63641" style="font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, Sans-Serif;font-size:16px;">
<div dir="ltr" id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_63640">
<font id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_63639" face="Arial" size="2">
</font><hr id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_63638" size="1"> <b><span style="font-weight:bold;">From:</span></b>
Yuri Voinov <a rel="nofollow" shape="rect" class="yiv1902097244moz-txt-link-rfc2396E" ymailto="mailto:yvoinov@gmail.com" target="_blank" href="mailto:yvoinov@gmail.com" id="yui_3_16_0_ym19_1_1492528168938_5260"><yvoinov@gmail.com></a><br clear="none">
<b><span style="font-weight:bold;">To:</span></b>
Olly Lennox <a rel="nofollow" shape="rect" class="yiv1902097244moz-txt-link-rfc2396E" ymailto="mailto:oliver@lennox-it.uk" target="_blank" href="mailto:oliver@lennox-it.uk" id="yui_3_16_0_ym19_1_1492528168938_5261"><oliver@lennox-it.uk></a>;
<a rel="nofollow" shape="rect" class="yiv1902097244moz-txt-link-rfc2396E" ymailto="mailto:squid-users@lists.squid-cache.org" target="_blank" href="mailto:squid-users@lists.squid-cache.org">"squid-users@lists.squid-cache.org"</a>
<a rel="nofollow" shape="rect" class="yiv1902097244moz-txt-link-rfc2396E" ymailto="mailto:squid-users@lists.squid-cache.org" target="_blank" href="mailto:squid-users@lists.squid-cache.org"><squid-users@lists.squid-cache.org></a> <br clear="none">
<b><span style="font-weight:bold;">Sent:</span></b>
Tuesday, 18 April 2017, 14:43<br clear="none">
<b><span style="font-weight:bold;">Subject:</span></b>
Re: [squid-users] HTTPS woes<br clear="none">
</div>
<div class="yiv1902097244y_msg_container" id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_65900"><br clear="none">
<div id="yiv1902097244">
<div id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_65902">
<div id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_65901">You
talked about two different things.</div>
<div id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_65903">1.
root CA usually built-in in clients. For
standalone use, root CA (from Mozilla) usually
distributes with openssl distributions. If you
need (or your openssl distribution does not
contains root CAs), you can find separately
distributed Mozilla CA's by short googling: <br clear="none">
</div>
<div id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_65904"><a rel="nofollow" shape="rect" class="yiv1902097244moz-txt-link-freetext" target="_blank" href="https://www.google.com/search?q=Mozilla+CA+bundle" id="yui_3_16_0_ym19_1_1492528168938_5262">https://www.google.com/search?q=Mozilla+CA+bundle</a></div>
<div id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_65905">2.
Intermediate CA's is subordinate for roots CA. It
does not exists by gouverned repository (because
of supporting it is work, manual work and should
be do by somebody), moreover, it spreaded across
CA authorities. There is no automated tool to
support this _intermediate_list. The problem also:
intermediate CA's usuallu has much short validity
period instead of roots, and should supports all
time at time.</div>
<div id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_65906">Finally
- it you want to use Squid with SSL Bump, you
should understand PKI infrastructure and yes - you
should support root CA & intermediate CAs on
proxy by yourself all time. There is no free or
payment basis service which is do it for you.<br clear="none">
</div>
<br clear="none">
<div class="yiv1902097244moz-cite-prefix">18.04.2017
19:35, Olly Lennox пишет:<br clear="none">
</div>
<div class="yiv1902097244yqt7303733207" id="yiv1902097244yqt94043">
<blockquote id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_65908" type="cite">
<div id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_65907" style="color:#000;background-color:#fff;font-family:Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:13px;">
<div dir="ltr" id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_49171"><span id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_49209">So anyone who
wants to use Squid over HTTPS in the way
has to build this repository themselves by
manually downloading all the CA bundles?</span></div>
<div id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_49172"> </div>
<div id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_49172"><br clear="none">
</div>
<div class="yiv1902097244qtdSeparateBR" id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_65909"><br clear="none">
<br clear="none">
</div>
<div class="yiv1902097244yahoo_quoted" id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_49251" style="display:block;">
<div id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_49250" style="font-family:Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:13px;">
<div id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_49249" style="font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, Sans-Serif;font-size:16px;">
<div dir="ltr" id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_49259">
<font id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_49258" face="Arial" size="2"> </font>
<hr id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_49260" size="1"> <b><span style="font-weight:bold;">From:</span></b>
Yuri <a rel="nofollow" shape="rect" class="yiv1902097244moz-txt-link-rfc2396E" id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_65910" ymailto="mailto:yvoinov@gmail.com" target="_blank" href="mailto:yvoinov@gmail.com"><yvoinov@gmail.com></a><br clear="none">
<b><span style="font-weight:bold;">To:</span></b>
Olly Lennox <a rel="nofollow" shape="rect" class="yiv1902097244moz-txt-link-rfc2396E" id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_65911" ymailto="mailto:oliver@lennox-it.uk" target="_blank" href="mailto:oliver@lennox-it.uk"><oliver@lennox-it.uk></a>;
<a rel="nofollow" shape="rect" class="yiv1902097244moz-txt-link-rfc2396E" ymailto="mailto:squid-users@lists.squid-cache.org" target="_blank" href="mailto:squid-users@lists.squid-cache.org">"squid-users@lists.squid-cache.org"</a>
<a rel="nofollow" shape="rect" class="yiv1902097244moz-txt-link-rfc2396E" ymailto="mailto:squid-users@lists.squid-cache.org" target="_blank" href="mailto:squid-users@lists.squid-cache.org"><squid-users@lists.squid-cache.org></a>
<br clear="none">
<b><span style="font-weight:bold;">Sent:</span></b>
Tuesday, 18 April 2017, 14:03<br clear="none">
<b><span style="font-weight:bold;">Subject:</span></b>
Re: [squid-users] HTTPS woes<br clear="none">
</div>
<div class="yiv1902097244y_msg_container" id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_49248"><br clear="none">
<div id="yiv1902097244">
<div id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_49247">
<div id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_49257"><br clear="none">
</div>
<br clear="none">
<div class="yiv1902097244moz-cite-prefix" id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_49256">18.04.2017
18:56, Olly Lennox пишет:<br clear="none">
</div>
<blockquote id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_49253" type="cite">
<div id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_49252" style="color:#000;background-color:#fff;font-family:Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:13px;">
<div dir="ltr" id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_14933"><span>I'm
using </span></div>
<div dir="ltr" id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_14933"><br clear="none">
</div>
<div dir="ltr" id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_14933">sslproxy_foreign_intermediate_certs</div>
<div dir="ltr" id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_14933"><br clear="none">
</div>
<div dir="ltr" id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_14933">Is
this the same thing? <br clear="none">
</div>
</div>
</blockquote>
No. You firstly required CA roots
available for squid. CA roots and
intermediate is the different
things.<br clear="none">
<blockquote id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_49255" type="cite">
<div id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_49254" style="color:#000;background-color:#fff;font-family:Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:13px;">
<div dir="ltr" id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_14933"><br clear="none">
</div>
<div dir="ltr" id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_14933">Also
is there anywhere to get a
bundle of all the major CA
intermdiate certs or do you
have to download them all
manually?</div>
</div>
</blockquote>
No. You should build it by
yourself.
<div class="yiv1902097244yqt6360993177" id="yiv1902097244yqtfd66056"><br clear="none">
<blockquote id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_49262" type="cite">
<div id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_49261" style="color:#000;background-color:#fff;font-family:Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:13px;">
<div dir="ltr" id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_14933"><br clear="none">
</div>
<div dir="ltr" id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_14933">Cheers,</div>
<div id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_14934"> </div>
<div class="yiv1902097244signature" id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_14906"><a rel="nofollow" shape="rect" class="yiv1902097244moz-txt-link-abbreviated" id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_49263" ymailto="mailto:oliver@lennox-it.uk" target="_blank" href="mailto:oliver@lennox-it.uk">oliver@lennox-it.uk</a><br clear="none">
<a rel="nofollow" shape="rect" target="_blank" href="http://lennox-it.uk/">lennox-it.uk</a><br clear="none">
tel: 07900 648 252</div>
<div class="yiv1902097244qtdSeparateBR" id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_14935"><br clear="none">
<br clear="none">
</div>
<div class="yiv1902097244yahoo_quoted" id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_14881" style="display:block;">
<div id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_14880" style="font-family:Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:13px;">
<div id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_14879" style="font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, Sans-Serif;font-size:16px;">
<div dir="ltr" id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_14905">
<font id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_14904" face="Arial" size="2"> </font>
<hr id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_14936" size="1"> <b><span style="font-weight:bold;">From:</span></b> Yuri <a rel="nofollow" shape="rect" class="yiv1902097244moz-txt-link-rfc2396E" id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_49264" ymailto="mailto:yvoinov@gmail.com" target="_blank" href="mailto:yvoinov@gmail.com"><yvoinov@gmail.com></a><br clear="none">
<b><span style="font-weight:bold;">To:</span></b>
<a rel="nofollow" shape="rect" class="yiv1902097244moz-txt-link-abbreviated" ymailto="mailto:squid-users@lists.squid-cache.org" target="_blank" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a> <br clear="none">
<b><span style="font-weight:bold;">Sent:</span></b>
Tuesday, 18 April
2017, 13:51<br clear="none">
<b><span style="font-weight:bold;">Subject:</span></b>
Re: [squid-users]
HTTPS woes<br clear="none">
</div>
<div class="yiv1902097244y_msg_container" id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_14878"><br clear="none">
<div dir="ltr" id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_14877">Try
to specify roots
CA bundle/dir
explicity by
specifying one of
this <br clear="none">
params:<br clear="none">
<br clear="none">
<br clear="none">
# TAG:
sslproxy_cafile<br clear="none">
# file
containing CA
certificates to
use when verifying
server<br clear="none">
# certificates
while proxying <a rel="nofollow" shape="rect" class="yiv1902097244moz-txt-link-freetext" href="">https://</a>
URLs<br clear="none">
#Default:<br clear="none">
# none<br clear="none">
<br clear="none">
# TAG:
sslproxy_capath<br clear="none">
# directory
containing CA
certificates to
use when verifying<br clear="none">
# server
certificates while
proxying <a rel="nofollow" shape="rect" class="yiv1902097244moz-txt-link-freetext" href="">https://</a>
URLs<br clear="none">
#Default:<br clear="none">
# none<br clear="none">
<br clear="none">
<br clear="none">
<br clear="none">
18.04.2017 18:46,
Olly Lennox пишет:<br clear="none">
> Hi All,<br clear="none">
><br clear="none">
> Still having
problems here.
This is my https
config now:<br clear="none">
><br clear="none">
><br clear="none">
>
---------------------------------https_port
3129 intercept
ssl-bump
generate-host-certificates=on
dynamic_cert_mem_cache_size=4MB cert=/etc/squid3/ssl_cert/squid.crt
key=/etc/squid3/ssl_cert/squid.key
options=NO_SSLv3
dhparams=/etc/squid3/ssl_cert/dhparam.pem<br clear="none">
><br clear="none">
> acl step1
at_step SslBump1<br clear="none">
> ssl_bump peek
step1<br clear="none">
> ssl_bump bump
all<br clear="none">
>
sslproxy_options
NO_SSLv2,NO_SSLv3,SINGLE_DH_USE<br clear="none">
>
sslproxy_cipher
EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS<br clear="none">
><br clear="none">
>
sslcrtd_program
/usr/lib/squid3/ssl_crtd
-s /var/lib/ssl_db
-M 4MB<br clear="none">
>
sslcrtd_children 8
startup=1 idle=1<br clear="none">
><br clear="none">
>
---------------------------------<br clear="none">
><br clear="none">
><br clear="none">
> I'm running
version 3.5.23
with openssl 1.0.
I've had to
disable libecap
because I couldn't
build 3.5 with
ecap enabled. I'm
getting the
following error
when trying to
connect with SSL:<br clear="none">
><br clear="none">
>
---------------------------------<br clear="none">
><br clear="none">
> The following
error was
encountered while
trying to retrieve
the URL: <a rel="nofollow" shape="rect" target="_blank" href="https://www.google.co.uk/*">https://www.google.co.uk/*</a><br clear="none">
><br clear="none">
> Failed to
establish a secure
connection to
216.58.198.67<br clear="none">
><br clear="none">
> The system
returned:<br clear="none">
><br clear="none">
> (71) Protocol
error (TLS code:
X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY)<br clear="none">
> SSL
Certficate error:
certificate issuer
(CA) not known:
/C=US/O=Equifax/OU=Equifax
Secure Certificate
Authority<br clear="none">
><br clear="none">
> This proxy
and the remote
host failed to
negotiate a
mutually
acceptable
security settings
for handling your
request. It is
possible that the
remote host does
not support secure
connections, or
the proxy is not
satisfied with the
host security
credentials.<br clear="none">
><br clear="none">
> Your cache
administrator is
webmaster.<br clear="none">
><br clear="none">
> Generated
Tue, 18 Apr 2017
12:23:40 GMT by
raspberrypi
(squid/3.5.23)<br clear="none">
>
---------------------------------<br clear="none">
><br clear="none">
> The CA is
always listed as
not known not
matter what site I
try I always get
this error.<br clear="none">
><br clear="none">
> Any ideas?<br clear="none">
><br clear="none">
> Thanks,<br clear="none">
><br clear="none">
> Olly<br clear="none">
><br clear="none">
>
________________________________<br clear="none">
> From: Olly
Lennox <<a rel="nofollow" shape="rect" ymailto="mailto:oliver@lennox-it.uk" target="_blank" href="mailto:oliver@lennox-it.uk">oliver@lennox-it.uk</a>><br clear="none">
> To: Amos
Jeffries <<a rel="nofollow" shape="rect" ymailto="mailto:squid3@treenet.co.nz" target="_blank" href="mailto:squid3@treenet.co.nz">squid3@treenet.co.nz</a>>;
"<a rel="nofollow" shape="rect" ymailto="mailto:squid-users@lists.squid-cache.org" target="_blank" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a>"
<<a rel="nofollow" shape="rect" ymailto="mailto:squid-users@lists.squid-cache.org" target="_blank" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a>><br clear="none">
> Sent: Sunday,
16 April 2017,
9:31<br clear="none">
> Subject: Re:
[squid-users]
HTTPS woes<br clear="none">
><br clear="none">
><br clear="none">
><br clear="none">
> Thanks Amos,
it's finally built
but I had to
disabled ecap, for
whatever reason
this kept failing
(with version
1.0.1 installed).
It failed on a
reference to the
Area function I
think but I don't
have the error
message copied.
I'm trying now to
configure the ssl
stare/peek and
will let you know
how it goes.<br clear="none">
><br clear="none">
> Olly<br clear="none">
> <br clear="none">
> <a rel="nofollow" shape="rect" ymailto="mailto:oliver@lennox-it.uk" target="_blank" href="mailto:oliver@lennox-it.uk">oliver@lennox-it.uk</a><br clear="none">
> lennox-it.uk<br clear="none">
> tel: 07900
648 252<br clear="none">
><br clear="none">
><br clear="none">
><br clear="none">
>
________________________________<br clear="none">
> From: Amos
Jeffries <<a rel="nofollow" shape="rect" ymailto="mailto:squid3@treenet.co.nz" target="_blank" href="mailto:squid3@treenet.co.nz">squid3@treenet.co.nz</a>><br clear="none">
> To: <a rel="nofollow" shape="rect" ymailto="mailto:squid-users@lists.squid-cache.org" target="_blank" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a><br clear="none">
> Sent:
Saturday, 15 April
2017, 23:07<br clear="none">
> Subject: Re:
[squid-users]
HTTPS woes<br clear="none">
><br clear="none">
><br clear="none">
><br clear="none">
> On 15/04/2017
9:59 a.m., Olly
Lennox wrote:<br clear="none">
>> Hi Guys.<br clear="none">
>> I'm still
struggling with
this. I'm trying
to build a version
of 3.5 but I just
can't get it to
work. I'm
currently
attempting to
rebuild the
stretch package
with SSL enabled
but build keeps
failing with the
following:<br clear="none">
>>
../../src/ssl/gadgets.h:83:45:
error:
âCRYPTO_LOCK_X509â
was not declared
in this scope
typedef
LockingPointer<X509,
X509_free_cpp,
CRYPTO_LOCK_X509>
X509_Pointer;
^~~~~~~~~~~~~~~~../../src/ssl/gadgets.h:83:61:
error: template
argument 3 is
invalid typedef
LockingPointer<X509,
X509_free_cpp,
CRYPTO_LOCK_X509>
X509_Pointer;
^../../src/ssl/gadgets.h:89:53: error: âCRYPTO_LOCK_EVP_PKEYâ was not
declared in this
scope typedef
LockingPointer<EVP_PKEY,
EVP_PKEY_free_cpp,
CRYPTO_LOCK_EVP_PKEY> EVP_PKEY_Pointer;
^~~~~~~~~~~~~~~~~~~~../../src/ssl/gadgets.h:89:73:
error: template
argument 3 is
invalid typedef
LockingPointer<EVP_PKEY,
EVP_PKEY_free_cpp,
CRYPTO_LOCK_EVP_PKEY> EVP_PKEY_Pointer;
^../../src/ssl/gadgets.h:116:43:
error:
âCRYPTO_LOCK_SSLâ
was not declared
in this scope
typedef
LockingPointer<SSL,
SSL_free_cpp,
CRYPTO_LOCK_SSL>
SSL_Pointer;
^~~~~~~~~~~~~~~../../src/ssl/gadgets.h:116:58: error: template argument
3 is invalid
typedef
LockingPointer<SSL,
SSL_free_cpp,
CRYPTO_LOCK_SSL>
SSL_Pointer;
^<br clear="none">
>> Any
ideas?<br clear="none">
><br clear="none">
><br clear="none">
> On
Jesse/stable:<br clear="none">
><br clear="none">
> apt-get
build-dep squid3<br clear="none">
> apt-get
install libss-dev<br clear="none">
><br clear="none">
><br clear="none">
> On
stretch/testing/unstable:<br clear="none">
><br clear="none">
> apt-get
build-dep squid<br clear="none">
> apt-get
install
libss1.0-dev<br clear="none">
><br clear="none">
><br clear="none">
> That should
do it for you.<br clear="none">
><br clear="none">
> Amos<br clear="none">
><br clear="none">
><br clear="none">
>
_______________________________________________<br clear="none">
> squid-users
mailing list<br clear="none">
> <a rel="nofollow" shape="rect" ymailto="mailto:squid-users@lists.squid-cache.org" target="_blank" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a><br clear="none">
> <a rel="nofollow" shape="rect" target="_blank" href="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</a><br clear="none">
><br clear="none">
><br clear="none">
><br clear="none">
>
_______________________________________________<br clear="none">
> squid-users
mailing list<br clear="none">
> <a rel="nofollow" shape="rect" ymailto="mailto:squid-users@lists.squid-cache.org" target="_blank" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a><br clear="none">
> <a rel="nofollow" shape="rect" target="_blank" href="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</a>
<div class="yiv1902097244yqt8677547277" id="yiv1902097244yqtfd81681"><br clear="none">
>
_______________________________________________<br clear="none">
> squid-users
mailing list<br clear="none">
> <a rel="nofollow" shape="rect" ymailto="mailto:squid-users@lists.squid-cache.org" target="_blank" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a><br clear="none">
> <a rel="nofollow" shape="rect" target="_blank" href="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</a><br clear="none">
<br clear="none">
<br clear="none">
_______________________________________________<br clear="none">
squid-users
mailing list<br clear="none">
<a rel="nofollow" shape="rect" ymailto="mailto:squid-users@lists.squid-cache.org" target="_blank" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a><br clear="none">
<a rel="nofollow" shape="rect" target="_blank" href="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</a><br clear="none">
</div>
</div>
<br clear="none">
<br clear="none">
</div>
</div>
</div>
</div>
</div>
</blockquote>
<br clear="none">
</div>
</div>
</div>
<br clear="none">
<br clear="none">
</div>
</div>
</div>
</div>
</div>
</blockquote>
</div>
<br clear="none">
<div class="yiv1902097244moz-signature">-- <br clear="none">
Bugs to the Future</div>
</div>
</div>
<br clear="none">
<br clear="none">
</div>
</div>
</div>
</div>
</div>
</blockquote></div>
<br clear="none">
<div class="yiv1902097244moz-signature">-- <br clear="none">
Bugs to the Future</div>
</div></div><br><br></div> </div> </div> </div></div></body></html>