<html><head></head><body><div style="color:#000; background-color:#fff; font-family:Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:13px"><div id="yui_3_16_0_ym19_1_1492528168938_5241"><span>Would you mind sharing the script you use?</span></div><div></div><div id="yui_3_16_0_ym19_1_1492528168938_5242"> </div><div class="signature" id="yui_3_16_0_ym19_1_1492528168938_5243">oliver@lennox-it.uk<br><a rel="nofollow" target="_blank" href="http://lennox-it.uk/">lennox-it.uk</a><br>tel: 07900 648 252</div><div class="qtdSeparateBR" id="yui_3_16_0_ym19_1_1492528168938_5244"><br><br></div><div class="yahoo_quoted" id="yui_3_16_0_ym19_1_1492528168938_5251" style="display: block;">  <div style="font-family: Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 13px;" id="yui_3_16_0_ym19_1_1492528168938_5250"> <div style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, Sans-Serif; font-size: 16px;" id="yui_3_16_0_ym19_1_1492528168938_5249"> <div dir="ltr" id="yui_3_16_0_ym19_1_1492528168938_5248"> <font size="2" face="Arial" id="yui_3_16_0_ym19_1_1492528168938_5252"> <hr size="1"> <b><span style="font-weight:bold;">From:</span></b> Yuri Voinov <yvoinov@gmail.com><br> <b><span style="font-weight: bold;">To:</span></b> Olly Lennox <oliver@lennox-it.uk>; "squid-users@lists.squid-cache.org" <squid-users@lists.squid-cache.org> <br> <b><span style="font-weight: bold;">Sent:</span></b> Tuesday, 18 April 2017, 16:00<br> <b><span style="font-weight: bold;">Subject:</span></b> Re: [squid-users] HTTPS woes<br> </font> </div> <div class="y_msg_container" id="yui_3_16_0_ym19_1_1492528168938_5253"><br><div id="yiv1902097244"><div id="yui_3_16_0_ym19_1_1492528168938_5255">
    <div id="yui_3_16_0_ym19_1_1492528168938_5254">I have automated cron job to refresh Mozilla CA's bundle by
      monthly basis.</div>
    <div id="yui_3_16_0_ym19_1_1492528168938_5256">Intermediate CA's, however, requires non-scheduled maintenance.
      I've maintain it by demand.<br clear="none">
    </div>
    <br clear="none">
    <div class="yiv1902097244moz-cite-prefix" id="yui_3_16_0_ym19_1_1492528168938_5257">18.04.2017 20:17, Olly Lennox пишет:<br clear="none">
    </div>
    <div class="yiv1902097244yqt9262985019" id="yiv1902097244yqt62421"><blockquote type="cite" id="yui_3_16_0_ym19_1_1492528168938_5259">
      <div style="color:#000;background-color:#fff;font-family:Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:13px;" id="yui_3_16_0_ym19_1_1492528168938_5258">
        <div id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_63787"><span id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_63786">Thanks Yuri! The
            Mozilla Bundle has worked!! Most of the major sites seem to
            be working which is all we need. How often do these
            certificates refresh? Would they need updating every month
            or so?</span></div>
        <div id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_63788"> </div>
        <div class="yiv1902097244signature" id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_63683"><a rel="nofollow" shape="rect" class="yiv1902097244moz-txt-link-abbreviated" ymailto="mailto:oliver@lennox-it.uk" target="_blank" href="mailto:oliver@lennox-it.uk">oliver@lennox-it.uk</a><br clear="none">
          <a rel="nofollow" shape="rect" target="_blank" href="http://lennox-it.uk/">lennox-it.uk</a><br clear="none">
          tel: 07900 648 252</div>
        <div class="yiv1902097244qtdSeparateBR" id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_63628"><br clear="none">
          <br clear="none">
        </div>
        <div class="yiv1902097244yahoo_quoted" id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_63643" style="display:block;">
          <div id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_63642" style="font-family:Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:13px;">
            <div id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_63641" style="font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, Sans-Serif;font-size:16px;">
              <div dir="ltr" id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_63640">
                <font id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_63639" face="Arial" size="2">
                  </font><hr id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_63638" size="1"> <b><span style="font-weight:bold;">From:</span></b>
                  Yuri Voinov <a rel="nofollow" shape="rect" class="yiv1902097244moz-txt-link-rfc2396E" ymailto="mailto:yvoinov@gmail.com" target="_blank" href="mailto:yvoinov@gmail.com" id="yui_3_16_0_ym19_1_1492528168938_5260"><yvoinov@gmail.com></a><br clear="none">
                  <b><span style="font-weight:bold;">To:</span></b>
                  Olly Lennox <a rel="nofollow" shape="rect" class="yiv1902097244moz-txt-link-rfc2396E" ymailto="mailto:oliver@lennox-it.uk" target="_blank" href="mailto:oliver@lennox-it.uk" id="yui_3_16_0_ym19_1_1492528168938_5261"><oliver@lennox-it.uk></a>;
                  <a rel="nofollow" shape="rect" class="yiv1902097244moz-txt-link-rfc2396E" ymailto="mailto:squid-users@lists.squid-cache.org" target="_blank" href="mailto:squid-users@lists.squid-cache.org">"squid-users@lists.squid-cache.org"</a>
                  <a rel="nofollow" shape="rect" class="yiv1902097244moz-txt-link-rfc2396E" ymailto="mailto:squid-users@lists.squid-cache.org" target="_blank" href="mailto:squid-users@lists.squid-cache.org"><squid-users@lists.squid-cache.org></a> <br clear="none">
                  <b><span style="font-weight:bold;">Sent:</span></b>
                  Tuesday, 18 April 2017, 14:43<br clear="none">
                  <b><span style="font-weight:bold;">Subject:</span></b>
                  Re: [squid-users] HTTPS woes<br clear="none">
                 </div>
              <div class="yiv1902097244y_msg_container" id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_65900"><br clear="none">
                <div id="yiv1902097244">
                  <div id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_65902">
                    <div id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_65901">You
                      talked about two different things.</div>
                    <div id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_65903">1.
                      root CA usually built-in in clients. For
                      standalone use, root CA (from Mozilla) usually
                      distributes with openssl distributions. If you
                      need (or your openssl distribution does not
                      contains root CAs), you can find separately
                      distributed Mozilla CA's by short googling: <br clear="none">
                    </div>
                    <div id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_65904"><a rel="nofollow" shape="rect" class="yiv1902097244moz-txt-link-freetext" target="_blank" href="https://www.google.com/search?q=Mozilla+CA+bundle" id="yui_3_16_0_ym19_1_1492528168938_5262">https://www.google.com/search?q=Mozilla+CA+bundle</a></div>
                    <div id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_65905">2.
                      Intermediate CA's is subordinate for roots CA. It
                      does not exists by gouverned repository (because
                      of supporting it is work, manual work and should
                      be do by somebody), moreover, it spreaded across
                      CA authorities. There is no automated tool to
                      support this _intermediate_list. The problem also:
                      intermediate CA's usuallu has much short validity
                      period instead of roots, and should supports all
                      time at time.</div>
                    <div id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_65906">Finally
                      - it you want to use Squid with SSL Bump, you
                      should understand PKI infrastructure and yes - you
                      should support root CA & intermediate CAs on
                      proxy by yourself all time. There is no free or
                      payment basis service which is do it for you.<br clear="none">
                    </div>
                    <br clear="none">
                    <div class="yiv1902097244moz-cite-prefix">18.04.2017
                      19:35, Olly Lennox пишет:<br clear="none">
                    </div>
                    <div class="yiv1902097244yqt7303733207" id="yiv1902097244yqt94043">
                      <blockquote id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_65908" type="cite">
                        <div id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_65907" style="color:#000;background-color:#fff;font-family:Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:13px;">
                          <div dir="ltr" id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_49171"><span id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_49209">So anyone who
                              wants to use Squid over HTTPS in the way
                              has to build this repository themselves by
                              manually downloading all the CA bundles?</span></div>
                          <div id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_49172"> </div>
                          <div id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_49172"><br clear="none">
                          </div>
                          <div class="yiv1902097244qtdSeparateBR" id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_65909"><br clear="none">
                            <br clear="none">
                          </div>
                          <div class="yiv1902097244yahoo_quoted" id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_49251" style="display:block;">
                            <div id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_49250" style="font-family:Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:13px;">
                              <div id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_49249" style="font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, Sans-Serif;font-size:16px;">
                                <div dir="ltr" id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_49259">
                                  <font id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_49258" face="Arial" size="2"> </font>
                                  <hr id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_49260" size="1"> <b><span style="font-weight:bold;">From:</span></b>
                                  Yuri <a rel="nofollow" shape="rect" class="yiv1902097244moz-txt-link-rfc2396E" id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_65910" ymailto="mailto:yvoinov@gmail.com" target="_blank" href="mailto:yvoinov@gmail.com"><yvoinov@gmail.com></a><br clear="none">
                                  <b><span style="font-weight:bold;">To:</span></b>
                                  Olly Lennox <a rel="nofollow" shape="rect" class="yiv1902097244moz-txt-link-rfc2396E" id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_65911" ymailto="mailto:oliver@lennox-it.uk" target="_blank" href="mailto:oliver@lennox-it.uk"><oliver@lennox-it.uk></a>;
                                  <a rel="nofollow" shape="rect" class="yiv1902097244moz-txt-link-rfc2396E" ymailto="mailto:squid-users@lists.squid-cache.org" target="_blank" href="mailto:squid-users@lists.squid-cache.org">"squid-users@lists.squid-cache.org"</a>
                                  <a rel="nofollow" shape="rect" class="yiv1902097244moz-txt-link-rfc2396E" ymailto="mailto:squid-users@lists.squid-cache.org" target="_blank" href="mailto:squid-users@lists.squid-cache.org"><squid-users@lists.squid-cache.org></a>
                                  <br clear="none">
                                  <b><span style="font-weight:bold;">Sent:</span></b>
                                  Tuesday, 18 April 2017, 14:03<br clear="none">
                                  <b><span style="font-weight:bold;">Subject:</span></b>
                                  Re: [squid-users] HTTPS woes<br clear="none">
                                </div>
                                <div class="yiv1902097244y_msg_container" id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_49248"><br clear="none">
                                  <div id="yiv1902097244">
                                    <div id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_49247">
                                      <div id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_49257"><br clear="none">
                                      </div>
                                      <br clear="none">
                                      <div class="yiv1902097244moz-cite-prefix" id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_49256">18.04.2017
                                        18:56, Olly Lennox пишет:<br clear="none">
                                      </div>
                                      <blockquote id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_49253" type="cite">
                                        <div id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_49252" style="color:#000;background-color:#fff;font-family:Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:13px;">
                                          <div dir="ltr" id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_14933"><span>I'm
                                              using </span></div>
                                          <div dir="ltr" id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_14933"><br clear="none">
                                          </div>
                                          <div dir="ltr" id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_14933">sslproxy_foreign_intermediate_certs</div>
                                          <div dir="ltr" id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_14933"><br clear="none">
                                          </div>
                                          <div dir="ltr" id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_14933">Is
                                            this the same thing? <br clear="none">
                                          </div>
                                        </div>
                                      </blockquote>
                                      No. You firstly required CA roots
                                      available for squid. CA roots and
                                      intermediate is the different
                                      things.<br clear="none">
                                      <blockquote id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_49255" type="cite">
                                        <div id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_49254" style="color:#000;background-color:#fff;font-family:Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:13px;">
                                          <div dir="ltr" id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_14933"><br clear="none">
                                          </div>
                                          <div dir="ltr" id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_14933">Also
                                            is there anywhere to get a
                                            bundle of all the major CA
                                            intermdiate certs or do you
                                            have to download them all
                                            manually?</div>
                                        </div>
                                      </blockquote>
                                      No. You should build it by
                                      yourself.
                                      <div class="yiv1902097244yqt6360993177" id="yiv1902097244yqtfd66056"><br clear="none">
                                        <blockquote id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_49262" type="cite">
                                          <div id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_49261" style="color:#000;background-color:#fff;font-family:Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:13px;">
                                            <div dir="ltr" id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_14933"><br clear="none">
                                            </div>
                                            <div dir="ltr" id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_14933">Cheers,</div>
                                            <div id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_14934"> </div>
                                            <div class="yiv1902097244signature" id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_14906"><a rel="nofollow" shape="rect" class="yiv1902097244moz-txt-link-abbreviated" id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_49263" ymailto="mailto:oliver@lennox-it.uk" target="_blank" href="mailto:oliver@lennox-it.uk">oliver@lennox-it.uk</a><br clear="none">
                                              <a rel="nofollow" shape="rect" target="_blank" href="http://lennox-it.uk/">lennox-it.uk</a><br clear="none">
                                              tel: 07900 648 252</div>
                                            <div class="yiv1902097244qtdSeparateBR" id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_14935"><br clear="none">
                                              <br clear="none">
                                            </div>
                                            <div class="yiv1902097244yahoo_quoted" id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_14881" style="display:block;">
                                              <div id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_14880" style="font-family:Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:13px;">
                                                <div id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_14879" style="font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, Sans-Serif;font-size:16px;">
                                                  <div dir="ltr" id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_14905">
                                                    <font id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_14904" face="Arial" size="2"> </font>
                                                    <hr id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_14936" size="1"> <b><span style="font-weight:bold;">From:</span></b> Yuri <a rel="nofollow" shape="rect" class="yiv1902097244moz-txt-link-rfc2396E" id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_49264" ymailto="mailto:yvoinov@gmail.com" target="_blank" href="mailto:yvoinov@gmail.com"><yvoinov@gmail.com></a><br clear="none">
                                                    <b><span style="font-weight:bold;">To:</span></b>
                                                    <a rel="nofollow" shape="rect" class="yiv1902097244moz-txt-link-abbreviated" ymailto="mailto:squid-users@lists.squid-cache.org" target="_blank" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a> <br clear="none">
                                                    <b><span style="font-weight:bold;">Sent:</span></b>
                                                    Tuesday, 18 April
                                                    2017, 13:51<br clear="none">
                                                    <b><span style="font-weight:bold;">Subject:</span></b>
                                                    Re: [squid-users]
                                                    HTTPS woes<br clear="none">
                                                  </div>
                                                  <div class="yiv1902097244y_msg_container" id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_14878"><br clear="none">
                                                    <div dir="ltr" id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_14877">Try
                                                      to specify roots
                                                      CA bundle/dir
                                                      explicity by
                                                      specifying one of
                                                      this <br clear="none">
                                                      params:<br clear="none">
                                                      <br clear="none">
                                                      <br clear="none">
                                                      #  TAG:
                                                      sslproxy_cafile<br clear="none">
                                                      #    file
                                                      containing CA
                                                      certificates to
                                                      use when verifying
                                                      server<br clear="none">
                                                      #    certificates
                                                      while proxying <a rel="nofollow" shape="rect" class="yiv1902097244moz-txt-link-freetext" href="">https://</a>
                                                      URLs<br clear="none">
                                                      #Default:<br clear="none">
                                                      # none<br clear="none">
                                                      <br clear="none">
                                                      #  TAG:
                                                      sslproxy_capath<br clear="none">
                                                      #    directory
                                                      containing CA
                                                      certificates to
                                                      use when verifying<br clear="none">
                                                      #    server
                                                      certificates while
                                                      proxying <a rel="nofollow" shape="rect" class="yiv1902097244moz-txt-link-freetext" href="">https://</a>
                                                      URLs<br clear="none">
                                                      #Default:<br clear="none">
                                                      # none<br clear="none">
                                                      <br clear="none">
                                                      <br clear="none">
                                                      <br clear="none">
                                                      18.04.2017 18:46,
                                                      Olly Lennox пишет:<br clear="none">
                                                      > Hi All,<br clear="none">
                                                      ><br clear="none">
                                                      > Still having
                                                      problems here.
                                                      This is my https
                                                      config now:<br clear="none">
                                                      ><br clear="none">
                                                      ><br clear="none">
                                                      >
                                                      ---------------------------------https_port
                                                      3129 intercept
                                                      ssl-bump
                                                      generate-host-certificates=on
dynamic_cert_mem_cache_size=4MB cert=/etc/squid3/ssl_cert/squid.crt
                                                      key=/etc/squid3/ssl_cert/squid.key
                                                      options=NO_SSLv3
                                                      dhparams=/etc/squid3/ssl_cert/dhparam.pem<br clear="none">
                                                      ><br clear="none">
                                                      > acl step1
                                                      at_step SslBump1<br clear="none">
                                                      > ssl_bump peek
                                                      step1<br clear="none">
                                                      > ssl_bump bump
                                                      all<br clear="none">
                                                      >
                                                      sslproxy_options
                                                      NO_SSLv2,NO_SSLv3,SINGLE_DH_USE<br clear="none">
                                                      >
                                                      sslproxy_cipher
EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS<br clear="none">
                                                      ><br clear="none">
                                                      >
                                                      sslcrtd_program
                                                      /usr/lib/squid3/ssl_crtd
                                                      -s /var/lib/ssl_db
                                                      -M 4MB<br clear="none">
                                                      >
                                                      sslcrtd_children 8
                                                      startup=1 idle=1<br clear="none">
                                                      ><br clear="none">
                                                      >
                                                      ---------------------------------<br clear="none">
                                                      ><br clear="none">
                                                      ><br clear="none">
                                                      > I'm running
                                                      version 3.5.23
                                                      with openssl 1.0.
                                                      I've had to
                                                      disable libecap
                                                      because I couldn't
                                                      build 3.5 with
                                                      ecap enabled. I'm
                                                      getting the
                                                      following error
                                                      when trying to
                                                      connect with SSL:<br clear="none">
                                                      ><br clear="none">
                                                      >
                                                      ---------------------------------<br clear="none">
                                                      ><br clear="none">
                                                      > The following
                                                      error was
                                                      encountered while
                                                      trying to retrieve
                                                      the URL: <a rel="nofollow" shape="rect" target="_blank" href="https://www.google.co.uk/*">https://www.google.co.uk/*</a><br clear="none">
                                                      ><br clear="none">
                                                      > Failed to
                                                      establish a secure
                                                      connection to
                                                      216.58.198.67<br clear="none">
                                                      ><br clear="none">
                                                      > The system
                                                      returned:<br clear="none">
                                                      ><br clear="none">
                                                      > (71) Protocol
                                                      error (TLS code:
X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY)<br clear="none">
                                                      > SSL
                                                      Certficate error:
                                                      certificate issuer
                                                      (CA) not known:
                                                      /C=US/O=Equifax/OU=Equifax
                                                      Secure Certificate
                                                      Authority<br clear="none">
                                                      ><br clear="none">
                                                      > This proxy
                                                      and the remote
                                                      host failed to
                                                      negotiate a
                                                      mutually
                                                      acceptable
                                                      security settings
                                                      for handling your
                                                      request. It is
                                                      possible that the
                                                      remote host does
                                                      not support secure
                                                      connections, or
                                                      the proxy is not
                                                      satisfied with the
                                                      host security
                                                      credentials.<br clear="none">
                                                      ><br clear="none">
                                                      > Your cache
                                                      administrator is
                                                      webmaster.<br clear="none">
                                                      ><br clear="none">
                                                      > Generated
                                                      Tue, 18 Apr 2017
                                                      12:23:40 GMT by
                                                      raspberrypi
                                                      (squid/3.5.23)<br clear="none">
                                                      >
                                                      ---------------------------------<br clear="none">
                                                      ><br clear="none">
                                                      > The CA is
                                                      always listed as
                                                      not known not
                                                      matter what site I
                                                      try I always get
                                                      this error.<br clear="none">
                                                      ><br clear="none">
                                                      > Any ideas?<br clear="none">
                                                      ><br clear="none">
                                                      > Thanks,<br clear="none">
                                                      ><br clear="none">
                                                      > Olly<br clear="none">
                                                      ><br clear="none">
                                                      >
                                                      ________________________________<br clear="none">
                                                      > From: Olly
                                                      Lennox <<a rel="nofollow" shape="rect" ymailto="mailto:oliver@lennox-it.uk" target="_blank" href="mailto:oliver@lennox-it.uk">oliver@lennox-it.uk</a>><br clear="none">
                                                      > To: Amos
                                                      Jeffries <<a rel="nofollow" shape="rect" ymailto="mailto:squid3@treenet.co.nz" target="_blank" href="mailto:squid3@treenet.co.nz">squid3@treenet.co.nz</a>>;
                                                      "<a rel="nofollow" shape="rect" ymailto="mailto:squid-users@lists.squid-cache.org" target="_blank" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a>"
                                                      <<a rel="nofollow" shape="rect" ymailto="mailto:squid-users@lists.squid-cache.org" target="_blank" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a>><br clear="none">
                                                      > Sent: Sunday,
                                                      16 April 2017,
                                                      9:31<br clear="none">
                                                      > Subject: Re:
                                                      [squid-users]
                                                      HTTPS woes<br clear="none">
                                                      ><br clear="none">
                                                      ><br clear="none">
                                                      ><br clear="none">
                                                      > Thanks Amos,
                                                      it's finally built
                                                      but I had to
                                                      disabled ecap, for
                                                      whatever reason
                                                      this kept failing
                                                      (with version
                                                      1.0.1 installed).
                                                      It failed on a
                                                      reference to the
                                                      Area function I
                                                      think but I don't
                                                      have the error
                                                      message copied.
                                                      I'm trying now to
                                                      configure the ssl
                                                      stare/peek and
                                                      will let you know
                                                      how it goes.<br clear="none">
                                                      ><br clear="none">
                                                      > Olly<br clear="none">
                                                      >  <br clear="none">
                                                      > <a rel="nofollow" shape="rect" ymailto="mailto:oliver@lennox-it.uk" target="_blank" href="mailto:oliver@lennox-it.uk">oliver@lennox-it.uk</a><br clear="none">
                                                      > lennox-it.uk<br clear="none">
                                                      > tel: 07900
                                                      648 252<br clear="none">
                                                      ><br clear="none">
                                                      ><br clear="none">
                                                      ><br clear="none">
                                                      >
                                                      ________________________________<br clear="none">
                                                      > From: Amos
                                                      Jeffries <<a rel="nofollow" shape="rect" ymailto="mailto:squid3@treenet.co.nz" target="_blank" href="mailto:squid3@treenet.co.nz">squid3@treenet.co.nz</a>><br clear="none">
                                                      > To: <a rel="nofollow" shape="rect" ymailto="mailto:squid-users@lists.squid-cache.org" target="_blank" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a><br clear="none">
                                                      > Sent:
                                                      Saturday, 15 April
                                                      2017, 23:07<br clear="none">
                                                      > Subject: Re:
                                                      [squid-users]
                                                      HTTPS woes<br clear="none">
                                                      ><br clear="none">
                                                      ><br clear="none">
                                                      ><br clear="none">
                                                      > On 15/04/2017
                                                      9:59 a.m., Olly
                                                      Lennox wrote:<br clear="none">
                                                      >> Hi Guys.<br clear="none">
                                                      >> I'm still
                                                      struggling with
                                                      this. I'm trying
                                                      to build a version
                                                      of 3.5 but I just
                                                      can't get it to
                                                      work. I'm
                                                      currently
                                                      attempting to
                                                      rebuild the
                                                      stretch package
                                                      with SSL enabled
                                                      but build keeps
                                                      failing with the
                                                      following:<br clear="none">
                                                      >>
                                                      ../../src/ssl/gadgets.h:83:45:
                                                      error:
                                                      âCRYPTO_LOCK_X509â
                                                      was not declared
                                                      in this scope
                                                      typedef
                                                      LockingPointer<X509,
                                                      X509_free_cpp,
                                                      CRYPTO_LOCK_X509>
                                                      X509_Pointer;     
                                                                       
                                                                       
                                                       
                                                      ^~~~~~~~~~~~~~~~../../src/ssl/gadgets.h:83:61:
                                                      error: template
                                                      argument 3 is
                                                      invalid typedef
                                                      LockingPointer<X509,
                                                      X509_free_cpp,
                                                      CRYPTO_LOCK_X509>
                                                      X509_Pointer;     
                                                                       
                                                                       
                                                                       
^../../src/ssl/gadgets.h:89:53: error: âCRYPTO_LOCK_EVP_PKEYâ was not
                                                      declared in this
                                                      scope typedef
                                                      LockingPointer<EVP_PKEY,
                                                      EVP_PKEY_free_cpp,
CRYPTO_LOCK_EVP_PKEY> EVP_PKEY_Pointer;                             
                                                                       
                                                         
                                                      ^~~~~~~~~~~~~~~~~~~~../../src/ssl/gadgets.h:89:73:
                                                      error: template
                                                      argument 3 is
                                                      invalid typedef
                                                      LockingPointer<EVP_PKEY,
                                                      EVP_PKEY_free_cpp,
CRYPTO_LOCK_EVP_PKEY> EVP_PKEY_Pointer;                             
                                                                       
                                                                       
                                                           
                                                      ^../../src/ssl/gadgets.h:116:43:
                                                      error:
                                                      âCRYPTO_LOCK_SSLâ
                                                      was not declared
                                                      in this scope
                                                      typedef
                                                      LockingPointer<SSL,
                                                      SSL_free_cpp,
                                                      CRYPTO_LOCK_SSL>
                                                      SSL_Pointer;     
                                                                       
                                                                       
^~~~~~~~~~~~~~~../../src/ssl/gadgets.h:116:58: error: template argument
                                                      3 is invalid
                                                      typedef
                                                      LockingPointer<SSL,
                                                      SSL_free_cpp,
                                                      CRYPTO_LOCK_SSL>
                                                      SSL_Pointer;     
                                                                       
                                                                       
                                                                      ^<br clear="none">
                                                      >> Any
                                                      ideas?<br clear="none">
                                                      ><br clear="none">
                                                      ><br clear="none">
                                                      > On
                                                      Jesse/stable:<br clear="none">
                                                      ><br clear="none">
                                                      > apt-get
                                                      build-dep squid3<br clear="none">
                                                      > apt-get
                                                      install libss-dev<br clear="none">
                                                      ><br clear="none">
                                                      ><br clear="none">
                                                      > On
                                                      stretch/testing/unstable:<br clear="none">
                                                      ><br clear="none">
                                                      > apt-get
                                                      build-dep squid<br clear="none">
                                                      > apt-get
                                                      install
                                                      libss1.0-dev<br clear="none">
                                                      ><br clear="none">
                                                      ><br clear="none">
                                                      > That should
                                                      do it for you.<br clear="none">
                                                      ><br clear="none">
                                                      > Amos<br clear="none">
                                                      ><br clear="none">
                                                      ><br clear="none">
                                                      >
                                                      _______________________________________________<br clear="none">
                                                      > squid-users
                                                      mailing list<br clear="none">
                                                      > <a rel="nofollow" shape="rect" ymailto="mailto:squid-users@lists.squid-cache.org" target="_blank" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a><br clear="none">
                                                      > <a rel="nofollow" shape="rect" target="_blank" href="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</a><br clear="none">
                                                      ><br clear="none">
                                                      ><br clear="none">
                                                      ><br clear="none">
                                                      >
                                                      _______________________________________________<br clear="none">
                                                      > squid-users
                                                      mailing list<br clear="none">
                                                      > <a rel="nofollow" shape="rect" ymailto="mailto:squid-users@lists.squid-cache.org" target="_blank" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a><br clear="none">
                                                      > <a rel="nofollow" shape="rect" target="_blank" href="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</a>
                                                      <div class="yiv1902097244yqt8677547277" id="yiv1902097244yqtfd81681"><br clear="none">
                                                        >
                                                        _______________________________________________<br clear="none">
                                                        > squid-users
                                                        mailing list<br clear="none">
                                                        > <a rel="nofollow" shape="rect" ymailto="mailto:squid-users@lists.squid-cache.org" target="_blank" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a><br clear="none">
                                                        > <a rel="nofollow" shape="rect" target="_blank" href="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</a><br clear="none">
                                                        <br clear="none">
                                                        <br clear="none">
_______________________________________________<br clear="none">
                                                        squid-users
                                                        mailing list<br clear="none">
                                                        <a rel="nofollow" shape="rect" ymailto="mailto:squid-users@lists.squid-cache.org" target="_blank" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a><br clear="none">
                                                        <a rel="nofollow" shape="rect" target="_blank" href="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</a><br clear="none">
                                                      </div>
                                                    </div>
                                                    <br clear="none">
                                                    <br clear="none">
                                                  </div>
                                                </div>
                                              </div>
                                            </div>
                                          </div>
                                        </blockquote>
                                        <br clear="none">
                                      </div>
                                    </div>
                                  </div>
                                  <br clear="none">
                                  <br clear="none">
                                </div>
                              </div>
                            </div>
                          </div>
                        </div>
                      </blockquote>
                    </div>
                    <br clear="none">
                    <div class="yiv1902097244moz-signature">-- <br clear="none">
                      Bugs to the Future</div>
                  </div>
                </div>
                <br clear="none">
                <br clear="none">
              </div>
            </div>
          </div>
        </div>
      </div>
    </blockquote></div>
    <br clear="none">
    <div class="yiv1902097244moz-signature">-- <br clear="none">
      Bugs to the Future</div>
  </div></div><br><br></div> </div> </div>  </div></div></body></html>