<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>Olly, Debian provides a ca-certificates package containing the
Mozilla CA list. It is updated whenever the CA set changes. Though
of course you should have apt connected to the relevant security
repository (jesse-security?) for regular updates.<br>
</p>
<p><br>
</p>
Amos<br>
<br>
<div class="moz-cite-prefix">On 19/04/17 03:10, Olly Lennox wrote:<br>
</div>
<blockquote
cite="mid:1349286026.2749280.1492528208940@mail.yahoo.com"
type="cite">
<div style="color:#000; background-color:#fff;
font-family:Helvetica Neue, Helvetica, Arial, Lucida Grande,
sans-serif;font-size:13px">
<div id="yui_3_16_0_ym19_1_1492528168938_5241"><span>Would you
mind sharing the script you use?</span></div>
<div id="yui_3_16_0_ym19_1_1492528168938_5242"> </div>
<div class="signature" id="yui_3_16_0_ym19_1_1492528168938_5243"><a class="moz-txt-link-abbreviated" href="mailto:oliver@lennox-it.uk">oliver@lennox-it.uk</a><br>
<a moz-do-not-send="true" rel="nofollow" target="_blank"
href="http://lennox-it.uk/">lennox-it.uk</a><br>
tel: 07900 648 252</div>
<div class="qtdSeparateBR"
id="yui_3_16_0_ym19_1_1492528168938_5244"><br>
<br>
</div>
<div class="yahoo_quoted"
id="yui_3_16_0_ym19_1_1492528168938_5251" style="display:
block;">
<div style="font-family: Helvetica Neue, Helvetica, Arial,
Lucida Grande, sans-serif; font-size: 13px;"
id="yui_3_16_0_ym19_1_1492528168938_5250">
<div style="font-family: HelveticaNeue, Helvetica Neue,
Helvetica, Arial, Lucida Grande, Sans-Serif; font-size:
16px;" id="yui_3_16_0_ym19_1_1492528168938_5249">
<div dir="ltr" id="yui_3_16_0_ym19_1_1492528168938_5248">
<font id="yui_3_16_0_ym19_1_1492528168938_5252"
face="Arial" size="2">
<hr size="1"> <b><span style="font-weight:bold;">From:</span></b>
Yuri Voinov <a class="moz-txt-link-rfc2396E" href="mailto:yvoinov@gmail.com"><yvoinov@gmail.com></a><br>
<b><span style="font-weight: bold;">To:</span></b>
Olly Lennox <a class="moz-txt-link-rfc2396E" href="mailto:oliver@lennox-it.uk"><oliver@lennox-it.uk></a>;
<a class="moz-txt-link-rfc2396E" href="mailto:squid-users@lists.squid-cache.org">"squid-users@lists.squid-cache.org"</a>
<a class="moz-txt-link-rfc2396E" href="mailto:squid-users@lists.squid-cache.org"><squid-users@lists.squid-cache.org></a> <br>
<b><span style="font-weight: bold;">Sent:</span></b>
Tuesday, 18 April 2017, 16:00<br>
<b><span style="font-weight: bold;">Subject:</span></b>
Re: [squid-users] HTTPS woes<br>
</font> </div>
<div class="y_msg_container"
id="yui_3_16_0_ym19_1_1492528168938_5253"><br>
<div id="yiv1902097244">
<div id="yui_3_16_0_ym19_1_1492528168938_5255">
<div id="yui_3_16_0_ym19_1_1492528168938_5254">I
have automated cron job to refresh Mozilla CA's
bundle by monthly basis.</div>
<div id="yui_3_16_0_ym19_1_1492528168938_5256">Intermediate
CA's, however, requires non-scheduled maintenance.
I've maintain it by demand.<br clear="none">
</div>
<br clear="none">
<div class="yiv1902097244moz-cite-prefix"
id="yui_3_16_0_ym19_1_1492528168938_5257">18.04.2017
20:17, Olly Lennox пишет:<br clear="none">
</div>
<div class="yiv1902097244yqt9262985019"
id="yiv1902097244yqt62421">
<blockquote type="cite"
id="yui_3_16_0_ym19_1_1492528168938_5259">
<div
style="color:#000;background-color:#fff;font-family:Helvetica
Neue, Helvetica, Arial, Lucida Grande,
sans-serif;font-size:13px;"
id="yui_3_16_0_ym19_1_1492528168938_5258">
<div
id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_63787"><span
id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_63786">Thanks Yuri! The
Mozilla Bundle has worked!! Most of the
major sites seem to be working which is
all we need. How often do these
certificates refresh? Would they need
updating every month or so?</span></div>
<div
id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_63788"> </div>
<div class="yiv1902097244signature"
id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_63683"><a
moz-do-not-send="true" rel="nofollow"
shape="rect"
class="yiv1902097244moz-txt-link-abbreviated"
ymailto="mailto:oliver@lennox-it.uk"
target="_blank"
href="mailto:oliver@lennox-it.uk">oliver@lennox-it.uk</a><br
clear="none">
<a moz-do-not-send="true" rel="nofollow"
shape="rect" target="_blank"
href="http://lennox-it.uk/">lennox-it.uk</a><br
clear="none">
tel: 07900 648 252</div>
<div class="yiv1902097244qtdSeparateBR"
id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_63628"><br
clear="none">
<br clear="none">
</div>
<div class="yiv1902097244yahoo_quoted"
id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_63643"
style="display:block;">
<div
id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_63642"
style="font-family:Helvetica Neue,
Helvetica, Arial, Lucida Grande,
sans-serif;font-size:13px;">
<div
id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_63641"
style="font-family:HelveticaNeue,
Helvetica Neue, Helvetica, Arial, Lucida
Grande, Sans-Serif;font-size:16px;">
<div dir="ltr"
id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_63640">
<font
id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_63639"
face="Arial" size="2"> </font>
<hr
id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_63638"
size="1"> <b><span
style="font-weight:bold;">From:</span></b>
Yuri Voinov <a moz-do-not-send="true"
rel="nofollow" shape="rect"
class="yiv1902097244moz-txt-link-rfc2396E"
ymailto="mailto:yvoinov@gmail.com"
target="_blank"
href="mailto:yvoinov@gmail.com"
id="yui_3_16_0_ym19_1_1492528168938_5260"><yvoinov@gmail.com></a><br
clear="none">
<b><span style="font-weight:bold;">To:</span></b>
Olly Lennox <a moz-do-not-send="true"
rel="nofollow" shape="rect"
class="yiv1902097244moz-txt-link-rfc2396E"
ymailto="mailto:oliver@lennox-it.uk"
target="_blank"
href="mailto:oliver@lennox-it.uk"
id="yui_3_16_0_ym19_1_1492528168938_5261"><oliver@lennox-it.uk></a>;
<a moz-do-not-send="true"
rel="nofollow" shape="rect"
class="yiv1902097244moz-txt-link-rfc2396E"
ymailto="mailto:squid-users@lists.squid-cache.org" target="_blank"
href="mailto:squid-users@lists.squid-cache.org">"squid-users@lists.squid-cache.org"</a>
<a moz-do-not-send="true"
rel="nofollow" shape="rect"
class="yiv1902097244moz-txt-link-rfc2396E"
ymailto="mailto:squid-users@lists.squid-cache.org" target="_blank"
href="mailto:squid-users@lists.squid-cache.org"><squid-users@lists.squid-cache.org></a>
<br clear="none">
<b><span style="font-weight:bold;">Sent:</span></b>
Tuesday, 18 April 2017, 14:43<br
clear="none">
<b><span style="font-weight:bold;">Subject:</span></b>
Re: [squid-users] HTTPS woes<br
clear="none">
</div>
<div
class="yiv1902097244y_msg_container"
id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_65900"><br
clear="none">
<div id="yiv1902097244">
<div
id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_65902">
<div
id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_65901">You
talked about two different
things.</div>
<div
id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_65903">1.
root CA usually built-in in
clients. For standalone use,
root CA (from Mozilla) usually
distributes with openssl
distributions. If you need (or
your openssl distribution does
not contains root CAs), you can
find separately distributed
Mozilla CA's by short googling:
<br clear="none">
</div>
<div
id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_65904"><a
moz-do-not-send="true"
rel="nofollow" shape="rect"
class="yiv1902097244moz-txt-link-freetext"
target="_blank"
href="https://www.google.com/search?q=Mozilla+CA+bundle"
id="yui_3_16_0_ym19_1_1492528168938_5262">https://www.google.com/search?q=Mozilla+CA+bundle</a></div>
<div
id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_65905">2.
Intermediate CA's is subordinate
for roots CA. It does not exists
by gouverned repository (because
of supporting it is work, manual
work and should be do by
somebody), moreover, it spreaded
across CA authorities. There is
no automated tool to support
this _intermediate_list. The
problem also: intermediate CA's
usuallu has much short validity
period instead of roots, and
should supports all time at
time.</div>
<div
id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_65906">Finally
- it you want to use Squid with
SSL Bump, you should understand
PKI infrastructure and yes - you
should support root CA &
intermediate CAs on proxy by
yourself all time. There is no
free or payment basis service
which is do it for you.<br
clear="none">
</div>
<br clear="none">
<div
class="yiv1902097244moz-cite-prefix">18.04.2017
19:35, Olly Lennox пишет:<br
clear="none">
</div>
<div
class="yiv1902097244yqt7303733207"
id="yiv1902097244yqt94043">
<blockquote
id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_65908"
type="cite">
<div
id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_65907"
style="color:#000;background-color:#fff;font-family:Helvetica Neue,
Helvetica, Arial, Lucida
Grande,
sans-serif;font-size:13px;">
<div dir="ltr"
id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_49171"><span
id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_49209">So anyone who
wants to use Squid over
HTTPS in the way has to
build this repository
themselves by manually
downloading all the CA
bundles?</span></div>
<div
id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_49172"> </div>
<div
id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_49172"><br
clear="none">
</div>
<div
class="yiv1902097244qtdSeparateBR"
id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_65909"><br clear="none">
<br clear="none">
</div>
<div
class="yiv1902097244yahoo_quoted"
id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_49251"
style="display:block;">
<div
id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_49250"
style="font-family:Helvetica Neue, Helvetica, Arial, Lucida Grande,
sans-serif;font-size:13px;">
<div
id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_49249"
style="font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial,
Lucida Grande,
Sans-Serif;font-size:16px;">
<div dir="ltr"
id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_49259">
<font
id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_49258"
face="Arial"
size="2"> </font>
<hr
id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_49260"
size="1"> <b><span
style="font-weight:bold;">From:</span></b> Yuri <a
moz-do-not-send="true"
rel="nofollow"
shape="rect"
class="yiv1902097244moz-txt-link-rfc2396E"
id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_65910"
ymailto="mailto:yvoinov@gmail.com"
target="_blank"
href="mailto:yvoinov@gmail.com"><yvoinov@gmail.com></a><br
clear="none">
<b><span
style="font-weight:bold;">To:</span></b>
Olly Lennox <a
moz-do-not-send="true"
rel="nofollow"
shape="rect"
class="yiv1902097244moz-txt-link-rfc2396E"
id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_65911"
ymailto="mailto:oliver@lennox-it.uk"
target="_blank"
href="mailto:oliver@lennox-it.uk"><oliver@lennox-it.uk></a>;
<a
moz-do-not-send="true"
rel="nofollow"
shape="rect"
class="yiv1902097244moz-txt-link-rfc2396E"
ymailto="mailto:squid-users@lists.squid-cache.org" target="_blank"
href="mailto:squid-users@lists.squid-cache.org">"squid-users@lists.squid-cache.org"</a>
<a
moz-do-not-send="true"
rel="nofollow"
shape="rect"
class="yiv1902097244moz-txt-link-rfc2396E"
ymailto="mailto:squid-users@lists.squid-cache.org" target="_blank"
href="mailto:squid-users@lists.squid-cache.org"><squid-users@lists.squid-cache.org></a>
<br clear="none">
<b><span
style="font-weight:bold;">Sent:</span></b>
Tuesday, 18 April
2017, 14:03<br
clear="none">
<b><span
style="font-weight:bold;">Subject:</span></b>
Re: [squid-users]
HTTPS woes<br
clear="none">
</div>
<div
class="yiv1902097244y_msg_container"
id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_49248"><br clear="none">
<div
id="yiv1902097244">
<div
id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_49247">
<div
id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_49257"><br
clear="none">
</div>
<br clear="none">
<div
class="yiv1902097244moz-cite-prefix"
id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_49256">18.04.2017
18:56, Olly
Lennox пишет:<br
clear="none">
</div>
<blockquote
id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_49253"
type="cite">
<div
id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_49252"
style="color:#000;background-color:#fff;font-family:Helvetica Neue,
Helvetica,
Arial, Lucida
Grande,
sans-serif;font-size:13px;">
<div dir="ltr"
id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_14933"><span>I'm using </span></div>
<div dir="ltr"
id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_14933"><br clear="none">
</div>
<div dir="ltr"
id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_14933">sslproxy_foreign_intermediate_certs</div>
<div dir="ltr"
id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_14933"><br clear="none">
</div>
<div dir="ltr"
id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_14933">Is this the same
thing? <br
clear="none">
</div>
</div>
</blockquote>
No. You firstly
required CA
roots available
for squid. CA
roots and
intermediate is
the different
things.<br
clear="none">
<blockquote
id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_49255"
type="cite">
<div
id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_49254"
style="color:#000;background-color:#fff;font-family:Helvetica Neue,
Helvetica,
Arial, Lucida
Grande,
sans-serif;font-size:13px;">
<div dir="ltr"
id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_14933"><br clear="none">
</div>
<div dir="ltr"
id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_14933">Also is there
anywhere to
get a bundle
of all the
major CA
intermdiate
certs or do
you have to
download them
all manually?</div>
</div>
</blockquote>
No. You should
build it by
yourself.
<div
class="yiv1902097244yqt6360993177"
id="yiv1902097244yqtfd66056"><br clear="none">
<blockquote
id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_49262"
type="cite">
<div
id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_49261"
style="color:#000;background-color:#fff;font-family:Helvetica Neue,
Helvetica,
Arial, Lucida
Grande,
sans-serif;font-size:13px;">
<div dir="ltr"
id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_14933"><br clear="none">
</div>
<div dir="ltr"
id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_14933">Cheers,</div>
<div
id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_14934"> </div>
<div
class="yiv1902097244signature"
id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_14906"><a
moz-do-not-send="true"
rel="nofollow"
shape="rect"
class="yiv1902097244moz-txt-link-abbreviated"
id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_49263"
ymailto="mailto:oliver@lennox-it.uk"
target="_blank" href="mailto:oliver@lennox-it.uk">oliver@lennox-it.uk</a><br
clear="none">
<a
moz-do-not-send="true"
rel="nofollow"
shape="rect"
target="_blank"
href="http://lennox-it.uk/">lennox-it.uk</a><br clear="none">
tel: 07900 648
252</div>
<div
class="yiv1902097244qtdSeparateBR"
id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_14935"><br clear="none">
<br
clear="none">
</div>
<div
class="yiv1902097244yahoo_quoted"
id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_14881"
style="display:block;">
<div
id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_14880"
style="font-family:Helvetica Neue, Helvetica, Arial, Lucida Grande,
sans-serif;font-size:13px;">
<div
id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_14879"
style="font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial,
Lucida Grande,
Sans-Serif;font-size:16px;">
<div dir="ltr"
id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_14905"> <font
id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_14904"
face="Arial"
size="2"> </font>
<hr
id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_14936"
size="1"> <b><span
style="font-weight:bold;">From:</span></b> Yuri <a
moz-do-not-send="true"
rel="nofollow"
shape="rect"
class="yiv1902097244moz-txt-link-rfc2396E"
id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_49264"
ymailto="mailto:yvoinov@gmail.com"
target="_blank" href="mailto:yvoinov@gmail.com"><yvoinov@gmail.com></a><br
clear="none">
<b><span
style="font-weight:bold;">To:</span></b>
<a
moz-do-not-send="true"
rel="nofollow"
shape="rect"
class="yiv1902097244moz-txt-link-abbreviated"
ymailto="mailto:squid-users@lists.squid-cache.org" target="_blank"
href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a>
<br
clear="none">
<b><span
style="font-weight:bold;">Sent:</span></b>
Tuesday, 18
April 2017,
13:51<br
clear="none">
<b><span
style="font-weight:bold;">Subject:</span></b>
Re:
[squid-users]
HTTPS woes<br
clear="none">
</div>
<div
class="yiv1902097244y_msg_container"
id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_14878"><br clear="none">
<div dir="ltr"
id="yiv1902097244yui_3_16_0_ym19_1_1492518293756_14877">Try to specify
roots CA
bundle/dir
explicity by
specifying one
of this <br
clear="none">
params:<br
clear="none">
<br
clear="none">
<br
clear="none">
# TAG:
sslproxy_cafile<br
clear="none">
# file
containing CA
certificates
to use when
verifying
server<br
clear="none">
#
certificates
while proxying
<a
moz-do-not-send="true"
rel="nofollow"
shape="rect"
class="yiv1902097244moz-txt-link-freetext"
href="">https://</a>
URLs<br
clear="none">
#Default:<br
clear="none">
# none<br
clear="none">
<br
clear="none">
# TAG:
sslproxy_capath<br
clear="none">
# directory
containing CA
certificates
to use when
verifying<br
clear="none">
# server
certificates
while proxying
<a
moz-do-not-send="true"
rel="nofollow"
shape="rect"
class="yiv1902097244moz-txt-link-freetext"
href="">https://</a>
URLs<br
clear="none">
#Default:<br
clear="none">
# none<br
clear="none">
<br
clear="none">
<br
clear="none">
<br
clear="none">
18.04.2017
18:46, Olly
Lennox пишет:<br
clear="none">
> Hi All,<br
clear="none">
><br
clear="none">
> Still
having
problems here.
This is my
https config
now:<br
clear="none">
><br
clear="none">
><br
clear="none">
>
---------------------------------https_port
3129 intercept
ssl-bump
generate-host-certificates=on
dynamic_cert_mem_cache_size=4MB cert=/etc/squid3/ssl_cert/squid.crt
key=/etc/squid3/ssl_cert/squid.key
options=NO_SSLv3 dhparams=/etc/squid3/ssl_cert/dhparam.pem<br
clear="none">
><br
clear="none">
> acl step1
at_step
SslBump1<br
clear="none">
> ssl_bump
peek step1<br
clear="none">
> ssl_bump
bump all<br
clear="none">
>
sslproxy_options
NO_SSLv2,NO_SSLv3,SINGLE_DH_USE<br clear="none">
>
sslproxy_cipher
EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS<br
clear="none">
><br
clear="none">
>
sslcrtd_program
/usr/lib/squid3/ssl_crtd -s /var/lib/ssl_db -M 4MB<br clear="none">
>
sslcrtd_children
8 startup=1
idle=1<br
clear="none">
><br
clear="none">
>
---------------------------------<br
clear="none">
><br
clear="none">
><br
clear="none">
> I'm
running
version 3.5.23
with openssl
1.0. I've had
to disable
libecap
because I
couldn't build
3.5 with ecap
enabled. I'm
getting the
following
error when
trying to
connect with
SSL:<br
clear="none">
><br
clear="none">
>
---------------------------------<br
clear="none">
><br
clear="none">
> The
following
error was
encountered
while trying
to retrieve
the URL: <a
moz-do-not-send="true"
rel="nofollow"
shape="rect"
target="_blank"
href="https://www.google.co.uk/*">https://www.google.co.uk/*</a><br
clear="none">
><br
clear="none">
> Failed to
establish a
secure
connection to
216.58.198.67<br
clear="none">
><br
clear="none">
> The
system
returned:<br
clear="none">
><br
clear="none">
> (71)
Protocol error
(TLS code:
X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY)<br clear="none">
> SSL
Certficate
error:
certificate
issuer (CA)
not known:
/C=US/O=Equifax/OU=Equifax
Secure
Certificate
Authority<br
clear="none">
><br
clear="none">
> This
proxy and the
remote host
failed to
negotiate a
mutually
acceptable
security
settings for
handling your
request. It is
possible that
the remote
host does not
support secure
connections,
or the proxy
is not
satisfied with
the host
security
credentials.<br
clear="none">
><br
clear="none">
> Your
cache
administrator
is webmaster.<br
clear="none">
><br
clear="none">
> Generated
Tue, 18 Apr
2017 12:23:40
GMT by
raspberrypi
(squid/3.5.23)<br
clear="none">
>
---------------------------------<br
clear="none">
><br
clear="none">
> The CA is
always listed
as not known
not matter
what site I
try I always
get this
error.<br
clear="none">
><br
clear="none">
> Any
ideas?<br
clear="none">
><br
clear="none">
> Thanks,<br
clear="none">
><br
clear="none">
> Olly<br
clear="none">
><br
clear="none">
>
________________________________<br
clear="none">
> From:
Olly Lennox
<<a
moz-do-not-send="true"
rel="nofollow"
shape="rect"
ymailto="mailto:oliver@lennox-it.uk"
target="_blank" href="mailto:oliver@lennox-it.uk">oliver@lennox-it.uk</a>><br
clear="none">
> To: Amos
Jeffries <<a
moz-do-not-send="true" rel="nofollow" shape="rect"
ymailto="mailto:squid3@treenet.co.nz"
target="_blank" href="mailto:squid3@treenet.co.nz">squid3@treenet.co.nz</a>>;
"<a
moz-do-not-send="true"
rel="nofollow"
shape="rect"
ymailto="mailto:squid-users@lists.squid-cache.org"
target="_blank" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a>"
<<a
moz-do-not-send="true"
rel="nofollow"
shape="rect"
ymailto="mailto:squid-users@lists.squid-cache.org"
target="_blank" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a>><br
clear="none">
> Sent:
Sunday, 16
April 2017,
9:31<br
clear="none">
> Subject:
Re:
[squid-users]
HTTPS woes<br
clear="none">
><br
clear="none">
><br
clear="none">
><br
clear="none">
> Thanks
Amos, it's
finally built
but I had to
disabled ecap,
for whatever
reason this
kept failing
(with version
1.0.1
installed). It
failed on a
reference to
the Area
function I
think but I
don't have the
error message
copied. I'm
trying now to
configure the
ssl stare/peek
and will let
you know how
it goes.<br
clear="none">
><br
clear="none">
> Olly<br
clear="none">
> <br
clear="none">
> <a
moz-do-not-send="true"
rel="nofollow"
shape="rect"
ymailto="mailto:oliver@lennox-it.uk"
target="_blank" href="mailto:oliver@lennox-it.uk">oliver@lennox-it.uk</a><br
clear="none">
>
lennox-it.uk<br
clear="none">
> tel:
07900 648 252<br
clear="none">
><br
clear="none">
><br
clear="none">
><br
clear="none">
>
________________________________<br
clear="none">
> From:
Amos Jeffries
<<a
moz-do-not-send="true"
rel="nofollow"
shape="rect"
ymailto="mailto:squid3@treenet.co.nz"
target="_blank" href="mailto:squid3@treenet.co.nz">squid3@treenet.co.nz</a>><br
clear="none">
> To: <a
moz-do-not-send="true"
rel="nofollow"
shape="rect"
ymailto="mailto:squid-users@lists.squid-cache.org"
target="_blank" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a><br
clear="none">
> Sent:
Saturday, 15
April 2017,
23:07<br
clear="none">
> Subject:
Re:
[squid-users]
HTTPS woes<br
clear="none">
><br
clear="none">
><br
clear="none">
><br
clear="none">
> On
15/04/2017
9:59 a.m.,
Olly Lennox
wrote:<br
clear="none">
>> Hi
Guys.<br
clear="none">
>> I'm
still
struggling
with this. I'm
trying to
build a
version of 3.5
but I just
can't get it
to work. I'm
currently
attempting to
rebuild the
stretch
package with
SSL enabled
but build
keeps failing
with the
following:<br
clear="none">
>>
../../src/ssl/gadgets.h:83:45:
error:
âCRYPTO_LOCK_X509â
was not
declared in
this scope
typedef
LockingPointer<X509,
X509_free_cpp,
CRYPTO_LOCK_X509> X509_Pointer;
^~~~~~~~~~~~~~~~../../src/ssl/gadgets.h:83:61:
error:
template
argument 3 is
invalid
typedef
LockingPointer<X509,
X509_free_cpp,
CRYPTO_LOCK_X509> X509_Pointer;
^../../src/ssl/gadgets.h:89:53: error: âCRYPTO_LOCK_EVP_PKEYâ was not
declared in
this scope
typedef
LockingPointer<EVP_PKEY,
EVP_PKEY_free_cpp,
CRYPTO_LOCK_EVP_PKEY> EVP_PKEY_Pointer;
^~~~~~~~~~~~~~~~~~~~../../src/ssl/gadgets.h:89:73:
error:
template
argument 3 is
invalid
typedef
LockingPointer<EVP_PKEY,
EVP_PKEY_free_cpp,
CRYPTO_LOCK_EVP_PKEY> EVP_PKEY_Pointer;
^../../src/ssl/gadgets.h:116:43: error: âCRYPTO_LOCK_SSLâ was not
declared in
this scope
typedef
LockingPointer<SSL,
SSL_free_cpp,
CRYPTO_LOCK_SSL> SSL_Pointer;
^~~~~~~~~~~~~~~../../src/ssl/gadgets.h:116:58: error: template argument
3 is invalid
typedef
LockingPointer<SSL,
SSL_free_cpp,
CRYPTO_LOCK_SSL> SSL_Pointer;
^<br
clear="none">
>> Any
ideas?<br
clear="none">
><br
clear="none">
><br
clear="none">
> On
Jesse/stable:<br
clear="none">
><br
clear="none">
> apt-get
build-dep
squid3<br
clear="none">
> apt-get
install
libss-dev<br
clear="none">
><br
clear="none">
><br
clear="none">
> On
stretch/testing/unstable:<br
clear="none">
><br
clear="none">
> apt-get
build-dep
squid<br
clear="none">
> apt-get
install
libss1.0-dev<br
clear="none">
><br
clear="none">
><br
clear="none">
> That
should do it
for you.<br
clear="none">
><br
clear="none">
> Amos<br
clear="none">
><br
clear="none">
><br
clear="none">
>
_______________________________________________<br
clear="none">
>
squid-users
mailing list<br
clear="none">
> <a
moz-do-not-send="true"
rel="nofollow"
shape="rect"
ymailto="mailto:squid-users@lists.squid-cache.org"
target="_blank" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a><br
clear="none">
> <a
moz-do-not-send="true"
rel="nofollow"
shape="rect"
target="_blank"
href="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</a><br
clear="none">
><br
clear="none">
><br
clear="none">
><br
clear="none">
>
_______________________________________________<br
clear="none">
>
squid-users
mailing list<br
clear="none">
> <a
moz-do-not-send="true"
rel="nofollow"
shape="rect"
ymailto="mailto:squid-users@lists.squid-cache.org"
target="_blank" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a><br
clear="none">
> <a
moz-do-not-send="true"
rel="nofollow"
shape="rect"
target="_blank"
href="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</a>
<div
class="yiv1902097244yqt8677547277"
id="yiv1902097244yqtfd81681"><br clear="none">
>
_______________________________________________<br
clear="none">
>
squid-users
mailing list<br
clear="none">
> <a
moz-do-not-send="true"
rel="nofollow"
shape="rect"
ymailto="mailto:squid-users@lists.squid-cache.org"
target="_blank" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a><br
clear="none">
> <a
moz-do-not-send="true"
rel="nofollow"
shape="rect"
target="_blank"
href="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</a><br
clear="none">
<br
clear="none">
<br
clear="none">
_______________________________________________<br clear="none">
squid-users
mailing list<br
clear="none">
<a
moz-do-not-send="true"
rel="nofollow"
shape="rect"
ymailto="mailto:squid-users@lists.squid-cache.org"
target="_blank" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a><br
clear="none">
<a
moz-do-not-send="true"
rel="nofollow"
shape="rect"
target="_blank"
href="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</a><br
clear="none">
</div>
</div>
<br
clear="none">
<br
clear="none">
</div>
</div>
</div>
</div>
</div>
</blockquote>
<br
clear="none">
</div>
</div>
</div>
<br clear="none">
<br clear="none">
</div>
</div>
</div>
</div>
</div>
</blockquote>
</div>
<br clear="none">
<div
class="yiv1902097244moz-signature">--
<br clear="none">
Bugs to the Future</div>
</div>
</div>
<br clear="none">
<br clear="none">
</div>
</div>
</div>
</div>
</div>
</blockquote>
</div>
<br clear="none">
<div class="yiv1902097244moz-signature">-- <br
clear="none">
Bugs to the Future</div>
</div>
</div>
<br>
<br>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
squid-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a>
<a class="moz-txt-link-freetext" href="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</a>
</pre>
</blockquote>
<br>
</body>
</html>