[squid-users] Alert unknown CA

Amos Jeffries squid3 at treenet.co.nz
Tue Feb 3 18:31:03 UTC 2015


On 4/02/2015 3:26 a.m., Yuri Voinov wrote: Hi gents,
> 
> I think, will be good to add advanced debug options to ssl_crtd to avoid
> this:
> 
> 2015/02/03 20:21:37 kid1| clientNegotiateSSL: Error negotiating SSL
> connection on FD 28: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1
> alert unknown ca (1/0)
> 
> Now we have no one tools to diagnose the situations above. Excluding own
> eyes and brains. And - telepathy.
> 
> Amos,
> 
> is it possible to get more informative diagnostics? URL will be enough.

I dont think we can without re-writing OpenSSL library operations
directly in Squid.

Amos



More information about the squid-users mailing list