[squid-users] Alert unknown CA

Yuri Voinov yvoinov at gmail.com
Tue Feb 3 18:50:26 UTC 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
Now I have:

root @ cthulhu /etc/opt/csw/ssl/certs # ls -al *.pem|wc -l
210

root and intermediate CA's. Most known I can found.

Note: all of them was wound in different places - in addition with
Mozilla's bundle, shipped with OpenSSL.

How I can found, which is absent?

And how to support this heap? In practice? Manually with CLI openssl?
Ok, but how to identify problem URL, when Squid's load over 100 requests
per second?

04.02.2015 0:31, Amos Jeffries пишет:
> On 4/02/2015 3:26 a.m., Yuri Voinov wrote: Hi gents,
>>
>> I think, will be good to add advanced debug options to ssl_crtd to avoid
>> this:
>>
>> 2015/02/03 20:21:37 kid1| clientNegotiateSSL: Error negotiating SSL
>> connection on FD 28: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1
>> alert unknown ca (1/0)
>>
>> Now we have no one tools to diagnose the situations above. Excluding own
>> eyes and brains. And - telepathy.
>>
>> Amos,
>>
>> is it possible to get more informative diagnostics? URL will be enough.
>
> I dont think we can without re-writing OpenSSL library operations
> directly in Squid.
>
> Amos
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
 
iQEcBAEBAgAGBQJU0RhxAAoJENNXIZxhPexGBXMH/iyom3/HPCkQB0xpAOZ7UdD0
aW5DhdzmGuaVQFbtxB4rkD+fd0KUxi3l0aOctE7xEjJFwB3R1BqjTqWD7Kw/N5I2
KaWUkxMHG2yxAjBqlOU/8ViJCpu4bq7aKQJWlfivr+qcH2QREUm5Q6cB9g18GKNy
mnS4qX7tcLp5mCtZAP4da9JkU9SqJy43AYkrPQTWVXKAz+ctZRDZVNzibhfIydmI
xXGy7iiUwwzJRLojjrp1WVpYQPV899EkhKxmFCW8uTqxMmzagDb5MmpHeaN7YyiN
VRnBD8dmiD0tZd1W69wlelVpfgdJJnOPF3UFYC97MHyBaVTDMCM6ZZOIS8xTyrQ=
=fqa6
-----END PGP SIGNATURE-----



More information about the squid-users mailing list