[squid-users] Interesting problem

Yuri Voinov yvoinov at gmail.com
Wed Feb 25 08:40:33 UTC 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In theory - yes. You must add all intermediate CA's to you openssl
cert's bundle manually.

25.02.15 10:18, Alex Samad пишет:
> Hi
> 
> I am running squid on Centos 6.5 squid-3.1.10-29.el6.x86_64
> 
> when I browse to https://www.quadriserv.com from IE or Chrome via
> the squid proxy, it seems to corrupt the server cert.
> 
> when i browse to the site by passing squid it works fine.
> 
> I have tried wget from the squid box works fine also tried openssl
> s_client
> 
> openssl s_client -connect www.quadriserv.com:443 -showcerts
> </dev/null | less
> 
> -----BEGIN CERTIFICATE----- 
> MIIFyTCCBLGgAwIBAgIRAJfNWR72clr8JgXbvgA+uqgwDQYJKoZIhvcNAQEFBQAw 
> YjELMAkGA1UEBhMCVVMxITAfBgNVBAoTGE5ldHdvcmsgU29sdXRpb25zIEwuTC5D 
> LjEwMC4GA1UEAxMnTmV0d29yayBTb2x1dGlvbnMgQ2VydGlmaWNhdGUgQXV0aG9y 
> aXR5MB4XDTEzMTAyMjAwMDAwMFoXDTE4MDQxMjIzNTk1OVowgdMxCzAJBgNVBAYT 
> AlVTMQ4wDAYDVQQREwUxMDAxNzELMAkGA1UECBMCTlkxFjAUBgNVBAcTDU5ldyBZ 
> b3JrIENpdHkxEzARBgNVBAkTCjE0dGggRmxvb3IxFjAUBgNVBAkTDTUyOSBGaWZ0 
> aCBBdmUxFzAVBgNVBAoTDlF1YWRyaXNlcnYgSW5jMQswCQYDVQQLEwJJVDEhMB8G 
> A1UECxMYU2VjdXJlIExpbmsgU1NMIFdpbGRjYXJkMRkwFwYDVQQDFBAqLnF1YWRy 
> aXNlcnYuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3Oa12dWu 
> 84WE2CeA0hVoFAw50+HpoB30Gi7uQ9/NK0A+gt8Igk5Vcwub6atldIiVc62k7v/9 
> DPZNoBxsOVopaTuDA54E6wnHEYve6VCr2xlQAnJEraIDZnvvQG/YnC8/ll44Yg06 
> MWVvMSug7oDSLhPPRX5ZjkQikpB6XKO1OhUUOJghUfo0YlG4I/8MBWpvJitaJOH9 
> pELBmepJFcpBvkij20Nk6MZu8kwzVs21Rp4FTEHpSH9Iagn7kw186nHqZkl+9D7e 
> UxM4IKc74j++Z2RjEPpPLLMcJYakD6kgkCUSkqiGmUS6R/4KBtbsE39lgJxNQDHU 
> Kqn5boHiyOjEZwIDAQABo4ICBjCCAgIwHwYDVR0jBBgwFoAUPEHijwgIqUwliY1t 
> xTjQ/IWMYhcwHQYDVR0OBBYEFCEGQeaf1tkMz9/3AA3y99GiCgzQMA4GA1UdDwEB 
> /wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF 
> BQcDAjB1BgNVHSAEbjBsMGAGDCsGAQQBhg4BAgEDATBQME4GCCsGAQUFBwIBFkJo 
> dHRwOi8vd3d3Lm5ldHdvcmtzb2x1dGlvbnMuY29tL2xlZ2FsL1NTTC1sZWdhbC1y 
> ZXBvc2l0b3J5LWNwcy5qc3AwCAYGZ4EMAQICMHoGA1UdHwRzMHEwNqA0oDKGMGh0 
> dHA6Ly9jcmwubmV0c29sc3NsLmNvbS9OZXR3b3JrU29sdXRpb25zX0NBLmNybDA3 
> oDWgM4YxaHR0cDovL2NybDIubmV0c29sc3NsLmNvbS9OZXR3b3JrU29sdXRpb25z 
> X0NBLmNybDBzBggrBgEFBQcBAQRnMGUwPAYIKwYBBQUHMAKGMGh0dHA6Ly93d3cu 
> bmV0c29sc3NsLmNvbS9OZXR3b3JrU29sdXRpb25zX0NBLmNydDAlBggrBgEFBQcw 
> AYYZaHR0cDovL29jc3AubmV0c29sc3NsLmNvbTAbBgNVHREEFDASghAqLnF1YWRy 
> aXNlcnYuY29tMA0GCSqGSIb3DQEBBQUAA4IBAQCsgRiTxwFDYa+3AZFzFj7XuhP3 
> LuEuI55Ppj0SwLfBjLeiHuQB616V536O1TWqbJGUc1KhXwiTh6kDFx5RXVGohV1f 
> qoaVFoKMkX+fVkG3VNjGmaqaZalweWRf0s6jMskWuSUQkWdADGnNCnqRxIrtyLfS 
> 7/OHak+o2W0R+0jdsiUiLC7iZLzgpdFwHUa1wEVSjz2rCaI0TjEDkUKGfDITzZ9J 
> IY64c7QiYjzNF/PzlCIpL6zwPqnswLp25WOPM1jE4mqsK/9Z6Q0SWckk8WRTnlQA 
> YIbTFxXiY5fkkc4wdNNJZDv2R/nW9VkkK4u4qiJQ5Q5Y3iqHic+D3GZ2l2nT 
> -----END CERTIFICATE-----
> 
> seems to be okay
> 
> but the one thing I can't do it verify it. seems lilke C=US,
> O=Network Solutions L.L.C., CN=Network Solutions Certificate
> Authority is missing from my rootCA bundle.
> 
> would that be enough to cause this ?
> 
> Alex _______________________________________________ squid-users
> mailing list squid-users at lists.squid-cache.org 
> http://lists.squid-cache.org/listinfo/squid-users
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBAgAGBQJU7YqBAAoJENNXIZxhPexGFi4H/idMIbVpk6GzwBP0QPm29eR+
JQCnuDRbqT8ZmTgaHTS2z6ho/RcaKfWjc59vLuA2P2Zoh6BqdM+DJJMaX8t5k+lL
DjXaLwjYruDu97BaW2dM1L2NBiUbQX0f41cSgQOonCbzOnRglZInG+3kD8Oag8er
/wOqRLjQPUdJBH/+j/fyZ3sQkRk0NoN906F5vsTY5Iv03ZMK0Ng7cVNAmEI+XxWH
4AY8K2TySbVHx0hstGRPCOf2fgqDVRnM6uQYQnMU59tt/Nz4mSVXenFWT2OyRLm2
ENRtJr9gExHuAJYaJsTWMySB1BVl7sLHz+V6Tv/v0AYF/jlAc6Q3F42lnjCH+lQ=
=7e/p
-----END PGP SIGNATURE-----


More information about the squid-users mailing list