[squid-users] HTTPS reverse proxy: SSL Certficate verification failed
Amos Jeffries
squid3 at treenet.co.nz
Tue Apr 18 10:42:40 UTC 2017
On 18/04/17 21:29, Eric Veiras Galisson wrote:
> I'm back with more information about my problem.
>
> I put squid in front of https://fr.wikipedia.org, I generated a false
> certificate for my test to avoid problems with my browser and... I
> still have a problem with squid, the same as before.
>
> I'm thinking that my problem does not come from the upstream
> certificate itself (which could be the case with ours, but I don't
> think about wikipedia's ;) and that the root cause is my custom squid
> build.
>
> I'm running squid Debian Jessie version 3.4.8-6+deb8u4 and I
> recompiled adding the following options:
> - --enable-ssl --with-open-ssl="/etc/ssl/openssl.cnf"
> - --enable-ssl --with-open-ssl
> - --enable-ssl
> - --enable-ssl --with-open-ssl --with-ssl-crtd
>
> I tried these combinations and none of them solve my problem. I think
> I may be missing some important compilation option but I can't find which.
You should use: --enable-ssl-crtd --with-openssl
The --enable-ssl option is obsolete.
The --with-openssl option takes a path to where the openssl development
files are installed. Somehow I doubt that you have a library installed
as /etc/ssl/openssl.cnf/openssl/libssl.a. When building against the
systems default openssl installation you can omit the path. You only
need it if you are building a custom Squid against a custom openssl.
Amos
More information about the squid-users
mailing list