[squid-users] Communication fails between parent and child if using SSL/TLS
Jānis
je at ktf.rtu.lv
Sun Mar 26 11:56:32 UTC 2017
Hi!
theoretically, I have configured two squids in a parent-child cache structure.
It works perfectly if it is just "plaintext" communications, but is i
set the to use ssl (for non https traffic),
the following error occurs:
X-Squid-Error: ERR_CONNECT_FAIL 111
and
TCP connection to PARENT/PORT failed
pop: lookup for key {PARENT/PORT} failed
child's cache_peer config:
cache_peer PARENT parent PORT 0 proxy-only ssl \
sslcert=/path/to/cert.pem \
sslkey=/path/to/key.key \
sslflags=DONT_VERIFY_PEER
parent's:
https_port PORT \
cert=/path/to/parent/cert.pem \
key=/path/to/parent/key.key \
sslflags=NO_DEFAULT_CA
yes, and parent for some reason is not listening on PORT (according to
netstat -l -n)
connection for child to parent - allowed (is stay the same either for
non-ssl or ssl-enabled cfg.
squid's .configure:
--prefix=/usr \
--libdir=/usr/lib${LIBDIRSUFFIX} \
--sysconfdir=/etc/squid \
--localstatedir=/var/log/squid \
--datadir=/usr/share/squid \
--with-pidfile=/var/run/squid \
--mandir=/usr/man \
--with-logdir=/var/log/squid \
--disable-devpoll \
--enable-snmp \
--enable-ssl \
--enable-linux-netfilter \
--enable-async-io \
--disable-translation \
--build=$ARCH-slackware-linux
What disappoints - with older version of squid it worked. The upgrade
turned it down.
More information about the squid-users
mailing list