[squid-users] Communication fails between parent and child if using SSL/TLS
Jānis
je at ktf.rtu.lv
Sun Mar 26 12:01:43 UTC 2017
Citēts Jānis <je at ktf.rtu.lv>
Sun, 26 Mar 2017 14:56:32 +0300:
> Hi!
>
> theoretically, I have configured two squids in a parent-child cache
> structure.
>
> It works perfectly if it is just "plaintext" communications, but is
> i set the to use ssl (for non https traffic),
> the following error occurs:
> X-Squid-Error: ERR_CONNECT_FAIL 111
>
> and
>
> TCP connection to PARENT/PORT failed
>
> pop: lookup for key {PARENT/PORT} failed
>
> child's cache_peer config:
>
> cache_peer PARENT parent PORT 0 proxy-only ssl \
> sslcert=/path/to/cert.pem \
> sslkey=/path/to/key.key \
> sslflags=DONT_VERIFY_PEER
>
> parent's:
>
> https_port PORT \
> cert=/path/to/parent/cert.pem \
> key=/path/to/parent/key.key \
> sslflags=NO_DEFAULT_CA
>
> yes, and parent for some reason is not listening on PORT (according
> to netstat -l -n)
>
> connection for child to parent - allowed (is stay the same either
> for non-ssl or ssl-enabled cfg.
>
> squid's .configure:
> --prefix=/usr \
> --libdir=/usr/lib${LIBDIRSUFFIX} \
> --sysconfdir=/etc/squid \
> --localstatedir=/var/log/squid \
> --datadir=/usr/share/squid \
> --with-pidfile=/var/run/squid \
> --mandir=/usr/man \
> --with-logdir=/var/log/squid \
> --disable-devpoll \
> --enable-snmp \
> --enable-ssl \
> --enable-linux-netfilter \
> --enable-async-io \
> --disable-translation \
> --build=$ARCH-slackware-linux
>
> What disappoints - with older version of squid it worked. The
> upgrade turned it down.
bots ends use gnutls.
More information about the squid-users
mailing list