[squid-users] TCP FIN,ACK after ServerHelloDone with pcmag.com

Ahmad, Sarfaraz Sarfaraz.Ahmad at deshaw.com
Thu May 17 10:47:36 UTC 2018


Guys,

Any thoughts ?

Regards,
Sarfaraz

-----Original Message-----
From: Ahmad, Sarfaraz 
Sent: Wednesday, May 16, 2018 10:36 AM
To: 'Marcus Kool' <marcus.kool at urlfilterdb.com>; squid-users at lists.squid-cache.org
Subject: RE: [squid-users] TCP FIN,ACK after ServerHelloDone with pcmag.com

I see a message similar to Marcus' in cache.log.

2018/05/16 00:20:10 kid1| ERROR: negotiating TLS on FD 77: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed (1/-1/0)

And I am running squid-4.0.24.

Sarfaraz

-----Original Message-----
From: squid-users <squid-users-bounces at lists.squid-cache.org> On Behalf Of Marcus Kool
Sent: Wednesday, May 16, 2018 1:41 AM
To: squid-users at lists.squid-cache.org
Subject: Re: [squid-users] TCP FIN,ACK after ServerHelloDone with pcmag.com

The proxies that I used for the test have Squid 4.0.22 and Squid 4.0.23.

Marcus


On 15/05/18 15:40, Amos Jeffries wrote:
> On 16/05/18 01:32, Marcus Kool wrote:
>> pcmag.com also does not load here, although my config parameters are 
>> slightly different.
>> The certificate is indeed huge...
>> Do you have
>>     ERROR: negotiating TLS on FD NNN: error:14090086:SSL 
>> routines:ssl3_get_server_certificate:certificate verify failed 
>> (1/-1/0) or other errors in cache.log ?
>>
>> Marcus
>>
> 
> Are these Squid-4.0.24 ? There is a regression[1] in the cafile= 
> parameter handling in the latest release.
>   <https://bugs.squid-cache.org/show_bug.cgi?id=4831>
> 
> Amos
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
> 
_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users


More information about the squid-users mailing list