[squid-users] Problems with SSL setup with squid

Amos Jeffries squid3 at treenet.co.nz
Wed Oct 10 17:56:01 UTC 2018


On 11/10/18 6:16 AM, Barnes, Michael wrote:
> Good afternoon,
> 
> I am trying to setup squid with SSL inspection.  I'm currently running
> the following OS and squid versions.
> *lsb_release -a*
> Distributor ID:Ubuntu
> Description:Ubuntu 18.04.1 LTS
> Release:18.04
> Codename:bionic
> 
> *squid -v*
> Squid Cache: Version 3.5.28
> Service Name: squid
> 
> This binary uses OpenSSL 1.0.2n  7 Dec 2017. For legal restrictions on
> distribution see https://www.openssl.org/source/license.html
> 
> configure options:  '--enable-linux-netfilter' '--enable-icap-client'
> '--enable-ssl' '--with-filedescriptors=65536' '--with-large-files'
> '--prefix=/usr' '--localstatedir=/var' '--libexecdir=/lib/squid'
> '--srcdir=.' '--datadir=/share/squid' '--sysconfdir=/etc/squid'
> '--enable-ssl-crtd' '--with-openssl' --enable-ltdl-convenience
> 


This build is missing many of the integration options needed to install
Squid into the Linux filesystem used by Debian/Ubuntu. One of the
missing parts is setting up the correct logging paths.

You should be able to rebuild the Ubuntu Squid-3 package with OpenSSL
support using the following commands:

 apt-get build-dep squid
 apt-get install libssl1.0-dev squid-langpack
 mkdir /tmp/squid
 cd /tmp/squid
 apt-get source squid
 cd squid-*

then edit the debian/rules file to add:

  --enable-ssl-crtd --with-openssl

after the gnutls option already there (on the same line is easiest).


run this to build the package:
 dpkg-buildpackage && cd ..

then install:

 dpkg --install squid-common_*.deb squid_*.deb



If you can do so using the Squid v4 package from the cosmic repository
the resulting Squid binary will have better SSL-Bump abilities and less
annoying problems than the old v3.5 version has. That will need the
libssl-dev package to build instead of libssl1.0-dev.

If not then no matter, just using any properly integrated build will
resolve your current problem and several others you do not yet encounter.

Amos


More information about the squid-users mailing list