[squid-users] squid doesn't fetch the intermediate certificate for some sites
Alex Rousskov
rousskov at measurement-factory.com
Tue Jul 21 15:58:53 UTC 2020
On 7/21/20 3:41 AM, Dieter Bloms wrote:
> for some sites like https://mycase.cloudapps.cisco.com/
> squid doesn't fetch the intermediate certificate and returns X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY
The underlying problem is not specific to SslBump AFAICT. The
combination of unfortunate OpenSSL design decisions and TLS v1.3 secrecy
creates a serious problem for Squid. For details, please see
https://bugs.squid-cache.org/show_bug.cgi?id=5067#c2
Alex.
More information about the squid-users
mailing list