[squid-users] squid doesn't fetch the intermediate certificate for some sites

Alex Rousskov rousskov at measurement-factory.com
Tue Jul 21 15:58:53 UTC 2020


On 7/21/20 3:41 AM, Dieter Bloms wrote:

> for some sites like https://mycase.cloudapps.cisco.com/
> squid doesn't fetch the intermediate certificate and returns X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY

The underlying problem is not specific to SslBump AFAICT. The
combination of unfortunate OpenSSL design decisions and TLS v1.3 secrecy
creates a serious problem for Squid. For details, please see

  https://bugs.squid-cache.org/show_bug.cgi?id=5067#c2

Alex.


More information about the squid-users mailing list