When I ru squid with -N -X I notice it parses the line you had me add
but I get the error below:
2007/06/04 14:20:08| Processing: 'cache_effective_user openssl s_client
-connect
<web server ip>:443 '
2007/06/04 14:20:08| parse_line: cache_effective_user openssl s_client
-connect
<web server ip>:443
FATAL: Cannot open '/usr/local/squid/var/logs/access.log' for writing.
The parent directory must be writeable by the
user 'openssl', which is the cache_effective_user
set in squid.conf.
-----Original Message-----
From: Jason Hitt [mailto:Jhitt@eGisticsinc.com]
Sent: Monday, June 04, 2007 9:41 AM
To: squid-users@squid-cache.org
Subject: RE: [squid-users] Cert issue on reserve proxy
Here the output I got when I read the following from the prompt as
root:
# openssl s_client -connect <server ip>:443
CONNECTED(00000004)
depth=0 /CN=<server url>
verify error:num=18:self signed certificate verify return:1 depth=0
/CN=<server url> verify return:1
--- Certificate chain 0 s:/CN=<server url> i:/CN=<server url> --- Server certificate -----BEGIN CERTIFICATE----- <cert info> -----END CERTIFICATE----- subject=/CN=<server url> issuer=/CN=<server url> --- No client certificate CA names sent --- SSL handshake has read 659 bytes and written 324 bytes --- New, TLSv1/SSLv3, Cipher is RC4-MD5 Server public key is 1024 bit SSL-Session: Protocol : TLSv1 Cipher : RC4-MD5 Session-ID: F01F000016E12FA021E0550C3B4E278053809D37116C03644D4827EEA147F11C Session-ID-ctx: Master-Key: <key info> Key-Arg : None Start Time: 1180967593 Timeout : 300 (sec) Verify return code: 18 (self signed certificate) --- read:errno=54 -----Original Message----- From: Henrik Nordstrom [mailto:henrik@henriknordstrom.net] Sent: Saturday, June 02, 2007 5:49 AM To: Jason Hitt Cc: squid-users@squid-cache.org Subject: RE: [squid-users] Cert issue on reserve proxy fre 2007-06-01 klockan 10:45 -0500 skrev Jason Hitt: > We tried the below cache effective user command with no success, even > when we made openssl daemon user and did a chown on the logs and cache > folder for it. Not sure what the s_client is for. We're so close, just > need this last bit. s_client is a simple SSL client for connecting to SSL servers such as https servers. The command "openssl s_client -connect webserver:443" opens an SSL connection to the webserver on port 443, and shows details about the negotiated SSL connection. When connected it waits for data to send to the server over the SSL connection and/or shows responses from the server. You can find an example output of a valid session at http://paste.lisp.org/display/42143 The HEAD /.. part was typed by me after the connection was established. Regards HenrikReceived on Mon Jun 04 2007 - 14:25:42 MDT
This archive was generated by hypermail pre-2.1.9 : Sun Jul 01 2007 - 12:00:04 MDT