Treker Chen wrote:
> Dear all
>
> I downloaded squid-3.HEAD-20080528, compiled it with --enable-ssl
> --enable-icap-client. and configured squid.conf with SSL bump with the
> following setting
>
> http_port 3128 sslBump cert=/usr/local/squid/etc/apache.crt
> key=/usr/local/squid/etc/apache.pem
> ssl_bump allow all
> acl TrustedName url_regex ^https://weserve.badcerts.com/
> acl BogusError ssl_error SQUID_X509_V_ERR_DOMAIN_MISMATCH
> sslproxy_cert_error allow TrustedName
> sslproxy_cert_error allow BogusError
> sslproxy_cert_error deny all
>
> I can access internet with squid for http without problem, but when i
> tried to access https site.
> The browser shows "Unable to forward this request at this time"
> and the cache.log shows
> 2008/05/28 14:04:49| Failed to select source for 'https://ebank.bot.com.tw/'
>
> Does anyone know how to fix this?
That error looks like your ACL are denying access somewhere. Is there a
peer configured and never_direct lines anywhere?
You can trace the ACL actions in cache.log with debug_options ALL,1 28,9
Amos
-- Please use Squid 2.7.STABLE1 or 3.0.STABLE6Received on Thu May 29 2008 - 11:41:38 MDT
This archive was generated by hypermail 2.2.0 : Tue Aug 05 2008 - 01:05:14 MDT