Hello all,
I have two squid proxies, one is a Squid 2.7 on a Ubuntu 9.4 machine
located here in Switzerland. The other is ubuntu 8.04 LTS with Squid
2.6, located in the US.
I'm trying to do the following: Certain requests for servers in the US
need to go out of the US proxy. The connection between the local and
the US proxy needs to be secure. So I did the following:
- Recompiled squid from the source .deb on both machines so ssl works.
- Configured the US proxy squid server to accept https request.
- Configured the Switzerland proxy to forward certain requests to the US.
This worked before I enabled https on both sides of the link. But
without https the password that the local proxy uses to authenticate
to the remote proxy gets send in the clear, which I don't want.
Therefore I configured ssl.
With ssl enabled it only works when I request http pages. However,
when I try https I see how the local proxy performs a "CONNECT" on the
parent proxy in the US, but the US proxy throws an error.
In the local proxy log file I see the following:
1270305276.757 149 192.168.1.185 TCP_MISS/000 375 CONNECT
www.somesite.com:443 - FIRST_UP_PARENT/us.mydomain.net -
So the local proxy does know that to get https://www.somesite.com it
needs to pass via my US proxy, and so it attempts a "CONNECT" there.
On the US proxy I notice this in the log:
2010/04/03 14:34:36| clientNegotiateSSL: Error negotiating SSL
connection on FD 17: error:1407609B:SSL
routines:SSL23_GET_CLIENT_HELLO:https proxy request (1/-1)
What is actually going on here?
Is maybe my local proxy attempting to do the "CONNECT" over a plain
http on the https port?
Thanks in advance for any hints.
-- krist.vanbesien_at_gmail.com krist_at_vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions?Received on Sat Apr 03 2010 - 15:10:57 MDT
This archive was generated by hypermail 2.2.0 : Sun Apr 04 2010 - 12:00:03 MDT