On Tue, 6 Dec 2011 14:43:31 +0100, Sean Boran wrote:
> Hi,
>
> Hmm. Is that negotiation between browser and squid or between squid
> and the destination site?
*client*NegotiateSSL is the client browser/agent.
>
> Openssl is 0.9.8k (standard with Ubuntu Lucid 10.04)
>
> I wiped /var/lib/squid_ssl_db/certs, and re-ran
> /usr/local/squid/libexec/ssl_crtd -c -s /var/lib/squid_ssl_db
> /var/lib/squid_ssl_db/certs
> so that new certs would be generated.
>
> ... and so far, no crashes.
>
> It this resolves the issue, the perhaps the problem was that I
> changed
> the proxy's CA key several times during tests, so some target sites
> would have generated with different CA keys, and would have still be
> cached in /var/lib/squid_ssl_db/certs.
>
> The lesson would then be to empty /var/lib/squid_ssl_db/certs if one
> changes the CA key :-)
Er. Yes.
(updating the docs now to make sure that is mentioned).
Amos
Received on Tue Dec 06 2011 - 21:24:57 MST
This archive was generated by hypermail 2.2.0 : Wed Dec 07 2011 - 12:00:02 MST