Re: [squid-users] Using squid as transparent proxy causes problem with pages on https

From: Ahmed Talha Khan <auny87_at_gmail.com>
Date: Mon, 16 Apr 2012 17:00:13 +0500

There are a number of error msgs like these

2012/04/16 18:13:09| clientNegotiateSSL: Error negotiating SSL
connection on FD 23: error:14094416:SSL routines:SSL3_READ_BYTES:sslv3
alert certificate unknown (1/0)
2012/04/16 18:13:09| clientNegotiateSSL: Error negotiating SSL
connection on FD 25: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1
alert unknown ca (1/0)
2012/04/16 18:13:11| clientNegotiateSSL: Error negotiating SSL
connection on FD 22: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1
alert unknown ca (1/0)

I have added the sslflag=DONT_VERIFY_PEER to the port definitions. Not
sure why these are occurring still. May the page not upset is due to
some connections being dropped due to these error?

On Mon, Apr 16, 2012 at 4:55 PM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
> On 16/04/2012 9:15 p.m., Ahmed Talha Khan wrote:
>>
>> Worked like a charm :) !!
>>
>> The Cons of hard-coding :). The patch however was not directly
>> applicable because of the changes in the sources of 3.1.19, but it
>> worked. What are the side-effects of removing this.?
>
>
> It was added because whenever Squid reconfigured or restarted the port
> details are reset and existing connections loose access to the original port
> config details needed to guess what valid intercepted URL should be. So as
> long as you are not reconfiguring very often it should be fine.
>
>
>>  Also https pages
>> are now opening but some of them are looking weird and missing objects
>> like images or proper layout. Some of them look messed up. Any
>> comments on that?
>
>
> I'm not sure what all thats about.
>
> Amos
>

-- 
Regards,
-Ahmed Talha Khan
Received on Mon Apr 16 2012 - 12:00:20 MDT

This archive was generated by hypermail 2.2.0 : Mon Apr 16 2012 - 12:00:05 MDT