Henrik,
Thanx, this solved my issue.
> justin@tryllian.com wrote:
>
>> If I try to get these sertificates to work with Squid 2.5 (https_port
>> 443 cert=/usr/local/squid/etc/server.pem) and put all 3 certificates +
>> the private key in 1 pem file... the CA is not recognized by my
>> browser.. in the certificate hierarchy there is no mention of any CA,
>> only my key is shown..
>
> You might want to try the SSL update available from
> http://devel.squid-cache.org/ssl/, it includes support for SSL
> certificate chains.
>
> If you do not feel like using the whole SSL update then just the
> following change in ssl_support.c should do the trick:
>
The whole SSL patch did not compile with squid-2.5-stable1
> From:
> if (!SSL_CTX_use_certificate_file(sslContext, certfile,
> SSL_FILETYPE_PEM)) {
> To:
> if (!SSL_CTX_use_certificate_chain_file(sslContext, certfile)) {
Just one remark:
In my chrooted squid installation it did not work..
As soon as I tried the "SSL_CTX_use_certificate_chain_file" compiled
binary.. I got the following error on startup:
error:02001002:system library:fopen:No such file or directory
when trying to open my server.pem file.
With a strace, it was clear it opened the server.pem file...
Eventualy it was the fact that I had no "/usr/share/ssl/openssl.cnf" that
caused this problem...with SSL_CTX_use_certificate_file this had been no
problem.
Is there a good explanation for this?
>
> Regards
> Henrik
Justin
Received on Wed Jan 01 2003 - 13:22:12 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:12:24 MST