> Please note that the reconstructed URL in squid-2.5 is still http:// even
> if the request was acceped on an https_port. But thanks to
> httpd_accel_port 0 you should be able to identify the requests in the
> redirector.
This I didnīt know. For that the redirection rules must be changed of course.
> > 2005/06/16 09:42:03| clientNegotiateSSL: Error negotiating SSL
> connection on FD 20: error:1407609C:SSL
> routines:SSL23_GET_CLIENT_HELLO:http request (1/-1)
>
> Likely cause:
>
> a) You do not have access controls limiting what may be accessed via your
> reverse proxy (open proxy).
>
> b) The URL issue mentioned above, causing your redirector rules to not
> match the requested URL.
Changing the redirection rules solved the problem. After that I was fighting for quite a while with SSL3_GET_SERVER_CERTIFICATE:certificate verify failed messages (self signed certificate for testing), until I found that the sslproxy_flags DONT_VERIFY_PEER squid.conf option is needed for this to work.
Thank you very much for your help.
-tuukka
Received on Fri Jun 17 2005 - 05:45:34 MDT
This archive was generated by hypermail pre-2.1.9 : Fri Jul 01 2005 - 12:00:02 MDT