ons 2006-12-20 klockan 18:17 +0800 skrev Jasenux Wong:
> from the squid (squid -d 9 -N) box i get this:
> TCP connection to xxxx/failed
> fwNegotiateSSL: Error negotiating SSL connection on FD 13:....
> certificate verify failed (1/-1/0)
The CA issuing the certificate used by the server is not trusted by your
Squid..
> my squid.conf,
> http_port 80
> https_port 443 cert=mycert.pem accel defaultsite=targetwebserver
> ssl_unclean_shutdown on
> sslproxy_capath /etc/ssl/certs
> sslproxy_flags DONT_VERIFY_PEER DONT_VERIFY_DOMAIN
> cache_peer targetwebserver parent 443 0 proxy-only no-query default
> originserver ssl front-end-https=auto
cache_peer has it's own SSL flags etc.. The settings set in sslproxy_*
isn't used there. See the cache_peer directive.
The sslproxy_* directives is used by Squid when forwarding requests
direct or via "normal" proxy type peers (not origin type)..
Regards
Henrik
This archive was generated by hypermail pre-2.1.9 : Mon Jan 01 2007 - 12:00:01 MST