Package: squid3
Version: 3.4.8-6+deb8u1+aptbuild1
Severity: grave
Tags: newcomer
Justification: renders package unusable
Dear Maintainer,
I downloaded and compiled the squid through apt-build by adding the following
lines in "/var/cache/apt-build/build/squid3-3.4.8/debian/rules":
--enable-ssl \
--enable-ssl-CRTD \
--with-openssl \
Some https sites aprsentam as error the "sec_error_inadequate_key_usage"
message as error code.
The errors appear when using Firefox and Iceweasel browsers.
The same sites that feature error in Firefox-based browsers work perfectly in
Chrome.
A website as an example is the https://pt.wikipedia.org/
I found a palliative in
https://www.howtoforge.com/filtering-https-traffic-with-squid site that worked.
Apparently removing the line which has the code "NID_key_usage," the file
/var/cache/apt-build/build/squid3-3.4.8/src/ssl/gadgets.cc solve, but do not
know if this would imply some other problem .
Compiling the squid using the source of the project site, it does not occur
this error.
-- System Information:
Debian Release: 8.3
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages squid3 depends on:
ii adduser 3.113+nmu3
ii libc6 2.19-18+deb8u2
ii libcap2 1:2.24-8
ii libcomerr2 1.42.12-1.1
ii libdb5.3 5.3.28-9
ii libecap2 0.2.0-3
ii libexpat1 2.1.0-6+deb8u1
ii libgcc1 1:4.9.2-10
ii libgssapi-krb5-2 1.12.1+dfsg-19+deb8u2
ii libk5crypto3 1.12.1+dfsg-19+deb8u2
ii libkrb5-3 1.12.1+dfsg-19+deb8u2
ii libldap-2.4-2 2.4.40+dfsg-1+deb8u2
ii libltdl7 2.4.2-1.11
ii libnetfilter-conntrack3 1.0.4-1
ii libnettle4 2.7.1-5
ii libpam0g 1.1.8-3.1+deb8u1
ii libsasl2-2 2.1.26.dfsg1-13+deb8u1
ii libssl1.0.0 1.0.1k-3+deb8u2
ii libstdc++6 4.9.2-10
ii libxml2 2.9.1+dfsg1-5+deb8u1
ii logrotate 3.8.7-1+b1
ii lsb-base 4.1+Debian13+nmu1
ii netbase 5.3
ii squid3-common 3.4.8-6+deb8u1+aptbuild1
squid3 recommends no packages.
Versions of packages squid3 suggests:
pn resolvconf <none>
pn smbclient <none>
pn squid-cgi <none>
pn squid-purge <none>
pn squidclient <none>
pn ufw <none>
pn winbindd <none>
-- Configuration Files:
/etc/squid3/squid.conf changed:
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl sites_bloqueados dstdomain "/etc/squid3/empresa/sites-bloqueados"
acl localnet src 192.168.25.0/24
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access deny sites_bloqueados
http_access allow localnet
http_access allow localhost
http_access deny all
http_port 3128 transparent
https_port 3129 transparent ssl-bump generate-host-certificates=on
dynamic_cert_mem_cache_size=4MB cert=/etc/squid3/certificado/empresa.pem
ssl_bump server-first all
sslcrtd_program /usr/lib/squid3/ssl_crtd -s /etc/squid3/certificado/ssl_db -M
4MB
coredump_dir /var/spool/squid3
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
always_direct allow all
-- no debconf information
