[squid-users] ssl cert wiki
hello, according to this chapter http://wiki.squid-cache.org/ConfigExamples/Reverse/SslWithWildcardCertifiate i bought signed certificate but no one accept rsa:1024 so i generate the key with rsa:2048 after i got my crt from them https_port 443 cert=/usr/newrprgate/CertAuth/signed.crt key=/usr/newrprgate/CertAuth/testkey.pem but i got error in browser Error code: sec_error_inadequate_key_usage so what could be the problem ? -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/ssl-cert-wiki-tp4669016.html Sent from the Squid - Users mailing list archive at Nabble.com. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] site cannot be accessed
On Mon, Jan 12, 2015 at 7:41 AM, Simon Dcunha si...@baladia.gov.kw wrote: if I uncheck the proxy option in the browser the site works fine the above users also use internet and is working fine I am using the pac file to bypass local sites and the local intranet websites are alredy added in the pac file also i am quite sure the above intranet website were working before There is something wrong with the pac file then, because the intranet sites are being accessed through the proxy. I do not use pac files so I cannot help you there, but that is where I would look now. Good luck! -- regards, natxo ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] ssl cert wiki
yes you are right -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/ssl-cert-wiki-tp4669016p4669020.html Sent from the Squid - Users mailing list archive at Nabble.com. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] ssl cert wiki
what you mean by specify -CAPath with trusted root CA's -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/ssl-cert-wiki-tp4669016p4669025.html Sent from the Squid - Users mailing list archive at Nabble.com. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] ssl cert wiki
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 AFAIK, you can't be use SERVER certificate (almost signed trusted CA) for SSL bumping. You need root CA exactly. Self-signed root CA. 12.01.2015 17:28, HackXBack пишет: if it is self-signed CA certificate + import to browser then it will worked but if it is Trusted CA cert it giving me error like i said in first post -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/ssl-cert-wiki-tp4669016p4669037.html Sent from the Squid - Users mailing list archive at Nabble.com. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBAgAGBQJUs7EaAAoJENNXIZxhPexG79wIALm1VlLikdmesRdPRF5KdVDs f35RAwsisSQo/r8gFsjGYE5UV5sHWukP12xXgMfeAqwxS7F6TuTdQuiz4zQGKcJH VASZ84kcM6QBCRTXEBahm4qO/H4RC/E5SvSk22plNmMeEMYuyCa0CHuXNCW4kXAI HdbM7t07dloj3qvNKkmzoaDcSio0NkuqGsm30cEcXiNEqnlgJySnGmilptCma7DN LeJwRoUiBRdxEie4/s8uAOjvFZFUIX1QcH613KRxxm/qcOC/5im/PFw2HZXxuyRI WKZ2CSswJhip23BP5AA2A0z0Fv4Gpi4NnG8ii3FtnZFbl1Qn6Hcy6tRkJfUoi1k= =2d0o -END PGP SIGNATURE- ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Memory Leak Squid 3.4.9 on FreeBSD 10.0 x64
Hi. On 09.01.2015 06:12, Amos Jeffries wrote: Grand total: = 9.5 GB of RAM just for Squid. .. then there is whatever memory the helper programs, other software on the server and operating system all need. I'm now also having a strong impression that squid is leaking memory. Now, when 3.4.x is able to handle hundreds of users during several hours I notice that it's memory usage is constantly increasing. My patience always ends at the point of 1.5 Gigs memory usage, where server memory starts to be exhausted (squid is running with lots of other stuff) and I restart it. This is happening on exactly the same config the 3.3.13 was running, so ... I have cache_mem set to 512 megs, diskd, medium sized cache_dir and lots of users. Is something changed drastically in 3.4.x comparing to the 3.3.13, or is it, as it seems, a memory leak ? Thanks. Eugene. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] ssl cert wiki
how it didnt work while i found articles in google saying that it work for them like this one: http://www.linuxquestions.org/questions/linux-server-73/ssl-intermediate-chain-warning-917476/ -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/ssl-cert-wiki-tp4669016p4669050.html Sent from the Squid - Users mailing list archive at Nabble.com. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] ssl cert wiki
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 May I take a look on your squid.conf? Looks like you incorrect configure your proxy. 12.01.2015 17:07, HackXBack пишет: i dont know where you take me but my problem is not in any command ! i used trusted cert that got it from trusted CA but when i use it in https_port the browser give error like i mentioned in my first post -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/ssl-cert-wiki-tp4669016p4669033.html Sent from the Squid - Users mailing list archive at Nabble.com. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBAgAGBQJUs60QAAoJENNXIZxhPexGrxMH/RLL6UL/8CEoBGmLHYd0pXrP QxhZYUtJAbYfSLvufzVRiFpzw2mrBquSTx6MZXKFoociJ4Q0gZAf4JCSqeVJTymB O8/mxoD1tnUdx9GBMbNNztrR1eedvXRS+VurVHSRO5Ga9vl7FXJ7PBwj+RL0JN8N XRQq0RYRHA80vU6MMyHjl5PuJa/qeZcjsq8qNsiK7Z3TbD32jBMWKfNH4scfOrDw 8qIE/Ev0z0x3iEZduzgU8FvEhNVF95oSvW7zyZeN79vDC0kxZoY4Ns590eF9pDoS vYNgBRJCKR10N0CIrUIQW1MksYTp2AEg4v7eII+6hJka/7wO6+K/dbHSToqx1os= =i5G9 -END PGP SIGNATURE- ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] ssl cert wiki
in this case the clear question is what https_port line must contain ? -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/ssl-cert-wiki-tp4669016p4669027.html Sent from the Squid - Users mailing list archive at Nabble.com. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] ssl cert wiki
i dont know where you take me but my problem is not in any command ! i used trusted cert that got it from trusted CA but when i use it in https_port the browser give error like i mentioned in my first post -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/ssl-cert-wiki-tp4669016p4669033.html Sent from the Squid - Users mailing list archive at Nabble.com. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Memory Leak Squid 3.4.9 on FreeBSD 10.0 x64
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yep. Memory leaking - if it really it - will be occurs on all platforms. If not - this is OS-specific issue. libc, malloc library problem. But not squid itself. 12.01.2015 18:06, Eugene M. Zheganin пишет: Hi. On 12.01.2015 16:41, Eugene M. Zheganin wrote: I'm now also having a strong impression that squid is leaking memory. Now, when 3.4.x is able to handle hundreds of users during several hours I notice that it's memory usage is constantly increasing. My patience always ends at the point of 1.5 Gigs memory usage, where server memory starts to be exhausted (squid is running with lots of other stuff) and I restart it. This is happening on exactly the same config the 3.3.13 was running, so ... I have cache_mem set to 512 megs, diskd, medium sized cache_dir and lots of users. Is something changed drastically in 3.4.x comparing to the 3.3.13, or is it, as it seems, a memory leak ? Squid 3.4 on FreeBSD is by default compiling with the --enable-debug-cbdata option and when 45th log selector is at it's default 1, cache.log is filling with CBData memory leaking alarms. Here is the list for the last 40 minutes, sorted with the occurrence count: 104136 Checklist.cc:160 81438 Checklist.cc:187 177226 Checklist.cc:320 84861 Checklist.cc:45 89151 CommCalls.cc:21 22069 DiskIO/DiskDaemon/DiskdIOStrategy.cc:353 120 UserRequest.cc:166 29 UserRequest.cc:172 55814 clientStream.cc:235 5966 client_side_reply.cc:93 4516 client_side_request.cc:134 5568 dns_internal.cc:1131 4859 dns_internal.cc:1140 86 event.cc:90 7770 external_acl.cc:1426 1548 fqdncache.cc:340 7467 helper.cc:856 39905 ipcache.cc:353 11880 store.cc:1611 181959 store_client.cc:154 256951 store_client.cc:337 6835 ufs/UFSStoreState.cc:333 are those all false alarms ? Thanks. Eugene. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBAgAGBQJUs7rJAAoJENNXIZxhPexGmk0IAJmEmfJ1aBLL9DlrrnHM95JU 8VeGgsQi/wVpAjS2z1JA5eDJZ6WY5tBycVkJsKK0SBaHXrFjTHQkEUuy4iFQLpkV q8xZ4Y/X0rKJ6ayy6XSHaEd4wznlthteCTI5ImTW9fiL7PXfW7mci+o2g6lUPNa7 edtep7gp04ICmkLdq1F6P5InxksoLpc1iavV281SRowPDv151TFlZ5cn0A3fmqIv J/Pi19ss3vabiU3VXEvhiA5duxtx2lIs+BMZpU2Q3L9nQhvUf2pa8xMRBRF95RCd 8Pagb7Exzc/0/2JIjt8oCeV60Rr7xOUcwoxOXRC/4EBxzTWBH7FOkrnmBpVGNnM= =NJuF -END PGP SIGNATURE- ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Memory Leak Squid 3.4.9 on FreeBSD 10.0 x64
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yep. Memory leaking - if it really it - will be occurs on all platforms. If not - this is OS-specific issue. libc, malloc library problem. But not squid itself. 12.01.2015 18:06, Eugene M. Zheganin пишет: -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBAgAGBQJUs7rFAAoJENNXIZxhPexG7EYIAKfrJU2JU6gulc11PMnuNrq1 P0lMm5WYTh2joRj6j3mCsiMR8FyolOQCxT298wY3/zXlY4bvluuwwqJ9hW4JiuMn RGXK5iJvGg8zr0yABiDoNXFLgUMVdW8NqibSfecRds7ZZkjEhnn8tUO+2jU03ZBy dZzg7TavNOeRextBJCaknr4IKwvoQWQsiparTF91wJSg9YfQ7oHsWellTlbI7uPC r/2opE2nOtKF+PEbspmzXgzt76RBe1xNM4dWikbeZOPzXvg0n7Iwbhd6TSTfWLS0 Wb4HAPB7qVJ52Nx3lYjFYHrIMqKClrj+ETQVJp7CKOZCxP25jMyF+F1Oa9d9ZxE= =mVwt -END PGP SIGNATURE- ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] ssl cert wiki
Can you try to use openssl s_client? an exapmple: openssl s_client -connect facebook.com:443 Eliezer On 12/01/2015 11:41, HackXBack wrote: hello, according to this chapter http://wiki.squid-cache.org/ConfigExamples/Reverse/SslWithWildcardCertifiate i bought signed certificate but no one accept rsa:1024 so i generate the key with rsa:2048 after i got my crt from them https_port 443 cert=/usr/newrprgate/CertAuth/signed.crt key=/usr/newrprgate/CertAuth/testkey.pem but i got error in browser Error code: sec_error_inadequate_key_usage so what could be the problem ? ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] ssl cert wiki
openssl s_client -connect facebook.com:443 CONNECTED(0003) depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert High Assurance CA-3 verify error:num=20:unable to get local issuer certificate verify return:0 --- Certificate chain 0 s:/C=US/ST=CA/L=Menlo Park/O=Facebook, Inc./CN=*.facebook.com i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance CA-3 1 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance CA-3 i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA --- Server certificate -BEGIN CERTIFICATE- MIIFOzCCBCOgAwIBAgIQAXFSvMdg7cYV3Y5PV8hsDzANBgkqhkiG9w0BAQUFADBm MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 d3cuZGlnaWNlcnQuY29tMSUwIwYDVQQDExxEaWdpQ2VydCBIaWdoIEFzc3VyYW5j ZSBDQS0zMB4XDTE0MDgyODAwMDAwMFoXDTE1MTAyODEyMDAwMFowYTELMAkGA1UE BhMCVVMxCzAJBgNVBAgTAkNBMRMwEQYDVQQHEwpNZW5sbyBQYXJrMRcwFQYDVQQK Ew5GYWNlYm9vaywgSW5jLjEXMBUGA1UEAwwOKi5mYWNlYm9vay5jb20wWTATBgcq hkjOPQIBBggqhkjOPQMBBwNCAATY0d01veJZtvubH1QVjNu/Tli9R764EPwi6dKe mPhJKiX7lEbkQpmEUBxfAf0UJTFcTtlk/cUMs0bSobxwtIeOo4ICszCCAq8wHwYD VR0jBBgwFoAUUOpzidsp+xCPnuUBINTeeZlIg/cwHQYDVR0OBBYEFEMJk0D6EUsw M+zyh26NcRjPiryOMIIBCgYDVR0RBIIBATCB/oIOKi5mYWNlYm9vay5jb22CDGZh Y2Vib29rLmNvbYILKi5mYnNieC5jb22CCyouZmJjZG4ubmV0gg4qLnh4LmZiY2Ru Lm5ldIIOKi54eS5mYmNkbi5uZXSCBmZiLmNvbYIIKi5mYi5jb22CGCouZmFjZWJv b2tjb3Jld3d3aS5vbmlvboIWZmFjZWJvb2tjb3Jld3d3aS5vbmlvboIWZmJjZG4y M2Rzc3IzanFucS5vbmlvboIWZmJzYngycTRtdmNsNjNwdy5vbmlvboIQKi5tLmZh Y2Vib29rLmNvbYIPKi5tZXNzZW5nZXIuY29tgg1tZXNzZW5nZXIuY29tMA4GA1Ud DwEB/wQEAwIDiDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwYQYDVR0f BFowWDAqoCigJoYkaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL2NhMy1nMjkuY3Js MCqgKKAmhiRodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vY2EzLWcyOS5jcmwwQgYD VR0gBDswOTA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cu ZGlnaWNlcnQuY29tL0NQUzB7BggrBgEFBQcBAQRvMG0wJAYIKwYBBQUHMAh0 dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBFBggrBgEFBQcwAoY5aHR0cDovL2NhY2Vy dHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUNBLTMuY3J0MAwG A1UdEwEB/wQCMAAwDQYJKoZIhvcNAQEFBQADggEBAJLCX8dGEOeYrtzO+3yobUf+ 2sRpf5JnDPYs/D583ZDvIR2CC1j6BEZu7s0t8F3UwmZyFtYX+oF0eXTk5CK3LPOl WBEkO0qefB5vuHir2Iwdi3ojSg9FUHNNTKb2nOCv9tIvtSz0ME2J2mGnIQhYjV6i TnyRl2XAxGHej1uxpFhlHVwom7Bh/jliZGxqsB8s5NDMPByuYFO9lzT9THFvkhab fCYW/jVGQ7GYVR0xbAXERppKvYAHtuCpoBx26tx/ecO9cG36dGzqSjUefAHqmJML eSM0nWdjg8K5LolKyUKrrtBRYUIq9DGkROr9LAftTCKs8RZ40Ge3iV/0POlr6FI= -END CERTIFICATE- subject=/C=US/ST=CA/L=Menlo Park/O=Facebook, Inc./CN=*.facebook.com issuer=/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance CA-3 --- No client certificate CA names sent --- SSL handshake has read 3459 bytes and written 434 bytes --- New, TLSv1/SSLv3, Cipher is ECDHE-ECDSA-AES128-GCM-SHA256 Server public key is 256 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1.2 Cipher: ECDHE-ECDSA-AES128-GCM-SHA256 Session-ID: 3629803712A85282C5F5F7CB236A68B6AD8C7106A03742AFD89B8D3546ED0254 Session-ID-ctx: Master-Key: 50F406618339C5DDD75160F035E874306ADD1A0B786A7B1371467F0EC6259FA78D2678B31083A4EAFC286DB0B6565FBB Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 86000 (seconds) TLS session ticket: - 70 3b 0a 20 e0 1b 8a 09-6c 07 4c 69 a4 9d af 51 p;. l.Li...Q 0010 - 74 d0 0e a9 c2 9d c2 08-17 0c 78 bb 5d ea d8 1a t.x.]... 0020 - 25 de 4e d1 b8 d1 cd b4-20 7a 8a dc 4a 4c dc e2 %.N. z..JL.. 0030 - f6 94 f3 41 4b c3 9e 57-19 30 72 38 2e ea d3 58 ...AK..W.0r8...X 0040 - 16 c7 de 39 a8 f9 11 80-62 60 87 0d 08 b7 2d 56 ...9b`-V 0050 - 2d 9b 0b ac f7 81 8a 22-bb 42 8b 53 71 d4 26 7a -...B.Sq.z 0060 - 8d ef ea 6c de bc d6 2c-15 cc ff 69 3c 34 16 41 ...l...,...i4.A 0070 - 3c 2e f7 84 4f b8 a5 7b-35 80 e3 df ee 74 d7 58 ...O..{5t.X 0080 - 38 d3 59 aa 84 03 4c ff-f0 22 ff 04 05 b3 3b a3 8.Y...L..;. 0090 - 7e f9 ae 9f 07 0b dd 0e-86 71 c7 35 44 6f 3e 80 ~q.5Do. 00a0 - bf 43 2c 4f f1 42 dc 09-a8 34 35 9c 1e be 35 a2 .C,O.B...45...5. Start Time: 1421085027 Timeout : 300 (sec) Verify return code: 20 (unable to get local issuer certificate) --- -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/ssl-cert-wiki-tp4669016p4669023.html Sent from the Squid - Users mailing list archive at Nabble.com. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] ssl cert wiki
openssl s_client -connect facebook.com:443 -CApath /var/squid/ssl_db/certs CONNECTED(0003) depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert High Assurance EV Root CA verify return:1 depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert High Assurance CA-3 verify return:1 depth=0 C = US, ST = CA, L = Menlo Park, O = Facebook, Inc., CN = *.facebook.com verify return:1 --- Certificate chain 0 s:/C=US/ST=CA/L=Menlo Park/O=Facebook, Inc./CN=*.facebook.com i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance CA-3 1 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance CA-3 i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA --- Server certificate -BEGIN CERTIFICATE- MIIFOzCCBCOgAwIBAgIQAXFSvMdg7cYV3Y5PV8hsDzANBgkqhkiG9w0BAQUFADBm MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 d3cuZGlnaWNlcnQuY29tMSUwIwYDVQQDExxEaWdpQ2VydCBIaWdoIEFzc3VyYW5j ZSBDQS0zMB4XDTE0MDgyODAwMDAwMFoXDTE1MTAyODEyMDAwMFowYTELMAkGA1UE BhMCVVMxCzAJBgNVBAgTAkNBMRMwEQYDVQQHEwpNZW5sbyBQYXJrMRcwFQYDVQQK Ew5GYWNlYm9vaywgSW5jLjEXMBUGA1UEAwwOKi5mYWNlYm9vay5jb20wWTATBgcq hkjOPQIBBggqhkjOPQMBBwNCAATY0d01veJZtvubH1QVjNu/Tli9R764EPwi6dKe mPhJKiX7lEbkQpmEUBxfAf0UJTFcTtlk/cUMs0bSobxwtIeOo4ICszCCAq8wHwYD VR0jBBgwFoAUUOpzidsp+xCPnuUBINTeeZlIg/cwHQYDVR0OBBYEFEMJk0D6EUsw M+zyh26NcRjPiryOMIIBCgYDVR0RBIIBATCB/oIOKi5mYWNlYm9vay5jb22CDGZh Y2Vib29rLmNvbYILKi5mYnNieC5jb22CCyouZmJjZG4ubmV0gg4qLnh4LmZiY2Ru Lm5ldIIOKi54eS5mYmNkbi5uZXSCBmZiLmNvbYIIKi5mYi5jb22CGCouZmFjZWJv b2tjb3Jld3d3aS5vbmlvboIWZmFjZWJvb2tjb3Jld3d3aS5vbmlvboIWZmJjZG4y M2Rzc3IzanFucS5vbmlvboIWZmJzYngycTRtdmNsNjNwdy5vbmlvboIQKi5tLmZh Y2Vib29rLmNvbYIPKi5tZXNzZW5nZXIuY29tgg1tZXNzZW5nZXIuY29tMA4GA1Ud DwEB/wQEAwIDiDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwYQYDVR0f BFowWDAqoCigJoYkaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL2NhMy1nMjkuY3Js MCqgKKAmhiRodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vY2EzLWcyOS5jcmwwQgYD VR0gBDswOTA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cu ZGlnaWNlcnQuY29tL0NQUzB7BggrBgEFBQcBAQRvMG0wJAYIKwYBBQUHMAh0 dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBFBggrBgEFBQcwAoY5aHR0cDovL2NhY2Vy dHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUNBLTMuY3J0MAwG A1UdEwEB/wQCMAAwDQYJKoZIhvcNAQEFBQADggEBAJLCX8dGEOeYrtzO+3yobUf+ 2sRpf5JnDPYs/D583ZDvIR2CC1j6BEZu7s0t8F3UwmZyFtYX+oF0eXTk5CK3LPOl WBEkO0qefB5vuHir2Iwdi3ojSg9FUHNNTKb2nOCv9tIvtSz0ME2J2mGnIQhYjV6i TnyRl2XAxGHej1uxpFhlHVwom7Bh/jliZGxqsB8s5NDMPByuYFO9lzT9THFvkhab fCYW/jVGQ7GYVR0xbAXERppKvYAHtuCpoBx26tx/ecO9cG36dGzqSjUefAHqmJML eSM0nWdjg8K5LolKyUKrrtBRYUIq9DGkROr9LAftTCKs8RZ40Ge3iV/0POlr6FI= -END CERTIFICATE- subject=/C=US/ST=CA/L=Menlo Park/O=Facebook, Inc./CN=*.facebook.com issuer=/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance CA-3 --- No client certificate CA names sent --- SSL handshake has read 3458 bytes and written 434 bytes --- New, TLSv1/SSLv3, Cipher is ECDHE-ECDSA-AES128-GCM-SHA256 Server public key is 256 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1.2 Cipher: ECDHE-ECDSA-AES128-GCM-SHA256 Session-ID: 7889C9EF07503180C1460C0FED8AD06672776F9E89CE7246B932EF762B64116A Session-ID-ctx: Master-Key: 1B524B777BFC4D636D9C0A2BE1A89E58EB50B7C3B405CA4E0BF575B9119AD6CD858C0DD2B1ADC6AB617361CA29CC0938 Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 86000 (seconds) TLS session ticket: - 70 3b 0a 20 10 0d 49 b8-dc d4 e7 d6 60 9e 86 49 p;. ..I.`..I 0010 - f3 28 e5 e5 e5 5a fd d6-43 54 88 7f b5 52 24 30 .(...Z..CT...R$0 0020 - 93 ea 69 3c 67 56 1d 74-ac b6 f2 b9 af 9e 44 ea ..igV.t..D. 0030 - 1e a1 83 73 bb 77 1b 0d-9f 25 f4 bc 28 cf e8 0b ...s.w...%..(... 0040 - bb b1 bc 24 0a c2 eb b2-27 e2 e1 e2 63 c3 ee d5 ...$'...c... 0050 - 84 84 d0 a1 1c 65 e4 ae-11 11 56 66 24 81 30 7c .eVf$.0| 0060 - 5e 4f 02 f4 88 b1 e8 be-c9 ef 29 77 c7 ea 65 16 ^O)w..e. 0070 - dd 6b 58 2a 2c 12 f3 2e-39 1e 85 e9 41 43 54 9b .kX*,...9...ACT. 0080 - 5c e1 f1 81 0d 85 6d e5-a1 4d dc 19 91 d1 51 c3 \.m..MQ. 0090 - 1b 8c e9 de 16 39 cb 10-ec 23 75 8c 41 d1 33 55 .9...#u.A.3U 00a0 - 19 ff 10 4b bf 26 f1 4d-ff 3d 57 94 1a b8 07 3c ...K..M.=W Start Time: 1421085813 Timeout : 300 (sec) Verify return code: 0 (ok) --- -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/ssl-cert-wiki-tp4669016p4669029.html Sent from the Squid - Users mailing list archive at Nabble.com. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] ssl cert wiki
if it is self-signed CA certificate + import to browser then it will worked but if it is Trusted CA cert it giving me error like i said in first post -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/ssl-cert-wiki-tp4669016p4669037.html Sent from the Squid - Users mailing list archive at Nabble.com. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] ssl cert wiki
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yep, openssl is ok and works. 12.01.2015 17:02, HackXBack пишет: openssl s_client -connect facebook.com:443 -CApath /var/squid/ssl_db/certs CONNECTED(0003) depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert High Assurance EV Root CA verify return:1 depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert High Assurance CA-3 verify return:1 depth=0 C = US, ST = CA, L = Menlo Park, O = Facebook, Inc., CN = *.facebook.com verify return:1 --- Certificate chain 0 s:/C=US/ST=CA/L=Menlo Park/O=Facebook, Inc./CN=*.facebook.com i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance CA-3 1 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance CA-3 i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA --- Server certificate -BEGIN CERTIFICATE- MIIFOzCCBCOgAwIBAgIQAXFSvMdg7cYV3Y5PV8hsDzANBgkqhkiG9w0BAQUFADBm MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 d3cuZGlnaWNlcnQuY29tMSUwIwYDVQQDExxEaWdpQ2VydCBIaWdoIEFzc3VyYW5j ZSBDQS0zMB4XDTE0MDgyODAwMDAwMFoXDTE1MTAyODEyMDAwMFowYTELMAkGA1UE BhMCVVMxCzAJBgNVBAgTAkNBMRMwEQYDVQQHEwpNZW5sbyBQYXJrMRcwFQYDVQQK Ew5GYWNlYm9vaywgSW5jLjEXMBUGA1UEAwwOKi5mYWNlYm9vay5jb20wWTATBgcq hkjOPQIBBggqhkjOPQMBBwNCAATY0d01veJZtvubH1QVjNu/Tli9R764EPwi6dKe mPhJKiX7lEbkQpmEUBxfAf0UJTFcTtlk/cUMs0bSobxwtIeOo4ICszCCAq8wHwYD VR0jBBgwFoAUUOpzidsp+xCPnuUBINTeeZlIg/cwHQYDVR0OBBYEFEMJk0D6EUsw M+zyh26NcRjPiryOMIIBCgYDVR0RBIIBATCB/oIOKi5mYWNlYm9vay5jb22CDGZh Y2Vib29rLmNvbYILKi5mYnNieC5jb22CCyouZmJjZG4ubmV0gg4qLnh4LmZiY2Ru Lm5ldIIOKi54eS5mYmNkbi5uZXSCBmZiLmNvbYIIKi5mYi5jb22CGCouZmFjZWJv b2tjb3Jld3d3aS5vbmlvboIWZmFjZWJvb2tjb3Jld3d3aS5vbmlvboIWZmJjZG4y M2Rzc3IzanFucS5vbmlvboIWZmJzYngycTRtdmNsNjNwdy5vbmlvboIQKi5tLmZh Y2Vib29rLmNvbYIPKi5tZXNzZW5nZXIuY29tgg1tZXNzZW5nZXIuY29tMA4GA1Ud DwEB/wQEAwIDiDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwYQYDVR0f BFowWDAqoCigJoYkaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL2NhMy1nMjkuY3Js MCqgKKAmhiRodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vY2EzLWcyOS5jcmwwQgYD VR0gBDswOTA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cu ZGlnaWNlcnQuY29tL0NQUzB7BggrBgEFBQcBAQRvMG0wJAYIKwYBBQUHMAh0 dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBFBggrBgEFBQcwAoY5aHR0cDovL2NhY2Vy dHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUNBLTMuY3J0MAwG A1UdEwEB/wQCMAAwDQYJKoZIhvcNAQEFBQADggEBAJLCX8dGEOeYrtzO+3yobUf+ 2sRpf5JnDPYs/D583ZDvIR2CC1j6BEZu7s0t8F3UwmZyFtYX+oF0eXTk5CK3LPOl WBEkO0qefB5vuHir2Iwdi3ojSg9FUHNNTKb2nOCv9tIvtSz0ME2J2mGnIQhYjV6i TnyRl2XAxGHej1uxpFhlHVwom7Bh/jliZGxqsB8s5NDMPByuYFO9lzT9THFvkhab fCYW/jVGQ7GYVR0xbAXERppKvYAHtuCpoBx26tx/ecO9cG36dGzqSjUefAHqmJML eSM0nWdjg8K5LolKyUKrrtBRYUIq9DGkROr9LAftTCKs8RZ40Ge3iV/0POlr6FI= -END CERTIFICATE- subject=/C=US/ST=CA/L=Menlo Park/O=Facebook, Inc./CN=*.facebook.com issuer=/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance CA-3 --- No client certificate CA names sent --- SSL handshake has read 3458 bytes and written 434 bytes --- New, TLSv1/SSLv3, Cipher is ECDHE-ECDSA-AES128-GCM-SHA256 Server public key is 256 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1.2 Cipher: ECDHE-ECDSA-AES128-GCM-SHA256 Session-ID: 7889C9EF07503180C1460C0FED8AD06672776F9E89CE7246B932EF762B64116A Session-ID-ctx: Master-Key: 1B524B777BFC4D636D9C0A2BE1A89E58EB50B7C3B405CA4E0BF575B9119AD6CD858C0DD2B1ADC6AB617361CA29CC0938 Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 86000 (seconds) TLS session ticket: - 70 3b 0a 20 10 0d 49 b8-dc d4 e7 d6 60 9e 86 49 p;. ..I.`..I 0010 - f3 28 e5 e5 e5 5a fd d6-43 54 88 7f b5 52 24 30 .(...Z..CT...R$0 0020 - 93 ea 69 3c 67 56 1d 74-ac b6 f2 b9 af 9e 44 ea ..igV.t..D. 0030 - 1e a1 83 73 bb 77 1b 0d-9f 25 f4 bc 28 cf e8 0b ...s.w...%..(... 0040 - bb b1 bc 24 0a c2 eb b2-27 e2 e1 e2 63 c3 ee d5 ...$'...c... 0050 - 84 84 d0 a1 1c 65 e4 ae-11 11 56 66 24 81 30 7c .eVf$.0| 0060 - 5e 4f 02 f4 88 b1 e8 be-c9 ef 29 77 c7 ea 65 16 ^O)w..e. 0070 - dd 6b 58 2a 2c 12 f3 2e-39 1e 85 e9 41 43 54 9b .kX*,...9...ACT. 0080 - 5c e1 f1 81 0d 85 6d e5-a1 4d dc 19 91 d1 51 c3 \.m..MQ. 0090 - 1b 8c e9 de 16 39 cb 10-ec 23 75 8c 41 d1 33 55 .9...#u.A.3U 00a0 - 19 ff 10 4b bf 26 f1 4d-ff 3d 57 94 1a b8 07 3c ...K..M.=W Start Time: 1421085813 Timeout : 300 (sec) Verify return code: 0 (ok) --- -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/ssl-cert-wiki-tp4669016p4669029.html Sent from the Squid - Users mailing list archive at Nabble.com. ___ squid-users mailing list squid-users@lists.squid-cache.org
Re: [squid-users] ssl cert wiki
Are you using the command with facebook.com??? You should use your own server... Eliezer On 12/01/2015 13:02, HackXBack wrote: openssl s_client -connect facebook.com:443 -CApath /var/squid/ssl_db/certs CONNECTED(0003) depth=2 C = US, O = DigiCert Inc, OU =www.digicert.com, CN = DigiCert High Assurance EV Root CA verify return:1 depth=1 C = US, O = DigiCert Inc, OU =www.digicert.com, CN = DigiCert High Assurance CA-3 verify return:1 depth=0 C = US, ST = CA, L = Menlo Park, O = Facebook, Inc., CN = *.facebook.com verify return:1 ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Memory Leak Squid 3.4.9 on FreeBSD 10.0 x64
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Looks like an OS-specific issue. I don't see any memory leaking on my boxes (running Solaris 10, yes ;)). Moreover, helpers is corrrectly got an release memory. 12.01.2015 17:41, Eugene M. Zheganin пишет: Hi. On 09.01.2015 06:12, Amos Jeffries wrote: Grand total: = 9.5 GB of RAM just for Squid. .. then there is whatever memory the helper programs, other software on the server and operating system all need. I'm now also having a strong impression that squid is leaking memory. Now, when 3.4.x is able to handle hundreds of users during several hours I notice that it's memory usage is constantly increasing. My patience always ends at the point of 1.5 Gigs memory usage, where server memory starts to be exhausted (squid is running with lots of other stuff) and I restart it. This is happening on exactly the same config the 3.3.13 was running, so ... I have cache_mem set to 512 megs, diskd, medium sized cache_dir and lots of users. Is something changed drastically in 3.4.x comparing to the 3.3.13, or is it, as it seems, a memory leak ? Thanks. Eugene. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBAgAGBQJUs7R6AAoJENNXIZxhPexGrKwH/1T9k9zGwgEqQeg/6+u1z1bV kShvT7TOVNGXHMXWEka2NWjn/o973nHRAUbwBd6MUMsRSd0o3hOBYnVByYAI/6UM X/CmZpADcTMS/WSAFIrSlqj/Ml1HOafOQcmMrxw6h5jJ9qoO/O8oPHGiBpiAIjGh eMtwX0qiyfx+Xy8ncYUial/JtQPm3jsxBuCofBHatqeAA9vPyng+a+e/C4MKILX/ D4EbzCGd8CBzH8vKGkPIwUKbXJ3j79yf7ve+u+YREX/DuJ68uroHJEOo8lNnHr+/ cVoJ70C3Nju0ZYE2Dme8kYJ7764k+K4sdlD10mBXroMxqgBoUZTqIl+Tx/G8o5c= =E/KG -END PGP SIGNATURE- ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] ssl cert wiki
Just to make sure I understand it right. The certificate is for a reverse proxy? Eliezer On 12/01/2015 11:41, HackXBack wrote: hello, according to this chapter http://wiki.squid-cache.org/ConfigExamples/Reverse/SslWithWildcardCertifiate i bought signed certificate but no one accept rsa:1024 so i generate the key with rsa:2048 after i got my crt from them https_port 443 cert=/usr/newrprgate/CertAuth/signed.crt key=/usr/newrprgate/CertAuth/testkey.pem but i got error in browser Error code: sec_error_inadequate_key_usage so what could be the problem ? ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] site cannot be accessed
Share your PAC file please. Regards,Sarfraz From: Simon Dcunha si...@baladia.gov.kw To: squid-users squid-us...@squid-cache.org Sent: Monday, January 12, 2015 11:41 AM Subject: [squid-users] site cannot be accessed Dear All, I have squid-3.1.10-22.el6_5.x86_64 running on centos 6.5 64 bit for quite sometime and working fine just a couple of days back some users reported an issue i have a intranet site which just stopped working . if I uncheck the proxy option in the browser the site works fine the above users also use internet and is working fine I am using the pac file to bypass local sites and the local intranet websites are alredy added in the pac file also i am quite sure the above intranet website were working before the squid log shows 1421053747.139 70984 172.16.6.21 TCP_MISS/000 0 GET http://10.101.101.10/ - DIRECT/10.101.101.10 - 1421053779.524 32021 172.16.6.21 TCP_MISS/000 0 GET http://10.101.101.10/ - DIRECT/10.101.101.10 - -- appreciate your advice and concern regards simon -- - Network Administrator Kuwait Municipality!!! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] ssl cert wiki
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 You need to specify -CAPath with trusted root CA's from openssl installation to avoid error 20. :) But looks like openssl connect works. 12.01.2015 16:50, HackXBack пишет: openssl s_client -connect facebook.com:443 CONNECTED(0003) depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert High Assurance CA-3 verify error:num=20:unable to get local issuer certificate verify return:0 --- Certificate chain 0 s:/C=US/ST=CA/L=Menlo Park/O=Facebook, Inc./CN=*.facebook.com i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance CA-3 1 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance CA-3 i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA --- Server certificate -BEGIN CERTIFICATE- MIIFOzCCBCOgAwIBAgIQAXFSvMdg7cYV3Y5PV8hsDzANBgkqhkiG9w0BAQUFADBm MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 d3cuZGlnaWNlcnQuY29tMSUwIwYDVQQDExxEaWdpQ2VydCBIaWdoIEFzc3VyYW5j ZSBDQS0zMB4XDTE0MDgyODAwMDAwMFoXDTE1MTAyODEyMDAwMFowYTELMAkGA1UE BhMCVVMxCzAJBgNVBAgTAkNBMRMwEQYDVQQHEwpNZW5sbyBQYXJrMRcwFQYDVQQK Ew5GYWNlYm9vaywgSW5jLjEXMBUGA1UEAwwOKi5mYWNlYm9vay5jb20wWTATBgcq hkjOPQIBBggqhkjOPQMBBwNCAATY0d01veJZtvubH1QVjNu/Tli9R764EPwi6dKe mPhJKiX7lEbkQpmEUBxfAf0UJTFcTtlk/cUMs0bSobxwtIeOo4ICszCCAq8wHwYD VR0jBBgwFoAUUOpzidsp+xCPnuUBINTeeZlIg/cwHQYDVR0OBBYEFEMJk0D6EUsw M+zyh26NcRjPiryOMIIBCgYDVR0RBIIBATCB/oIOKi5mYWNlYm9vay5jb22CDGZh Y2Vib29rLmNvbYILKi5mYnNieC5jb22CCyouZmJjZG4ubmV0gg4qLnh4LmZiY2Ru Lm5ldIIOKi54eS5mYmNkbi5uZXSCBmZiLmNvbYIIKi5mYi5jb22CGCouZmFjZWJv b2tjb3Jld3d3aS5vbmlvboIWZmFjZWJvb2tjb3Jld3d3aS5vbmlvboIWZmJjZG4y M2Rzc3IzanFucS5vbmlvboIWZmJzYngycTRtdmNsNjNwdy5vbmlvboIQKi5tLmZh Y2Vib29rLmNvbYIPKi5tZXNzZW5nZXIuY29tgg1tZXNzZW5nZXIuY29tMA4GA1Ud DwEB/wQEAwIDiDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwYQYDVR0f BFowWDAqoCigJoYkaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL2NhMy1nMjkuY3Js MCqgKKAmhiRodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vY2EzLWcyOS5jcmwwQgYD VR0gBDswOTA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cu ZGlnaWNlcnQuY29tL0NQUzB7BggrBgEFBQcBAQRvMG0wJAYIKwYBBQUHMAh0 dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBFBggrBgEFBQcwAoY5aHR0cDovL2NhY2Vy dHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUNBLTMuY3J0MAwG A1UdEwEB/wQCMAAwDQYJKoZIhvcNAQEFBQADggEBAJLCX8dGEOeYrtzO+3yobUf+ 2sRpf5JnDPYs/D583ZDvIR2CC1j6BEZu7s0t8F3UwmZyFtYX+oF0eXTk5CK3LPOl WBEkO0qefB5vuHir2Iwdi3ojSg9FUHNNTKb2nOCv9tIvtSz0ME2J2mGnIQhYjV6i TnyRl2XAxGHej1uxpFhlHVwom7Bh/jliZGxqsB8s5NDMPByuYFO9lzT9THFvkhab fCYW/jVGQ7GYVR0xbAXERppKvYAHtuCpoBx26tx/ecO9cG36dGzqSjUefAHqmJML eSM0nWdjg8K5LolKyUKrrtBRYUIq9DGkROr9LAftTCKs8RZ40Ge3iV/0POlr6FI= -END CERTIFICATE- subject=/C=US/ST=CA/L=Menlo Park/O=Facebook, Inc./CN=*.facebook.com issuer=/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance CA-3 --- No client certificate CA names sent --- SSL handshake has read 3459 bytes and written 434 bytes --- New, TLSv1/SSLv3, Cipher is ECDHE-ECDSA-AES128-GCM-SHA256 Server public key is 256 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1.2 Cipher: ECDHE-ECDSA-AES128-GCM-SHA256 Session-ID: 3629803712A85282C5F5F7CB236A68B6AD8C7106A03742AFD89B8D3546ED0254 Session-ID-ctx: Master-Key: 50F406618339C5DDD75160F035E874306ADD1A0B786A7B1371467F0EC6259FA78D2678B31083A4EAFC286DB0B6565FBB Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 86000 (seconds) TLS session ticket: - 70 3b 0a 20 e0 1b 8a 09-6c 07 4c 69 a4 9d af 51 p;. l.Li...Q 0010 - 74 d0 0e a9 c2 9d c2 08-17 0c 78 bb 5d ea d8 1a t.x.]... 0020 - 25 de 4e d1 b8 d1 cd b4-20 7a 8a dc 4a 4c dc e2 %.N. z..JL.. 0030 - f6 94 f3 41 4b c3 9e 57-19 30 72 38 2e ea d3 58 ...AK..W.0r8...X 0040 - 16 c7 de 39 a8 f9 11 80-62 60 87 0d 08 b7 2d 56 ...9b`-V 0050 - 2d 9b 0b ac f7 81 8a 22-bb 42 8b 53 71 d4 26 7a -...B.Sq.z 0060 - 8d ef ea 6c de bc d6 2c-15 cc ff 69 3c 34 16 41 ...l...,...i4.A 0070 - 3c 2e f7 84 4f b8 a5 7b-35 80 e3 df ee 74 d7 58 ...O..{5t.X 0080 - 38 d3 59 aa 84 03 4c ff-f0 22 ff 04 05 b3 3b a3 8.Y...L..;. 0090 - 7e f9 ae 9f 07 0b dd 0e-86 71 c7 35 44 6f 3e 80 ~q.5Do. 00a0 - bf 43 2c 4f f1 42 dc 09-a8 34 35 9c 1e be 35 a2 .C,O.B...45...5. Start Time: 1421085027 Timeout : 300 (sec) Verify return code: 20 (unable to get local issuer certificate) --- -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/ssl-cert-wiki-tp4669016p4669023.html Sent from the Squid - Users mailing list archive at Nabble.com. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users -BEGIN PGP
Re: [squid-users] 3.3.x - 3.4.x: huge performance regression
Hi. On 12.01.2015 16:03, Eugene M. Zheganin wrote: Hi. Just to point this out in the correct thread - to all the people who replied here - Steve Hill has provided a patch for a 3.4.x that solves the most performance degradation issue. 3.4.x is still performing poorly comparing to the 3.3.x branch, but I guess this is due to major code changes. As of now my largest production installation (1.2K clients, 300-400 active usernames) is running 3.4.9. ... and massively leaking, yeah. Eugene. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Memory Leak Squid 3.4.9 on FreeBSD 10.0 x64
Hi. On 12.01.2015 16:41, Eugene M. Zheganin wrote: I'm now also having a strong impression that squid is leaking memory. Now, when 3.4.x is able to handle hundreds of users during several hours I notice that it's memory usage is constantly increasing. My patience always ends at the point of 1.5 Gigs memory usage, where server memory starts to be exhausted (squid is running with lots of other stuff) and I restart it. This is happening on exactly the same config the 3.3.13 was running, so ... I have cache_mem set to 512 megs, diskd, medium sized cache_dir and lots of users. Is something changed drastically in 3.4.x comparing to the 3.3.13, or is it, as it seems, a memory leak ? Squid 3.4 on FreeBSD is by default compiling with the --enable-debug-cbdata option and when 45th log selector is at it's default 1, cache.log is filling with CBData memory leaking alarms. Here is the list for the last 40 minutes, sorted with the occurrence count: 104136 Checklist.cc:160 81438 Checklist.cc:187 177226 Checklist.cc:320 84861 Checklist.cc:45 89151 CommCalls.cc:21 22069 DiskIO/DiskDaemon/DiskdIOStrategy.cc:353 120 UserRequest.cc:166 29 UserRequest.cc:172 55814 clientStream.cc:235 5966 client_side_reply.cc:93 4516 client_side_request.cc:134 5568 dns_internal.cc:1131 4859 dns_internal.cc:1140 86 event.cc:90 7770 external_acl.cc:1426 1548 fqdncache.cc:340 7467 helper.cc:856 39905 ipcache.cc:353 11880 store.cc:1611 181959 store_client.cc:154 256951 store_client.cc:337 6835 ufs/UFSStoreState.cc:333 are those all false alarms ? Thanks. Eugene. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] ssl cert wiki
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yep :) 12.01.2015 17:53, Eliezer Croitoru пишет: Hey, This is not a reverse proxy... It's a ssl-bump server and which you cannot use any bought certificate for it. Eliezer On 12/01/2015 13:20, HackXBack wrote: https_port 3127 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl_cert/CA.pem key=/etc/squid/ssl_cert/testkey.pem http_port 3129 http_port 3128 intercept ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBAgAGBQJUs7X4AAoJENNXIZxhPexGbDoH/injg/fGQ7q4dlzSGxE6yrS7 AsWDlaJBJrHP9K36+PdhegzCxBAHbUCH9A+PeAxsmfk2qkUC8L1mTHbKi1SNtz61 9PDhKP6UvUKl6X+73lEJCzcq637Y977B+wPS1mY7ORQMw5n0t4lLE5dei5Jn7eK0 w8CIFs7j9v47uq/lcr4Uieaus8g1tKci/z2o9G2Xzvry6KWyLhQsZqOUwmVqTCwx 8ityt1txEvcJnU91XIK5hLrkPivUps/jsZeeSGzYcQEviXPEw3FP0bTs20xipyyR F/YG1/VBPDSsVuFs9BHBcMkNo+sOX3yjavRky5sR2iWvoVPAXRM3w9UU6zxnjFU= =SCHb -END PGP SIGNATURE- ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] ssl cert wiki
Hey, This is not a reverse proxy... It's a ssl-bump server and which you cannot use any bought certificate for it. Eliezer On 12/01/2015 13:20, HackXBack wrote: https_port 3127 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl_cert/CA.pem key=/etc/squid/ssl_cert/testkey.pem http_port 3129 http_port 3128 intercept ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] ssl cert wiki
Hey hack, From the comments in the past I am unsure what you are after... If you are using ssl-bump you should first learn about how ssl works and about the differences between encrypted traffic to verification of a public key. I must admit that these topic are not marked as an easy one. Since these topics are a part of the LPIC-3 303 exam this means it one of the most advanced topics there are in the linux world. The link you mentioned is talking about a situation of a reverse proxy which is very different from the ssl-bump way of action. Notice that the only reason that https_port is being used for ssl-bump is a technical one. Regards, Eliezer On 12/01/2015 16:20, HackXBack wrote: how it didnt work while i found articles in google saying that it work for them like this one: http://www.linuxquestions.org/questions/linux-server-73/ssl-intermediate-chain-warning-917476/ ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
[squid-users] {Disarmed} Re: site cannot be accessed
Dear Sarfraz, appreciate your immediate reply Heres attached is my pac file i am accessing the 10.101.101.10 server regards simon From: ***some text missing*** shoz...@yahoo.com To: simon si...@baladia.gov.kw, squid-users squid-us...@squid-cache.org Sent: Monday, January 12, 2015 1:18:06 PM Subject: {Disarmed} Re: [squid-users] site cannot be accessed Share your PAC file please. Regards, Sarfraz From: Simon Dcunha si...@baladia.gov.kw To: squid-users squid-us...@squid-cache.org Sent: Monday, January 12, 2015 11:41 AM Subject: [squid-users] site cannot be accessed Dear All, I have squid-3.1.10-22.el6_5.x86_64 running on centos 6.5 64 bit for quite sometime and working fine just a couple of days back some users reported an issue i have a intranet site which just stopped working . if I uncheck the proxy option in the browser the site works fine the above users also use internet and is working fine I am using the pac file to bypass local sites and the local intranet websites are alredy added in the pac file also i am quite sure the above intranet website were working before the squid log shows 1421053747.139 70984 172.16.6.21 TCP_MISS/000 0 GET MailScanner warning: numerical links are often malicious: http://10.101.101.10/ - DIRECT/10.101.101.10 - 1421053779.524 32021 172.16.6.21 TCP_MISS/000 0 GET MailScanner warning: numerical links are often malicious: http://10.101.101.10/ - DIRECT/10.101.101.10 - -- appreciate your advice and concern regards simon -- - Network Administrator Kuwait Municipality!!! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users -- This message has been scanned for viruses and dangerous content by MailScanner , and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. function FindProxyForURL(url, host) { // our local URLs from the domains below example.com don't need a proxy: //if (shExpMatch(url,*.example.com/*)) {return DIRECT;} //if (shExpMatch(url, *.example.com:*/*)) {return DIRECT;} // if (shExpMatch(url, *.baladia.gov.kw*)) { return DIRECT; } if (shExpMatch(url, http://server-1*;)) { return DIRECT; } if (shExpMatch(url, http://km_online*;)) { return DIRECT; } if (shExpMatch(url, *.kmun.gov.kw*)) { return DIRECT; } if (shExpMatch(url, http://is9400*;)) { return DIRECT; } if (shExpMatch(url, ftp://91.198.134.60*;)){ return DIRECT; } if (shExpMatch(url, ftp://172.16.110.253*;)){ return DIRECT; } if (shExpMatch(url, http://kmmap*;)) { return DIRECT; } if (shExpMatch(url, *.csc.net.*)) { return DIRECT; } if (shExpMatch(url, http://172.16.2.199*;)) { return DIRECT; } if (shExpMatch(url, http://datacenter*;)) { return DIRECT; } if (shExpMatch(url, http://172.16.2.150*;)) { return DIRECT; } if (shExpMatch(url, http://172.16.2.101;)) { return DIRECT; } if (shExpMatch(url, http://erp.mof.gov.*;)){ return DIRECT; } if (shExpMatch(url, http://10.114.172.18*;)) { return DIRECT; } if (shExpMatch(url, http://172.16.2*;)) { return DIRECT; } if (shExpMatch(url, http://172.16.2.105*;)){ return DIRECT; } if (shExpMatch(url, http://172.16.2.175*;)) { return DIRECT; } if (shExpMatch(url, http://172.16.2.176*;)) { return DIRECT; } if (shExpMatch(url, http://10.114.101.101*;)) { return DIRECT; } if (shExpMatch(url, http://10.6.1.37*;)) { return DIRECT; } if (shExpMatch(url, http://172.16.2.121;)) { return DIRECT; } if (shExpMatch(url, http://10.101.101.10;)) { return DIRECT; } else return PROXY 172.16.110.253:80; } ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] {Disarmed} Re: site cannot be accessed
Hey, Did you had the chance to see this page: http://findproxyforurl.com/example-pac-file/ Eliezer On 13/01/2015 06:22, Simon Dcunha wrote: Dear Sarfraz, appreciate your immediate reply Heres attached is my pac file i am accessing the 10.101.101.10 server regards simon From: ***some text missing*** shoz...@yahoo.com To: simon si...@baladia.gov.kw, squid-users squid-us...@squid-cache.org Sent: Monday, January 12, 2015 1:18:06 PM Subject: {Disarmed} Re: [squid-users] site cannot be accessed Share your PAC file please. Regards, Sarfraz From: Simon Dcunha si...@baladia.gov.kw To: squid-users squid-us...@squid-cache.org Sent: Monday, January 12, 2015 11:41 AM Subject: [squid-users] site cannot be accessed Dear All, I have squid-3.1.10-22.el6_5.x86_64 running on centos 6.5 64 bit for quite sometime and working fine just a couple of days back some users reported an issue i have a intranet site which just stopped working . if I uncheck the proxy option in the browser the site works fine the above users also use internet and is working fine I am using the pac file to bypass local sites and the local intranet websites are alredy added in the pac file also i am quite sure the above intranet website were working before the squid log shows 1421053747.139 70984 172.16.6.21 TCP_MISS/000 0 GET MailScanner warning: numerical links are often malicious: http://10.101.101.10/ - DIRECT/10.101.101.10 - 1421053779.524 32021 172.16.6.21 TCP_MISS/000 0 GET MailScanner warning: numerical links are often malicious: http://10.101.101.10/ - DIRECT/10.101.101.10 - -- appreciate your advice and concern regards simon ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users