FYI, I finally solved my problem!
It turns out the problem was with PRE-ESTABLISHED connections...
In other words, when I turned on my transparent rules, any Chrome tabs I
had opened BEFORE turning on my transparent proxy rules, apparently would
communicate over a previously opened socket! So the
Yuri and Amos, thanks for the replies! There is an openssl command that
tells where OpenSSL will search for CA certs.
$ openssl version -d
OPENSSLDIR: "/etc/pki/tls"
On Sat, Feb 7, 2015 at 5:19 PM, Amos Jeffries wrote:
> On 8/02/2015 9:28 a.m., Hector Chan wrote:
> > Hi all,
> >
> > I have a
Ok, I'm using 3.4.9, so I've added that config option to my setup :o)
Thanks for the tip!
Luis
On Sat, Feb 7, 2015 at 6:11 PM, Amos Jeffries wrote:
> On 8/02/2015 5:34 a.m., Luis Miguel Silva wrote:
> > I did when you sent it but it seemed to me you were saying I should add
> > that "reply_head
On 8/02/2015 9:28 a.m., Hector Chan wrote:
> Hi all,
>
> I have a question about the CA file for SSL certificates. If I don't
> specify anything for CA, what is default CA certs that squid will use for
> the cache_peer ?
The ones OpenSSL is configured to use.
>
> Here is a snippet of my config
On 8/02/2015 5:34 a.m., Luis Miguel Silva wrote:
> I did when you sent it but it seemed to me you were saying I should add
> that "reply_header_access Alternate-Protocol deny all" config parameter
> but, on the other hand, I didn't understand why were you suggesting that,
> seeing that my problem i
I'm getting some "kid registration timed out" messages sometimes
Squid 3.5.1
Specially in servers with 6 workers and 6 cache discs (Each worker has a
cache_dir in each disc for IO balancing)
If I use only 4 discs the problem disapears.
The error appears about 7 seconds after starting squid.
Th
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
You need openssl CA's bundle.
Which can be specify with capath= parameter.
08.02.2015 2:28, Hector Chan пишет:
> Hi all,
>
> I have a question about the CA file for SSL certificates. If I don't
specify anything for CA, what is default CA certs tha
Hi all,
I have a question about the CA file for SSL certificates. If I don't
specify anything for CA, what is default CA certs that squid will use for
the cache_peer ?
Here is a snippet of my config file.
https_port 127.0.0.1:4443 accel \
cert=/etc/certs/certificate \
key=/etc/certs/key
Hey Stefano,
Can you get some access.log output from the time the issue appears\happens?
Eliezer
On 06/02/2015 15:01, Stefano Ansaloni wrote:
Tested with icap disabled: the issue still there.
___
squid-users mailing list
squid-users@lists.squid-ca
I did when you sent it but it seemed to me you were saying I should add
that "reply_header_access Alternate-Protocol deny all" config parameter
but, on the other hand, I didn't understand why were you suggesting that,
seeing that my problem is that Chrome doesn't go through my proxy at all!
(I'm do
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 7/02/2015 7:51 p.m., Priya Agarwal wrote:
> Actually I am unable to mail to squid-dev. Thus asking here.
> How/where does squid open the network interface and starts
> listening on them.
>
I already went over how Squid only goes down to the TCP s
On 7/02/2015 5:41 p.m., Luis Miguel Silva wrote:
> Antony,
>
> *Comments inline!*
>
Did you see the reply I sent a few days ago?
... in your previous thread entitled "SSL-bump certificate issues
(mostly on Chrome, when accessing Google websites) "
Amos
_
On 7/02/2015 7:32 p.m., Ignazio Raia wrote:
> Good morning Amos,
> here is my squid.conf, basic_db_auth script and the shell test.
> thanks a lot for your interesting and help.
>
> TEST MADE FROM VIA ssh CONNECTION TO MY LAMP & SQUID SERVER (ssh
> ignazio@192.168.2.1)
> $ sudo /usr/lib/squid3/bas
13 matches
Mail list logo
