Hi all,
I am currently using sslbump feature. Sometimes, squid failed to verify a
https web site with
cross root cert. On the other hand, the site is accessible directly from
major web browsers,
such as chrome and firefox. I am guessing that the cert verification
handling of the current
sslbump se
On 27/06/20 7:07 pm, mikio.kishi wrote:
> Hi all,
>
> I am currently using sslbump feature. Sometimes, squid failed to verify
> a https web site with
> cross root cert. On the other hand, the site is accessible directly from
> major web browsers,
> such as chrome and firefox. I am guessing that th
Hi Amos,
Thank you for your reply and I apologize for the missing information.
The following is the detailed one.
> * Squid version
* squid version 3.5.26 (probably, ver4.X also might have same issue)
* OpenSSL 1.0.2k
> * details of the chain being delivered to Squid
> * details of the expected
On 29/06/20 7:29 pm, mikio.kishi wrote:
> Hi Amos,
>
> Thank you for your reply and I apologize for the missing information.
> The following is the detailed one.
>
>> * Squid version
> * squid version 3.5.26 (probably, ver4.X also might have same issue)
> * OpenSSL 1.0.2k
>
>> * details of the c
Hi Amos,
>Ah. This is a feature of OpenSSL v1.1. Apparently your OpenSSL v1.0 has
>had the feature *partially* backported to it.
>I suggest you upgrade to Squid-4 and build against OpenSSL v1.1 where
>this "feature" is the default behaviour.
Yes, Exactly. However, currently I am using CentOS7 wh
Upgrading to 1.1 on a running os is a challenge for any sysadmin.
Eliezer
On Mon, Jun 29, 2020, 13:30 wrote:
> Hi Amos,
>
> >Ah. This is a feature of OpenSSL v1.1. Apparently your OpenSSL v1.0 has
> >had the feature *partially* backported to it.
> >I suggest you upgrade to Squid-4 and build aga
