On 23/04/17 04:32, chiasa.men wrote:
Hello folks
I tried to encrypt the connection between client and squid. Therefore I
generated certificates which are accepted by the clients and configured squid
as followed:
Squid.conf
https_port 10.0.13.10:8443 cert=/cert.pem key=/cert.key
http_port 10.0.13.10:8080
http_access allow all
My following tests show that I can use the http port for internet access but
the https port wont work.
openssl s_client -connect proxy:8443
# Verify return code: 0 (ok)
export https_proxy="proxy:8443"
export http_proxy="proxy:8080"
curl https://www.google.de
# curl: (56) Recv failure: Connection reset by peer
curl http://www.google.de
# works
export https_proxy="proxy:8443"
export http_proxy="$https_proxy"
curl https://www.google.de
# curl: (56) Recv failure: Connection reset by peer
curl http://www.google.de
# curl: (56) Recv failure: Connection reset by peer
export http_proxy="proxy:8080"
export https_proxy="$http_proxy"
curl https://www.google.de
# works
curl http://www.google.de
# works
What did I wrong? Do I misunderstand something regarding the configuration
options?
You appear not to be using curl correctly.
Test #1 and #3 show that curl is probably sending the https:// requests
through port 8080 on your proxy as a CONNECT request. Check that in your
Squid log to confirm.
Test #2 is misconfigured. port 8443 on your proxy is not able to accept
plain-text traffic.
AFAIK the "https_proxy" environment variable is a custom things invented
by Google in part of their insistence not to allow users to configure
TLS to a proxy via the Chrome GUI. It is not part of the normal POSIX
environment like http_proxy is. So you cannot rely on non-Browser tools
like curl supporting it.
Amos
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
