> have you tried -servername option for setting SNI extension? How can i do this?
Well, debbuging cache.log i found this: 2018/06/18 08:22:08.822 kid1| 83,5| support.cc(300) ssl_verify_cb: Self signed certificate in certificate chain: /CN=courier.push.apple.com/O=Apple Inc./ST=California/C=US 2018/06/18 08:22:08.822 kid1| 83,7| bio.cc(168) stateChanged: FD 16 now: 0x4008 3RSC_B (SSLv3 read server certificate B) 2018/06/18 08:22:08.822 kid1| 83,7| bio.cc(168) stateChanged: FD 16 now: 0x1002 3RSC_B (SSLv3 read server certificate B) 2018/06/18 08:22:08.823 kid1| Error negotiating SSL on FD 16: error:14007086:SSL routines:CONNECT_CR_CERT:certificate verify failed (1/-1/0) 2018/06/18 08:22:08.825 kid1| 4,3| errorpage.cc(1100) Convert: errorConvert: %%D --> 'Self-signed SSL Certificate in chain: /C=US/O=Apple Inc./OU=Apple Certification Authority/CN=Apple Root CA' 2018/06/18 08:22:08.830 kid1| 33,5| client_side.cc(4185) getSslContextStart: Generating SSL certificate for courier.push.apple.com using ssl_crtd. 2018/06/18 08:22:08.831 kid1| 33,5| client_side.cc(4189) getSslContextStart: SSL crtd request: new_certificate 3294 host=courier.push.apple.com -----BEGIN CERTIFICATE----- -----END CERTIFICATE----- 2018/06/18 08:22:08.831 kid1| 84,9| helper.cc(386) helperSubmit: buf[3316]=new_certificate] 3294 host=courier.push.apple.com -----BEGIN CERTIFICATE----- -----END CERTIFICATE----- 2018/06/18 08:22:08.835 kid1| 84,9| helper.cc(875) helperHandleRead: accumulated[3002]=OK] 2993 -----BEGIN CERTIFICATE----- -----END CERTIFICATE----- On Android devices WhatsApp Works fine, slow but it woks. I think that the main problem resides in this line: ssl_verify_cb: Self signed certificate in certificate chain: courier.push.apple.com is entrust L1K chain...( if I´m not wrong) Any idea? _______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
