Hello,
I'm using squid 4.6 and I need to TLS-encrypt the session to the parent
proxy. I have in config:
cache_peer proxy.foo.bar parent 3129 3130 tls
tls-cafile=/usr/local/etc/squid/certs/le.pem
sslcert=/usr/local/etc/letsencrypt/live/vpn.enazadev.ru/cert.pem
sslkey=/usr/local/etc/letsencrypt/live/vpn.enazadev.ru/privkey.pem
sslflags=DONT_VERIFY_DOMAIN,DONT_VERIFY_PEER
But no matter what I'm doing, squid keeps telling in logs that he
doesn't like the peer certificate:
2019/08/03 18:42:24 kid1| ERROR: negotiating TLS on FD 23:
error:14090086:SSL routines:ssl3_get_server_certificate:certificate
verify failed (1/-1/0)
2019/08/03 18:42:24 kid1| temporary disabling (Service Unavailable)
digest from proxy.foo.bar
and then he's going directly bypassing the peer. :/
Is there any way to tell him that I don't care ?
I've also tried to actually tell him about the CA cert with
tls-cafile=/usr/local/etc/squid/certs/le.pem above, this doesn't work
either.
Thanks.
Eugene.
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
