Hi,
I am using Squid: 3.1.8 with ssl_bump configured and have a problem
accessing a server over SSL/TLS.
Background:
I created a Certificate Authority (CA) with OpenSSL. The app server in
question is configured with a certificate signed by my CA.
I have verified my OpenSSL config and the app server's certificate using :
"openssl verify -CApath /capath ... "
"openssl s_client -CApath /capath ..."
Both commands indicate that the app server's certificate is verified.
Now I access that same app server through squid. In Squid I have ssl_bump
configured and have added the following:
sslproxy_capath /capath
But the squid cache log shows:
2011/03/21 17:16:17| fwdNegotiateSSL: Error negotiating SSL connection
on FD 13: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (1/-1/0)
Why would Squid not verify the app server's certificate, while openssl
(using the same capath) can ?
Thanks,
-chris
Received on Mon Mar 21 2011 - 18:00:39 MDT
This archive was generated by hypermail 2.2.0 : Tue Mar 29 2011 - 12:00:02 MDT