[squid-users] sslbump - firefox sec_error_inadequate_key_usage

2014-04-11 Thread Amm
Hello, Yesterday I upgraded OpenSSL version. (Although I was using OpenSSL 1.0.0 - not affected by Heartbleed, but I upgraded none-the-less) I am using sslbump (squid 3.4.4). Using Firefox 28.0 (latest 64bit tar.bz2) After this upgrade i.e. from 1.0.0 to 1.0.1, Firefox started giving

Re: [squid-users] sslbump - firefox sec_error_inadequate_key_usage

2014-04-11 Thread Amos Jeffries
On 11/04/2014 10:16 p.m., Amm wrote: Hello, Yesterday I upgraded OpenSSL version. (Although I was using OpenSSL 1.0.0 - not affected by Heartbleed, but I upgraded none-the-less) I am using sslbump (squid 3.4.4). Using Firefox 28.0 (latest 64bit tar.bz2) After this upgrade i.e. from

Re: [squid-users] sslbump - firefox sec_error_inadequate_key_usage

2014-04-11 Thread Amm
On Friday, 11 April 2014 4:46 PM, Amos wrote: On 11/04/2014 10:16 p.m., Amm wrote: After this upgrade i.e. from 1.0.0 to 1.0.1, Firefox started giving certificate error stating sec_error_inadequate_key_usage. This does not happen for all domains but looks like happening ONLY for google

RE: [squid-users] sslbump - firefox sec_error_inadequate_key_usage

2014-04-11 Thread Rafael Akchurin
From: Amm ammdispose-sq...@yahoo.com Sent: Friday, April 11, 2014 1:38 PM To: squid-users@squid-cache.org Subject: Re: [squid-users] sslbump - firefox sec_error_inadequate_key_usage On Friday, 11 April 2014 4:46 PM, Amos wrote: On 11/04/2014 10:16 p.m., Amm wrote: After

Re: [squid-users] sslbump - firefox sec_error_inadequate_key_usage

2014-04-11 Thread Amm
On Friday, 11 April 2014 5:19 PM I also use this patch and would like if it is possible to somehow go on without it. May it be due to the fact squid caches the generated SSL certificates in the ssl_crtd store? So we need to clear the store when root CA certificate for SSL bump is

Re: [squid-users] sslbump - firefox sec_error_inadequate_key_usage

2014-04-11 Thread Amos Jeffries
On 11/04/2014 11:55 p.m., Amm wrote: On Friday, 11 April 2014 5:19 PM I also use this patch and would like if it is possible to somehow go on without it. May it be due to the fact squid caches the generated SSL certificates in the ssl_crtd store? So we need to clear the store when

Re: [squid-users] sslbump - firefox sec_error_inadequate_key_usage

2014-04-11 Thread Amm
On Friday, 11 April 2014 6:29 PM, Amos wrote: It seems to be something in firefox was buggy and they have a workaround coming out in version 29.0, whether that will fix the warnign display or just allow people to ignore/bypass it like other cert issues I'm not certain. Amos Ok, but then

Re: [squid-users] sslbump - firefox sec_error_inadequate_key_usage

2014-04-11 Thread Amos Jeffries
On 12/04/2014 1:19 a.m., Amm wrote: On Friday, 11 April 2014 6:29 PM, Amos wrote: It seems to be something in firefox was buggy and they have a workaround coming out in version 29.0, whether that will fix the warnign display or just allow people to ignore/bypass it like other cert issues