yes thats right Yuri
--
View this message in context:
http://squid-web-proxy-cache.1019090.n4.nabble.com/SSL3-READ-BYTES-sslv3-alert-certificate-unknown-tp4674186p4674190.html
Sent from the Squid - Users mailing list archive at Nabble.com.
___
On 28/10/2015 11:57 p.m., Yuri Voinov wrote:
>
>
> 28.10.15 16:47, Amos Jeffries пишет:
>> On 28/10/2015 11:35 p.m., Yuri Voinov wrote:
>>> Hi gents.
>>>
>>> I think, all of you who use Bump, seen much this messages in your
>>> cache.log.
>>>
>>> SSL3_READ_BYTES:sslv3 alert certificate unknown
I will use class 1 pool. Really thanks. Have a nice day.
CLASSIFICATION: PUBLIC [ ] CONFIDENTIAL [X] RESTRICT [ ]
Matteo De Lazzari
Information Technology
PREVINET S.p.A.
Via E. Forlanini, 24 - 31022 Preganziol (TV) - ITALY
tel +39 - 0422 1745279
matteo.delazz...@previnet.it
Ai sensi del
Hello to everybody and thank you!
By upgrading to squid 3.4.4 thje problem solves!
I think there is something on Squid 3.1.8, in conjunction with Dansguardian,
that creates some loops the telnettting firewall's LAN ethernet to
the 8080 (Dansguardian) port!
Francesco
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Browser do. Bump-enabled proxy is not.
This is significantly limits the possibility of operating SSL bump in a
more or less large installations.
In addition, not every system administrator is able to write any complex
helper in any language. I
> -Original Message-
> From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On
> Behalf Of Amos Jeffries
> Sent: Tuesday, October 27, 2015 9:07 PM
> To: squid-users@lists.squid-cache.org
> Subject: Re: [squid-users] Inconsistent accessing of the cache, craigslist.org
>
I didn't updated this wiki but the current stable is 3.5.9 for CentOS 7
and CentOS 6.
For now I am testing 3.5.10 and it seems to work fine else then couple
specific bugs.
In any case I decided that 3.4.14 will have a release also and I expect
it to be ready as the free time gives me.
Hello all,
I'm trying to compile Squid 3.5.10 for Windows with Cygwin, and ran into number
of problems. Some I was able to resolve, but finally stuck at compiling
negotiate_sspi_auth helper. In particular, I get "error: 'SSP_blobP' was not
declared in this scope" in negotiate_sspi_auth.cc. The
> -Original Message-
> From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On
> Behalf Of Amos Jeffries
> Sent: Tuesday, October 27, 2015 9:07 PM
> To: squid-users@lists.squid-cache.org
> Subject: Re: [squid-users] Inconsistent accessing of the cache, craigslist.org
>
On 29/10/2015 5:11 a.m., Yakovlev, Vadim wrote:
> Hello all,
>
> I'm trying to compile Squid 3.5.10 for Windows with Cygwin, and ran into
> number of problems. Some I was able to resolve, but finally stuck at
> compiling negotiate_sspi_auth helper. In particular, I get "error:
> 'SSP_blobP'
Probably a good idea there, I have not used bind in a very, very long time, but
I will give it a shot.
I am still having some issues, but at least now they're all within the bounds
of consistent and "what-i-expect" behavior, I just need to think through how to
outsmart a couple issues. The
On 10/28/2015 08:09 AM, Yuri Voinov wrote:
> At a minimum, it should write the information on them in the log - in
> an understandable form
I suspect everybody agrees with that statement. I am sure this will be
implemented eventually. No need to argue about that.
Alex.
> 28.10.15 19:55, Amos
On 10/28/2015 07:55 AM, Amos Jeffries wrote:
> What is missing is just some CA in the chain. It needs to be located
> somehow, only then can the decision happen about whether to trust or not
> and see if another up the chain is needed too.
If you are right, then this could be related to bug 4305
Is it possible to say thanks in advance? or will it won't work the same
way as after?
Anyway Thanks,
Eliezer
On 28/10/2015 23:24, Alex Rousskov wrote:
FWIW, Factory is working on implementing automatic certificate fetching
feature. That is a huge feature but we are making good progress.
Hi all
I have built squid 3.5.8 with yocto to run on an arm 7.
This build of the OS seems to have different permissions for processes
opening sockets. THe DNS routine fails to open a socket with the
following error
root@test:~# 2015/10/28 22:07:43 testing| Starting Squid Cache version
hi,
I have a working(?) squid 3.10 proxy configuration.
squid-3.1.10-29.18.amzn1.x86_64 on AWS Linux behind an AWS elastic load
balancer.
My problem is that it appears every single AWS elastic load balancer
healthcheck triggers a line like this in cache.log:
2015/10/28 22:35:10|
Hey John,
I am pretty sure it is something in the AWS Linux kernel.
In any case you should have some http_port without intercept in the config.
As an example add "http_port 127.0.0.1:1" but I am not sure how it
was on squid 3.1.10, I know it is mandatory since for 3.4.
If you can test
Hi Eliezer,
I've tried adding a non-intercept line to my squid.conf but it didn't seem
to make a difference.
I've tailed the cache log and run tcpdump on port 3128 on the machine at
the same time to confirm that aws load balancer health checks are what's
causing the getsockopt(SO_ORIGINAL_DST)
It looks like there’s certain hosts that are designed to load balance (or
something) between a few IPs, regardless of geography.
For example pbs.twimg.com resolves to wildcard.twimg.com which returns two
different IPs each time, from a pool of 5–6, at random. Basically rolling the
dice whether
Why are you using an intercept port?
IF you don't need it you dont't.
Every time any direct conneciton is done to the proxy port 3128 it will
show this line since the connection is a regular TCP one while the
"intercept" directive instructs squid to fetch information which exists
only on
Hi Eliezer,
I've added a single line to my squid.conf:
http_port 3130
And I've modified my AWS ELB healthcheck to monitor port 3130 instead of
3128.
Now my instances are still in the ELB, and the proxy still works as
expected, AND the amount of garbage errors in the cache.log has been
Hi gents.
I think, all of you who use Bump, seen much this messages in your cache.log.
SSL3_READ_BYTES:sslv3 alert certificate unknown
AFAIK, no way to identify which CA is absent in your setup.
I propose to consider the following questions: how do properly support
SSL proxy, if you can not
On 28/10/2015 11:35 p.m., Yuri Voinov wrote:
> Hi gents.
>
> I think, all of you who use Bump, seen much this messages in your
> cache.log.
>
> SSL3_READ_BYTES:sslv3 alert certificate unknown
>
> AFAIK, no way to identify which CA is absent in your setup.
>
> I propose to consider the
28.10.15 16:47, Amos Jeffries пишет:
On 28/10/2015 11:35 p.m., Yuri Voinov wrote:
Hi gents.
I think, all of you who use Bump, seen much this messages in your
cache.log.
SSL3_READ_BYTES:sslv3 alert certificate unknown
AFAIK, no way to identify which CA is absent in your setup.
I propose to
24 matches
Mail list logo
