Hello Amos,
Thank You for the detail E-Mail.
Jens
--
. ."|
/| / | _.._
. |/ |.-"". /|
/\/ |__
| _.-"""//
| _.-" /."| /
".__.-" " | \
| | |
/_ _.
On 26.03.2016 11:53, Yuri Voinov wrote:
Look at this, gents.
http://i.imgur.com/kxrOEVd.png
can you give me the complete URL just for testing purpose;
https://download.microsoft.com/ does a forward to
https://www.microsoft.com/en-us/download
which squid version is in use?
smime.p7s
Desc
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
In additional, this is very old problem:
http://answers.microsoft.com/en-us/windows/forum/windows8_1-update/ssl-problem-with-windows-update-error-0x800b0109d/df2c5206-7304-4e42-ac4b-40d00bfbca87?auth=1
Damned M$.
27.03.16 2:01, Yuri Voinov пишет
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Found and solved.
root @ cthulhu / # openssl s_client -connect fe2.update.microsoft.com:443
CONNECTED(0003)
depth=1 C = US, ST = Washington, L = Redmond, O = Microsoft Corporation,
CN = Microsoft Update Secure Server CA 2.1
verify error:num=20
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
No. Can't get PTR.
WU session initiated from IP 134.170.53.30,
which has not PTR record.
So, Squid gives
1459017040.855488 192.168.100.103 NONE_ABORTED/200 0 CONNECT
134.170.53.30:443 - ORIGINAL_DST/134.170.53.30 -
error whenever this ACL
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
BTW,
what is correct way to do this?
acl BrokenButTrustedServers dstdomain "/usr/local/squid/etc/dstdom.broken"
acl DomainMismatch ssl_error SQUID_X509_V_ERR_DOMAIN_MISMATCH
sslproxy_cert_error allow BrokenButTrustedServers DomainMismatch
sslprox
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
26.03.16 23:25, Alex Rousskov пишет:
> On 03/26/2016 04:53 AM, Yuri Voinov wrote:
>> http://i.imgur.com/kxrOEVd.png
>>
>> How to suppress this? It stops WU right now.
>
>
> Does the ssl::certDomainMismatch ACL work to bypass the
> SQUID_X509_V_ER
On 03/26/2016 04:53 AM, Yuri Voinov wrote:
> http://i.imgur.com/kxrOEVd.png
>
> How to suppress this? It stops WU right now.
Does the ssl::certDomainMismatch ACL work to bypass the
SQUID_X509_V_ERR_DOMAIN_MISMATCH error?
If not, then just as a triage experiment (and not for production use!),
do
On 26/03/2016 12:32 p.m., Jens Kallup wrote:
> Hello Folks,
>
> I download the latest squid4.07 sources last night.
> I can compile it without erros.
> I have a optimized squid.conf - it works with squid3.
>
> But now, I get:
>
> ale missing adapted httprequest object
> ale missing url
>
Those
I understand that it should not work.
However, this is a given. Windows Updates is not the kind of thing where
users are satisfied with explanations of Captain Obvious.
Solution is required.
26.03.16 17:21, Amos Jeffries пишет:
On 26/03/2016 11:53 p.m., Yuri Voinov wrote:
Look at this, gent
Some research:
WU requests IP:
1458991967.489480 192.168.100.103 NONE_ABORTED/200 0 CONNECT
134.170.53.30:4
43 - ORIGINAL_DST/134.170.53.30 -
This is MS IP:
http://www.tcpiputils.com/browse/ip-address/134.170.53.30
Which hasn't PRT record:
root @ cthulhu / # dig 134.170.53.30
; <<>> D
Well,
this is obvious explanation.
How to solve this issue?
26.03.16 17:21, Amos Jeffries пишет:
On 26/03/2016 11:53 p.m., Yuri Voinov wrote:
Look at this, gents.
http://i.imgur.com/kxrOEVd.png
How to suppress this? It stops WU right now.
That is TLS doing its job correctly. The entire pur
On 26/03/2016 11:53 p.m., Yuri Voinov wrote:
> Look at this, gents.
>
> http://i.imgur.com/kxrOEVd.png
>
> How to suppress this? It stops WU right now.
That is TLS doing its job correctly. The entire purpose of HTTPS is to
prevent transactions like that one working.
microsoft.com != akamai.com
Look at this, gents.
http://i.imgur.com/kxrOEVd.png
How to suppress this? It stops WU right now.
This:
acl BrokenButTrustedServers dstdomain "/usr/local/squid/etc/dstdom.broken"
sslproxy_cert_error allow BrokenButTrustedServers
sslproxy_cert_error deny all
don't help.
WNR, Yuri
_
On 26/03/2016 11:08 p.m., Yuri Voinov wrote:
> Amos,
>
> if squid in interception mode and non-standard ports not divert to
> squid, this is possible.
Yes that is one of the several ways it could have been configured.
Amos
>
> 26.03.16 16:01, Amos Jeffries пишет:
>> On 26/03/2016 7:01 p.m., Pr
Amos,
if squid in interception mode and non-standard ports not divert to
squid, this is possible.
26.03.16 16:01, Amos Jeffries пишет:
On 26/03/2016 7:01 p.m., Prasad Desai wrote:
Hi,
How can I have Squid log HTTP requests made to URL’s which are having
non-standard HTTP port ?
i.e For e
On 26/03/2016 7:01 p.m., Prasad Desai wrote:
> Hi,
>
> How can I have Squid log HTTP requests made to URL’s which are having
> non-standard HTTP port ?
>
> i.e For example. http://test.abc.com:8080
>
> By default, the Squid access.log does not log these requests.
That is incorrect. Squid does
On 26/03/2016 4:29 p.m., Tom Harris wrote:
> On Sun, Jun 28, 2015 at 4:01 AM, Amos Jeffries wrote:
>
>> On 28/06/2015 10:18 p.m., JP wrote:
>>> Hello all.
>>>
>>> I tried reading all the FAQ's and scoured the rest of the internet for
>> any
>>> configuration examples I can find and I have not see
18 matches
Mail list logo