The same effect will happen in a case that the Common Name on the
certificate is invalid and includes all sorts of unrecognized characters
such as *.
Eliezer
On 08/24/2014 02:29 PM, Amos Jeffries wrote:
If the browser does not trust the signing CA it will warn.
Amos
Hi Markus!
I can't because all problems that I described and all of that pieces
of logs I provided are from squid 3.4.
Squid 3.3 works good, squid 3.4 doesn't. That's the problem.
2014-08-24 18:14 GMT+04:00 Markus Moeller hua...@moeller.plus.com:
Hi Pavel,
Can you use 3.4 then instead of 3.3
Good morning all.
I have been trying to get Kerberos with nltm fall back working for a
couple of days with limited success, and was wondering how to debug
the Kerberos end of things.
I can see a token getting to the server, running ktutil against the
keytab shows all expected spns, running
I would first eliminate the following warnings:
2014/08/25 09:21:04| Warning: empty ACL: acl blockfiles urlpath_regex -i
/etc/squid/local/bad/blockfiles
2014/08/25 09:21:04| WARNING: log name now starts with a module name. Use
'stdio:/var/log/squid/access.log'
2014/08/25 09:21:04| WARNING: log
babajaga wrote
I would first eliminate the following warnings:
2014/08/25 09:21:04| Warning: empty ACL: acl blockfiles urlpath_regex -i
/etc/squid/local/bad/blockfiles
2014/08/25 09:21:04| WARNING: log name now starts with a module name. Use
'stdio:/var/log/squid/access.log'
2014/08/25
If you're talking about caching, then you're absolutely correct. If
you're using squid just for filtering and policies enforcment, as i'm
doing, than even a small box like the routerboards i'm using (32Mb RAM
and 64Mb flash disk) is enough for a 30-40 stations network. squid needs
a bit
Didnt noticed any slowness at all when loading www.spiegel.de
through Squid 2.7S9 on a OpenWRT box. I'm using OpenWRT revision r42161,
compiled from scratch. The page fully loaded in about 7-8 seconds. Could
be faster, but i wouldnt call that the 'extremely slowness' you
mentioned. I'm
Hi,
I use sslbump with squid 3.4.6 and it works fantasic with the most
websites.
But there are some sites like www.ferrari-electronic.de which don't
provide the intermediate certificate.
There is a authority information access extention, which defines a way
the browser can download the
Hi Pavel,
Can you remove line 263 from support_krb5.cc and recompile ? It is fixed
in the trunk for 3.5.
The line is
safe_free(principal_name);
Regards
Markus
Pavel Timofeev wrote in message
news:CAAoTqfuJ2MGiPbV7fO4zR4SzKSWpy0Q=_ii8w8yevmbub_q...@mail.gmail.com...
Hi
Dear All,
I have lately installed squid 3.3.11 on Centos 6.5 x86_64 system. I have
configured it as a transparent SSL_BUMP proxy. All is working well I can
browse all SSL websites successfully after I have imported my generated CA
file. The problem is that no matter how many times I request the
I am using the latest 3.4 build and a config that looks like:
ident_lookup_access allow localnet
ident_lookup_access deny all
ident_timeout 5 seconds
acl password_required proxy_auth REQUIRED
acl ident_required ident REQUIRED
http_access allow localnet ident_required ident_unrestricted_group
Gotcha. Agreed.
-Original Message-
From: Leonardo Rodrigues [mailto:leolis...@solutti.com.br]
Sent: Monday, August 25, 2014 10:58 AM
To: squid-users@squid-cache.org
Subject: Re: [squid-users] Anybody using squid on openWRT ?
If you're talking about caching, then you're absolutely
On 26/08/2014 12:11 p.m., Ragheb Rustom wrote:
Dear All,
I have lately installed squid 3.3.11 on Centos 6.5 x86_64 system. I have
configured it as a transparent SSL_BUMP proxy. All is working well I can
browse all SSL websites successfully after I have imported my generated CA
file. The
I'm not sure if this is right or not, but wouldn't your refresh patterns
need to have the ignore-private to cache ssl? Amos may know better, but I
don't see that option specified in your All Files refresh_patterns.
-Original Message-
From: Ragheb Rustom [mailto:rag...@smartelecom.org]
On 26/08/2014 3:29 p.m., Lawrence Pingree wrote:
I'm not sure if this is right or not, but wouldn't your refresh patterns
need to have the ignore-private to cache ssl? Amos may know better, but I
don't see that option specified in your All Files refresh_patterns.
HTTPS is not particularly
15 matches
Mail list logo