Hello, I use a self compiled squid 4.10 compiled as follow:
~# squid --version Squid Cache: Version 4.10 Service Name: squid This binary uses OpenSSL 1.1.1d 10 Sep 2019. For legal restrictions on distribution see https://www.openssl.org/source/license.html configure options: '--prefix=/usr' '--sysconfdir=/etc/squid' '--bindir=/usr/sbin' '--sbindir=/usr/sbin' '--localstatedir=/var' '--libexecdir=/usr/sbin' '--datadir=/usr/share/squid' '--mandir=/usr/share/man' '--with-default-user=squid' '--with-filedescriptors=131072' '--with-logdir=/var/log/squid' '--disable-auto-locale' '--disable-auth-negotiate' '--disable-auth-ntlm' '--disable-eui' '--disable-carp' '--disable-htcp' '--disable-ident-lookups' '--disable-loadable-modules' '--disable-translation' '--disable-wccp' '--disable-wccpv2' '--enable-async-io=128' '--enable-auth' '--enable-auth-basic=LDAP NCSA' '--enable-auth-digest=LDAP file' '--enable-epoll' '--enable-log-daemon-helpers=file' '--enable-icap-client' '--enable-inline' '--enable-snmp' '--enable-disk-io=AIO,DiskThreads,IpcIo,Blocking' '--enable-storeio=ufs,aufs,rock' '--enable-referer-log' '--enable-useragent-log' '--enable-large-cache-files' '--enable-removal-policies=lru,heap' '--enable-follow-x-forwarded-for' '--enable-ssl-crtd' '--with-openssl' in squid.conf I set following acl at the very benning of acl section: # allow fetching of missing intermediate certificates acl fetch_intermediate_certificate transaction_initiator certificate-fetching cache allow fetch_intermediate_certificate cache deny all http_access allow fetch_intermediate_certificate and squid fetches intermediate certificates for websites like: https://incomplete-chain.badssl.com/ But squid doesn't fetch the intermediate certificates for the site https://www.formulare-bfinv.de/ and I don't know why. I checked all AiA entries in the certificates and it looks good to me. Can anybody try the site https://www.formulare-bfinv.de/ with enabled sslbump, so I can see whether my installation is broken or the webserver configuration isn't correct ? Thank you very much. -- Best regards Dieter Bloms -- I do not get viruses because I do not use MS software. If you use Outlook then please do not put my email address in your address-book so that WHEN you get a virus it won't use my address in the From field. _______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
