I was running squid as nobody:nogroup but made a user for squid and added it to
cache_effective_user, logged in as the user and run the openssl command. Got
whats below. Why does it say protocol is TLS, shouldn't it be sslv3?
CONNECTED(00000004)
depth=0 /CN=<url>
verify error:num=18:self signed certificate
verify return:1
depth=0 /CN=<url>
verify return:1
---
Certificate chain
0 s:/CN=<url>
i:/CN=<url>
---
Server certificate
-----BEGIN CERTIFICATE-----
<cert info>
-----END CERTIFICATE-----
subject=/CN=<url>
issuer=/CN=<url>
---
No client certificate CA names sent
---
SSL handshake has read 659 bytes and written 324 bytes
---
New, TLSv1/SSLv3, Cipher is RC4-MD5
Server public key is 1024 bit
SSL-Session:
Protocol : TLSv1
Cipher : RC4-MD5
Session-ID: 7E1B0000FBDFFEC0CE1EAAAAA79B9A990AEDB5D92D7F3F6A0E213610D3EDC49E
Session-ID-ctx:
Master-Key: <key info>
Key-Arg : None
Start Time: 1181055015
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
-----Original Message-----
From: Henrik Nordstrom [mailto:[EMAIL PROTECTED]
Sent: Monday, June 04, 2007 4:37 PM
To: Jason Hitt
Cc: [email protected]
Subject: RE: [squid-users] Cert issue on reserve proxy
mån 2007-06-04 klockan 11:20 -0500 skrev Jason Hitt:
> When I added it to cache_effective_user as you mentioned I states theres no
> account named "openssl". I made one just to see if that's what you meant and
> gave the openssl account ownership of the logs and caches as needed butI get
> an abort trap. I'm stumped. Abort to do a port mirror and wireshark the ssl
> exchange.
I want you to run the openssl s_client command as the cache_effective_user on
your Squid server, whatever that is on your server, not as root.
I do not want you to change the cache_effective_user in suqid.conf at all. Just
to run the openssl command as the user cache_effective_user is set to run Squid
under..
Regards
Henrik
