Hi, I am using Squid: 3.1.8 with ssl_bump configured and have a problem accessing a server over SSL/TLS.
Background: I created a Certificate Authority (CA) with OpenSSL. The app server in question is configured with a certificate signed by my CA. I have verified my OpenSSL config and the app server's certificate using : "openssl verify -CApath /capath ... " "openssl s_client -CApath /capath ..." Both commands indicate that the app server's certificate is verified. Now I access that same app server through squid. In Squid I have ssl_bump configured and have added the following: sslproxy_capath /capath But the squid cache log shows: 2011/03/21 17:16:17| fwdNegotiateSSL: Error negotiating SSL connection on FD 13: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (1/-1/0) Why would Squid not verify the app server's certificate, while openssl (using the same capath) can ? Thanks, -chris
