On 10/09/2013 8:13 p.m., Loïc Blot wrote:
Hello all,
i don't know if it's a bug, but there is a strange issue with https_port
when ipv6 is enabled.
I have 4 squid 3.3.8 proxies (on OpenBSD 5.2). 2 on IPv4 only and 2 with
both IPv4 and IPv6.
On IPv4 only this configuration line works (--disable-ipv6 option
enabled):
https_port 3130 intercept ssl-bump cert=/etc/ssl/wildcard-proxies.crt
key=/etc/ssl/wildcard-proxies.key
On IPv4 and IPv6 squid proxies, squid doesn't accept the certificates:
FATAL: No valid signing SSL certificate configured for https_port
0.0.0.0:3130
I haven't found solutions on the web. Any idea ?
OpenBSD uses what is known as a "split" TCP stack, where IPv4 and IPv6
require two sockets opened. Squid automatically separates the wildcard
ports configured but the SSL certificates details are not cloned during
that split.
Until that is fixed you will have to configure the IPv4 and IPv6 versios
of the port separately like this:
http_port 0.0.0.0:3130 ...
http_port [::]:3130 ...
Amos
