I just want to wrap up my problem so that others can learn from my ignorance:
Squid's logs aren't very verbose, so I only got "SSL unknown certificate error 12" , when it suddenly wouldn't accept my client certificates anymore. That's the same error you get when a certificate has expired. But it wasn't the certificate that had expired. It was the certificate revocation list! If the CRL is not valid anymore, no certificates will be accepted. This is a good thing, but hard to figure out without experience and less than stellar logs. I have to praise stunnel in this respect. With debug=7 it immediately told me what was wrong. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
