Have you tried the CA bundle here:
https://raw.githubusercontent.com/bagder/ca-bundle/master/ca-bundle.crt
referenced in the config with:
sslproxy_cafile /etc/squid/ca-bundle.crt
This fixed a lot of the cert errors I experienced. oli...@lennox-it.uk
lennox-it.uk
tel: 07900 648 252
From: Da
Hi David,
I'm battling with similar problems at the moment. One thing that I've found is
that the system seems happier when you don't peek prior to a bump, my current
config is:
acl nobumpserver ssl::server_name "/etc/squid/nobump"
acl ignoreclients src "/etc/squid/nobumpclients"
acl step1 at_s
Hi All,
First week testing the transparent squid proxy on the Raspberry Pi is going
well so far but I've hit a few snags that I was hoping someone might be able to
advise on. My current (SSL) config is:
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
ht
r also installed without a hitch so it's only really DHCP that can trip
you up.
Hope this helps someone
Olly
oli...@lennox-it.uk
lennox-it.uk
tel: 07900 648 252
From: Alex Rousskov
To: "'squid-users@squid-cache. org'"
Cc:
To: "'squid-users@squid-cache. org'"
Cc: Olly Lennox
Sent: Thursday, 20 April 2017, 0:13
Subject: Re: [squid-users] HTTPS woes
On 04/19/2017 04:48 PM, Olly Lennox wrote:
> After further investigation the problem is something to do with permissions
> related to ssl_c
k
tel: 07900 648 252
From: Eliezer Croitoru
To: "'squid-users@squid-cache. org'"
Cc: 'Olly Lennox' ; 'L. P. H. van Belle'
Sent: Wednesday, 19 April 2017, 22:24
Subject: RE: [squid-users] HTTPS woes
What OS are you using
( apt-get install ca-certificates )
And read : https://www.brightbox.com/blog/2014/03/04/add-cacert-ubuntu-debian/
Greetz,
Louis
> -Oorspronkelijk bericht-
> Van: squid-users
> [mailto:squid-users-boun...@lists.squid-cache.org] Namens Olly Lennox
> Verzonden: woensdag
Never mind I've sorted it! The issue was due to the /var/run directory and the
program not being able to create squid.pid. I amended the permissions and seems
to be working fine now oli...@lennox-it.uk
lennox-it.uk
tel: 07900 648 252
From: Olly Lennox
To: L. P. H. van Belle ; &
---
> Van: squid-users
> [mailto:squid-users-boun...@lists.squid-cache.org] Namens Olly Lennox
> Verzonden: woensdag 19 april 2017 11:22
> Aan: Amos Jeffries; squid-users@lists.squid-cache.org
> Onderwerp: Re: [squid-users] HTTPS woes
>
> Thanks Amos, I'll install this.
users] HTTPS woes
Olly, Debian provides a ca-certificates package containing the Mozilla CA
list. It is updated whenever the CA set changes. Though of course you should
have apt connected to the relevant security repository (jesse-security?) for
regular updates.
Amos
On 19/04/17 03:10, Olly Lenn
Would you mind sharing the script you use? oli...@lennox-it.uk
lennox-it.uk
tel: 07900 648 252
From: Yuri Voinov
To: Olly Lennox ; "squid-users@lists.squid-cache.org"
Sent: Tuesday, 18 April 2017, 16:00
Subject: Re: [squid-users] HTTPS woes
I have automated cron job
Thanks Yuri! The Mozilla Bundle has worked!! Most of the major sites seem to be
working which is all we need. How often do these certificates refresh? Would
they need updating every month or so? oli...@lennox-it.uk
lennox-it.uk
tel: 07900 648 252
From: Yuri Voinov
To: Olly Lennox
So anyone who wants to use Squid over HTTPS in the way has to build this
repository themselves by manually downloading all the CA bundles?
From: Yuri
To: Olly Lennox ; "squid-users@lists.squid-cache.org"
Sent: Tuesday, 18 April 2017, 14:03
Subject: Re: [squid-users]
while proxying https:// URLs
#Default:
# none
# TAG: sslproxy_capath
# directory containing CA certificates to use when verifying
# server certificates while proxying https:// URLs
#Default:
# none
18.04.2017 18:46, Olly Lennox пишет:
> Hi All,
>
> Still having problems here. This is m
errypi (squid/3.5.23)
-
The CA is always listed as not known not matter what site I try I always get
this error.
Any ideas?
Thanks,
Olly
________
From: Olly Lennox
To: Amos Jeffries ; "squid-users@lists.squid-cache.org"
Sent: Sunday, 16 April 2017,
ll let you know how it goes.
Olly oli...@lennox-it.uk
lennox-it.uk
tel: 07900 648 252
From: Amos Jeffries
To: squid-users@lists.squid-cache.org
Sent: Saturday, 15 April 2017, 23:07
Subject: Re: [squid-users] HTTPS woes
On 15/04/2017 9:59 a.m., Olly Lennox wrote:
> Hi Guys.
>
ssl/gadgets.h:116:58: error: template argument 3
is invalid typedef LockingPointer
SSL_Pointer; ^
Any ideas?
Thanks oli...@lennox-it.uk
lennox-it.uk
tel: 07900 648 252
From: Olly Lennox
To: Rafael Akchurin ;
"squid-users@lists
Thanks Rafael,
I'm trying this out now, have had to enable the stretch repos but seems to be
building! oli...@lennox-it.uk
lennox-it.uk
tel: 07900 648 252
From: Rafael Akchurin
To: "squid-users@lists.squid-cache.org"
Sent: Friday, 14 April 2017, 12:40
Subject: Re: [squid-users] HTTPS
(Sorry, reposted because first email was too big I've edited out some bits)
No I'm not getting much luck finding these, This is the result of my make
install, has it installed right?
result of make
-
Making all in compat
make[1]: Entering directory '/usr/src/squid/squid-3.5.25/compat
I've tried building it and it seems to have make install -ed correctly but I'm
getting "command not found" when I try to execute squid3. Is there a step I'm
missing? oli...@lennox-it.uk
lennox-it.uk
tel: 07900 648 252
From: Rafael Akchurin
To: "squid-users@lists.squid-cache.org"
Sent:
Hi There,
I've been battling for the last few days on a little project to setup a
Raspberry PI device as a small parental blocking server. I've managed to
configure the device to work as a transparent proxy using squid which is
assigned as the default gateway via DHCP and after a lot of messing
21 matches
Mail list logo
