Hi again.. now work ok the compilation.. but have issues with the https sites.
squid start ok... but can't see the sites with https on the browser... i make the certificate ... and put myCA.der on windows client i test it with: 1- ssl-bump server-first all 2- ssl-bump client-first all testing acl with and without... acl BadSite ssl_error SQUID_X509_V_ERR_DOMAIN_MISMATCH sslproxy_cert_error allow TrustedName sslproxy_cert_error allow BadSite sslproxy_cert_error deny all and nothing can't see https sites like mail.yahoo.com or facebook.com the browser continue put out ERROR SSL CONNECTION ERR_SSL_PROTOCOL i rebuild again many times /var/spool/squid_ssldb and the logs continue saying... 1432201755.569 0 172.16.1.20 TAG_NONE/400 3640 Z%19%98%A50%D7%AD%19%AB%1E - HIER_NONE/- text/html 1432201756.077 0 172.16.1.20 TAG_NONE/400 4056 NONE error:invalid-request - HIER_NONE/- text/html 1432201756.078 0 172.16.1.20 TAG_NONE/400 4056 NONE error:invalid-request - HIER_NONE/- text/html 1432201756.085 0 172.16.1.20 TAG_NONE/400 4056 NONE error:invalid-request - HIER_NONE/- text/html 1432201756.090 0 172.16.1.20 TAG_NONE/400 4056 NONE error:invalid-request - HIER_NONE/- text/html 1432201756.094 0 172.16.1.20 TAG_NONE/400 4056 NONE error:invalid-request - HIER_NONE/- text/html 1432201756.381 1 172.16.1.20 TAG_NONE/400 4056 NONE error:invalid-request - HIER_NONE/- text/html 1432201756.383 1 172.16.1.20 TAG_NONE/400 3616 v%C9%F0O%C9%E6%BB%A1%D2 - HIER_NONE/- text/html 1432201756.391 0 172.16.1.20 TAG_NONE/400 4056 NONE error:invalid-request - HIER_NONE/- text/html 1432201756.395 0 172.16.1.20 TAG_NONE/400 4056 NONE error:invalid-request - HIER_NONE/- text/html 1432201756.399 0 172.16.1.20 TAG_NONE/400 4056 NONE error:invalid-request - HIER_NONE/- text/html 1432201756.662 0 172.16.1.20 TAG_NONE/400 4056 NONE error:invalid-request - HIER_NONE/- text/html 1432201756.663 0 172.16.1.20 TAG_NONE/400 4056 NONE error:invalid-request - HIER_NONE/- text/html 1432201756.670 0 172.16.1.20 TAG_NONE/400 4056 NONE error:invalid-request - HIER_NONE/- text/html 1432201756.675 0 172.16.1.20 TAG_NONE/400 3672 %05%D5%846S/%60%E5&e@%60%D5=%CA%27%E5%E7 - HIER_NONE/- text/html 1432201756.680 0 172.16.1.20 TAG_NONE/400 4056 NONE error:invalid-request - HIER_NONE/- text/html here is my config ---------------------------------- # squid3 -k parse 2015/05/21 05:42:10| Startup: Initializing Authentication Schemes ... 2015/05/21 05:42:10| Startup: Initialized Authentication Scheme 'basic' 2015/05/21 05:42:10| Startup: Initialized Authentication Scheme 'digest' 2015/05/21 05:42:10| Startup: Initialized Authentication Scheme 'negotiate' 2015/05/21 05:42:10| Startup: Initialized Authentication Scheme 'ntlm' 2015/05/21 05:42:10| Startup: Initialized Authentication. 2015/05/21 05:42:10| Processing Configuration File: /etc/squid3/squid.conf (depth 0) 2015/05/21 05:42:10| Processing: http_port 172.16.1.10:3128 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid3/ssl/myCA.pem 2015/05/21 05:42:10| Starting Authentication on port 172.16.1.10:3128 2015/05/21 05:42:10| Disabling Authentication on port 172.16.1.10:3128 (interception enabled) 2015/05/21 05:42:10| Processing: hostname_aliases debian-template.ctimegroup.local 2015/05/21 05:42:10| Processing: visible_hostname debian-template 2015/05/21 05:42:10| Processing: hierarchy_stoplist cgi-bin ? 2015/05/21 05:42:10| Processing: acl QUERY urlpath_regex cgi-bin \? 2015/05/21 05:42:10| Processing: no_cache deny QUERY 2015/05/21 05:42:10| Processing: cache_mem 1024 MB 2015/05/21 05:42:10| Processing: cache_replacement_policy heap LFUDA 2015/05/21 05:42:10| Processing: cache_dir aufs /var/spool/squid3 4096 16 256 2015/05/21 05:42:10| Processing: cache_log /var/log/squid3/cache.log 2015/05/21 05:42:10| Processing: cache_store_log none 2015/05/21 05:42:10| Processing: cache_effective_user proxy 2015/05/21 05:42:10| Processing: cache_effective_group proxy 2015/05/21 05:42:10| Processing: maximum_object_size 1024 KB 2015/05/21 05:42:10| Processing: prefer_direct on 2015/05/21 05:42:10| Processing: ftp_user anonym...@proxy.sld.cu 2015/05/21 05:42:10| Processing: negative_ttl 5 minutes 2015/05/21 05:42:10| Processing: positive_dns_ttl 6 hours 2015/05/21 05:42:10| Processing: negative_dns_ttl 5 minutes 2015/05/21 05:42:10| Processing: coredump_dir /var/spool/squid3 2015/05/21 05:42:10| Processing: shutdown_lifetime 3 seconds 2015/05/21 05:42:10| Processing: logfile_rotate 10 2015/05/21 05:42:10| Processing: access_log /var/log/squid3/access.log squid 2015/05/21 05:42:10| Processing: half_closed_clients off 2015/05/21 05:42:10| Processing: strip_query_terms on 2015/05/21 05:42:10| Processing: refresh_pattern ^ftp: 1440 20% 10080 2015/05/21 05:42:10| Processing: refresh_pattern ^gopher: 1440 0% 1440 2015/05/21 05:42:10| Processing: refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 2015/05/21 05:42:10| Processing: refresh_pattern . 0 20% 4320 2015/05/21 05:42:10| Processing: refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 3600 90% 43200 2015/05/21 05:42:10| Processing: acl SSL_ports port 443 8443 12048 2083 2015/05/21 05:42:10| Processing: acl Safe_ports port 440-442 # http 2015/05/21 05:42:10| Processing: acl Safe_ports port 443 2015/05/21 05:42:10| Processing: acl Safe_ports port 80 # http 2015/05/21 05:42:10| Processing: acl Safe_ports port 21 # ftp 2015/05/21 05:42:10| Processing: acl Safe_ports port 443 # https, snews 2015/05/21 05:42:10| Processing: acl Safe_ports port 1025-8081 # unregistered ports 2015/05/21 05:42:10| Processing: acl Safe_ports port 8082-9999 # unregistered ports 2015/05/21 05:42:10| Processing: acl Safe_ports port 10001-65535 # unregistered ports 2015/05/21 05:42:10| Processing: acl Safe_ports port 280 # http-mgmt 2015/05/21 05:42:10| Processing: acl CONNECT method CONNECT 2015/05/21 05:42:10| Processing: acl localhost src 192.168.207.51 172.16.1.10 2015/05/21 05:42:10| Processing: http_access allow localhost 2015/05/21 05:45:51| Processing: ssl_bump server-first all 2015/05/21 05:42:10| Processing: sslcrtd_program /usr/lib/squid3/ssl_crtd -s /var/spool/squid3_ssldb -M 4MB 2015/05/21 05:42:10| Processing: sslcrtd_children 50 startup=1 idle=1 2015/05/21 05:42:10| Processing: acl TrustedName url_regex ^ https://www.facebook.com 2015/05/21 05:42:10| Processing: acl BadSite ssl_error SQUID_X509_V_ERR_DOMAIN_MISMATCH 2015/05/21 05:42:10| Processing: sslproxy_cert_error allow TrustedName 2015/05/21 05:42:10| Processing: sslproxy_cert_error allow BadSite 2015/05/21 05:42:10| Processing: sslproxy_cert_error deny all 2015/05/21 05:42:10| Processing: acl network src 172.16.1.0/24 192.168.207.0/24 2015/05/21 05:42:10| Processing: http_access allow network 2015/05/21 05:42:10| Processing: acl purge method PURGE 2015/05/21 05:42:10| Processing: http_access deny !Safe_ports 2015/05/21 05:42:10| Processing: http_access deny CONNECT !SSL_ports 2015/05/21 05:42:10| Processing: http_access deny all 2015/05/21 05:42:10| Processing: always_direct allow all 2015/05/21 05:42:10| Processing: forward_max_tries 25 2015/05/21 05:42:10| Processing: never_direct allow all 2015/05/21 05:42:10| Processing: max_filedesc 16384 2015/05/21 05:42:10| Processing: dns_nameservers 8.8.8.8 2015/05/21 05:42:10| Processing: dns_nameservers 8.8.4.4 2015/05/21 05:42:10| Processing: positive_dns_ttl 8 hours 2015/05/21 05:42:10| Processing: negative_dns_ttl 30 seconds 2015/05/21 05:42:10| Initializing https proxy context 2015/05/21 05:42:10| Initializing http_port 172.16.1.10:3128 SSL context 2015/05/21 05:42:10| Using certificate in /etc/squid3/ssl/myCA.pem any idea? thanxs -- Antonio Peña Secure email with PGP 0x8B021001 available at https://pgp.mit.edu <https://pgp.mit.edu/pks/lookup?search=0x8B021001&op=index&fingerprint=on&exact=on> Fingerprint: 74E6 2974 B090 366D CE71 7BB2 6476 FA09 8B02 1001
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
