Hi I,m currently testing Squid 4.0.3 in Reverse Proxy Mode. It seems that the sslflags directives "DONT_VERIFY_PEER" and "DONT_VERIFY_DOMAIN" do not work.
Here is the relevant config: https_port 443 accel cert=/etc/squid/ssl/wildcard.cer key=/etc/squid/ssl/wildcard.key defaultsite=externeURL cipher=HIGH:!aNULL options=SINGLE_DH_USE,NO_SSLv3 dhparams=/etc/squid/ssl/dhparams.pem cache_peer localserver parent 443 0 proxy-only no-query no-digest front-end-https=on originserver login=PASS ssl ssloptions=NO_SSLv3 sslflags=DONT_VERIFY_PEER,DONT_VERIFY_DOMAIN name=ExchangeCAS It perfectly workes in my production System based on Ubuntu LTS 14.04.3, Squid 3.3.8. Everytime i try to access the site i get an error: The system returned: (71) Protocol error (TLS code: SQUID_X509_V_ERR_DOMAIN_MISMATCH) Certificate does not match domainname I'm using a SAN Certificate... I can workaround this using the directive "sslproxy_cert_error allow all". But that is not what i want... Are there any issues known? Is something wrong with my config? Regards, Florian Stamer
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
