Amos, Thank you for your reply. I have version 3.5.12 compiled with Debian rules example provided here, http://docs.diladele.com/administrator_guide_4_5/install/ubuntu14/tools.html
Do you think I could patch squid from 3.5.12 to 3.5.21 via patches available at http://www.squid-cache.org/Versions/v3/3.5/ Or I could download tar.gz file and replace files from that folder to Debian source folder ? do i need any extra tools to build squid 3.5.21? On Tue, Sep 20, 2016 at 3:58 PM, Amos Jeffries <squ...@treenet.co.nz> wrote: > On 20/09/2016 4:42 a.m., Hardik Dangar wrote: > > Hello, > > > > I am using squid 3.5.12(detailed version info is below) on Ubuntu 16.04.1 > > LTS server. My squid config is at, http://pastebin.com/raw/b8RZ67u9 > > > > I have configured squid as intercept proxy bumping all SSL https > > connections. Setup is working fine for many things like browsing, > > even on command line like wget i can download via https as i have > installed > > root certificate within my client os. > > > > My issue is whenever i try to add extra repository via command, i.e. > > sudo add-apt-repository ppa:ondrej/php > > command fails with output "Cannot add PPA: 'ppa:~ondrej/ubuntu/php'. > ERROR: > > '~ondrej' user or team does not exist." and in squid's cache and > access.log > > following entries can be located for this request, > > > > ==> /var/log/squid/access.log <== > > 1474302162.378 439 192.168.1.66 TAG_NONE/200 0 CONNECT > 91.189.89.223:443 > > - ORIGINAL_DST/91.189.89.223 - > > > > ==> /var/log/squid/cache.log <== > > 2016/09/19 21:52:42 kid1| Error negotiating SSL connection on FD 21: > > error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca (1/0) > > 2016/09/19 21:52:42 kid1| hold write on SSL connection on FD 22 > > > > ==> /var/log/squid/access.log <== > > 1474302162.885 403 192.168.1.66 TAG_NONE/200 0 CONNECT > 91.189.89.223:443 > > - ORIGINAL_DST/91.189.89.223 - > > > > ==> /var/log/squid/cache.log <== > > 2016/09/19 21:52:42 kid1| Error negotiating SSL connection on FD 21: > > error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca (1/0) > > > > in the above output 192.168.1.66 is my client requesting that request and > > as you can see in cache.log there is certificate negotiation error. I > have > > tried to fiddle with all options provided at > http://wiki.squid-cache.org/ > > ConfigExamples/Intercept/SslBumpExplicit but it seems i am out of luck > > after almost half of my day battling this issue. > > > > Can someone tell me they are successful with this issue? if so can you > > share your squid.conf relevant section? > > > > $ squid -v > > Squid Cache: Version 3.5.12 > > Ubuntu Squid package does not build with SSL functionality. > > When re-building your Squid with SSL-Bump features it is important to > always use teh very latest Squid release. SSL/TLS and bumping are part > of an ongoing arms race situation. Things are constantly changing and > software from as little as a year ago is unlikly to work 100% well with > intercepting ('bumping') encryption from today. > > First thing to try is to rebuild with squid 3.5.20 or .21 and see if the > problem remains. > > Amos > > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users >
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
