HTTPS woes

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
35 messages Options
12
Reply | Threaded
Open this post in threaded view
|

HTTPS woes

Olly Lennox
Hi There,

I've been battling for the last few days on a little project to setup a Raspberry PI device as a small parental blocking server. I've managed to configure the device to work as a transparent proxy using squid which is assigned as the default gateway via DHCP and after a lot of messing about I've finally got to the point where it's routing traffic correctly, proxying and blocking unwanted websites over HTTP.

The problem I have is that for the life of me I cannot get things to work over HTTPS. It's working over the older, insecure web browsers where anything goes but the more modern browsers will not accept the SSL certificates and fail with insecure messages. I've tried various ways of generating a cert and also generating a CA cert and signing my other cert with it to no avail. I've had a mixture of errors back from the browser from WEAK_ALGORITHM to BAD_AUTHORITY to INVALID_CERT.

I've been using openssl to generate self-signed certificates and create a der file. Below is a recent attempt but I've tried lots of different approaches:

------------
openssl req -x509 -nodes -sha256 -days 3650 -newkey rsa:2048 -keyout squid.key -out squid.crt
openssl req -new -x509 -key squid.key -out squid.pem
openssl x509 -in squid.pem -inform pem -out squid.der -outform der
------------


Then my config in Squid is like this, the dhparams file I generated as per instructions in the squid wiki:

------------
http_port 3128 intercept
https_port 3129 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid3/ssl_cert/squid.crt key=/etc/squid3/ssl_cert/squid.key options=NO_SSLv3 dhparams=/etc/squid3/ssl_cert/dhparam.pem

#always_direct allow all
ssl_bump server-first all
sslproxy_cert_error allow all
sslproxy_flags DONT_VERIFY_PEER
sslproxy_cipher EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS

------------

The only routing rules I'm using are to forward port 80/443 to 3128/2129 respectively and also a POST_ROUTING "masquerade" rule which I got from a guide (and I'm not sure I 100% understand!)
 

Can anyone tell me where I'm going wrong? This is only for use on very small networks (home router + 2 or 3 trusted devices and users) so security between the rPI and the client is not a major concern - I just want it to work in the most simple and foolproof way possible.


Any advice would be very welcome.

Thanks,

Olly
[hidden email]
lennox-it.uk
tel: 07900 648 252
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: HTTPS woes

Yuri Voinov


13.04.2017 22:57, Olly Lennox пишет:

> Hi There,
>
> I've been battling for the last few days on a little project to setup a Raspberry PI device as a small parental blocking server. I've managed to configure the device to work as a transparent proxy using squid which is assigned as the default gateway via DHCP and after a lot of messing about I've finally got to the point where it's routing traffic correctly, proxying and blocking unwanted websites over HTTP.
>
> The problem I have is that for the life of me I cannot get things to work over HTTPS. It's working over the older, insecure web browsers where anything goes but the more modern browsers will not accept the SSL certificates and fail with insecure messages. I've tried various ways of generating a cert and also generating a CA cert and signing my other cert with it to no avail. I've had a mixture of errors back from the browser from WEAK_ALGORITHM to BAD_AUTHORITY to INVALID_CERT.
>
> I've been using openssl to generate self-signed certificates and create a der file. Below is a recent attempt but I've tried lots of different approaches:
>
> ------------
> openssl req -x509 -nodes -sha256 -days 3650 -newkey rsa:2048 -keyout squid.key -out squid.crt
> openssl req -new -x509 -key squid.key -out squid.pem
> openssl x509 -in squid.pem -inform pem -out squid.der -outform der
> ------------
>
>
> Then my config in Squid is like this, the dhparams file I generated as per instructions in the squid wiki:
First of all: what's Squid's version?
>
> ------------
> http_port 3128 intercept
> https_port 3129 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid3/ssl_cert/squid.crt key=/etc/squid3/ssl_cert/squid.key options=NO_SSLv3 dhparams=/etc/squid3/ssl_cert/dhparam.pem
You squid's built with interception support? show squid -v output.
>
> ssl_bump server-first all
This  ^^^^^^^^^^^^^^^^^^^^^ option valid only up to Squid 3.4. If you
using 3.5.x, you should use new peek-n-splice rules.
> sslproxy_cert_error allow all
> sslproxy_flags DONT_VERIFY_PEER
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Don't do this. Never. This force
squid to ignore (and hide) all security issues with SSL from user and
from you.
> sslproxy_cipher EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS
>
> ------------
>
> The only routing rules I'm using are to forward port 80/443 to 3128/2129 respectively and also a POST_ROUTING "masquerade" rule which I got from a guide (and I'm not sure I 100% understand!)
80/443 should be NATed to squid's box on squid's box.
>  
>
> Can anyone tell me where I'm going wrong? This is only for use on very small networks (home router + 2 or 3 trusted devices and users) so security between the rPI and the client is not a major concern - I just want it to work in the most simple and foolproof way possible.
You doing wrong only one: you not give any important to resolve issue
information.
At least squid's version and build options.

>
> Any advice would be very welcome.
>
> Thanks,
>
> Olly
> [hidden email]
> lennox-it.uk
> tel: 07900 648 252
> _______________________________________________
> squid-users mailing list
> [hidden email]
> http://lists.squid-cache.org/listinfo/squid-users
--
Bugs to the Future

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users

0x613DEC46.asc (2K) Download Attachment
signature.asc (484 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: HTTPS woes

Amos Jeffries
Administrator
On 14/04/2017 6:00 a.m., Yuri Voinov wrote:

>
>
> 13.04.2017 22:57, Olly Lennox пишет:
>> Hi There,
>>
>> I've been battling for the last few days on a little project to setup a Raspberry PI device as a small parental blocking server. I've managed to configure the device to work as a transparent proxy using squid which is assigned as the default gateway via DHCP and after a lot of messing about I've finally got to the point where it's routing traffic correctly, proxying and blocking unwanted websites over HTTP.
>>
>> The problem I have is that for the life of me I cannot get things to work over HTTPS. It's working over the older, insecure web browsers where anything goes but the more modern browsers will not accept the SSL certificates and fail with insecure messages. I've tried various ways of generating a cert and also generating a CA cert and signing my other cert with it to no avail. I've had a mixture of errors back from the browser from WEAK_ALGORITHM to BAD_AUTHORITY to INVALID_CERT.
>>
>> I've been using openssl to generate self-signed certificates and create a der file. Below is a recent attempt but I've tried lots of different approaches:
>>
>> ------------
>> openssl req -x509 -nodes -sha256 -days 3650 -newkey rsa:2048 -keyout squid.key -out squid.crt
>> openssl req -new -x509 -key squid.key -out squid.pem
>> openssl x509 -in squid.pem -inform pem -out squid.der -outform der
>> ------------
>>
>>
>> Then my config in Squid is like this, the dhparams file I generated as per instructions in the squid wiki:
> First of all: what's Squid's version?

And secondly; are you sufficiently capable with Debian to (cross-)build
your own Squid package that can run on Raspian?

The Debian squid/squid3 packages do not have TLS/SSL/HTTPS support. So
you will be building your own to get the bumping features.

Amos

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: HTTPS woes

Rafael Akchurin
>>> Then my config in Squid is like this, the dhparams file I generated as per instructions in the squid wiki:
>> First of all: what's Squid's version?

> And secondly; are you sufficiently capable with Debian to (cross-)build your own Squid package that can run on Raspian?
> The Debian squid/squid3 packages do not have TLS/SSL/HTTPS support. So you will be building your own to get the bumping features.

When you decide to recompile on Raspbian, please be sure to take a look at https://docs.diladele.com/administrator_guide_5_0/install/rpi/squid.html - it describes one way of doing this  *on* RPI (without cross compiling). But it is slooowwww.
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: HTTPS woes

Olly Lennox
I've tried building it and it seems to have make install -ed correctly but I'm getting "command not found" when I try to execute squid3. Is there a step I'm missing?
 
[hidden email]
lennox-it.uk
tel: 07900 648 252



From: Rafael Akchurin <[hidden email]>
To: "[hidden email]" <[hidden email]>
Sent: Friday, 14 April 2017, 12:40
Subject: Re: [squid-users] HTTPS woes

>>> Then my config in Squid is like this, the dhparams file I generated as per instructions in the squid wiki:
>> First of all: what's Squid's version?

> And secondly; are you sufficiently capable with Debian to (cross-)build your own Squid package that can run on Raspian?
> The Debian squid/squid3 packages do not have TLS/SSL/HTTPS support. So you will be building your own to get the bumping features.

When you decide to recompile on Raspbian, please be sure to take a look at https://docs.diladele.com/administrator_guide_5_0/install/rpi/squid.html - it describes one way of doing this  *on* RPI (without cross compiling). But it is slooowwww.

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users



_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: HTTPS woes

Amos Jeffries
Administrator
On 14/04/2017 11:52 p.m., Olly Lennox wrote:
> I've tried building it and it seems to have make install -ed
> correctly but I'm getting "command not found" when I try to execute
> squid3. Is there a step I'm missing?

Debian latest and custom builds use the binary name 'squid' for versions
3.5+.

Amos

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: HTTPS woes

Antony Stone
In reply to this post by Olly Lennox
On Friday 14 April 2017 at 13:52:08, Olly Lennox wrote:

> I've tried building it and it seems to have make install -ed correctly but
> I'm getting "command not found" when I try to execute squid3.

Well, what command are you trying to run (the one which is "not found")?

And what do you from "whereis squid"?

If that second command shows nothing, what do you get from:
"find / -type f -name squid"?


Antony.

>       From: Rafael Akchurin <[hidden email]>
>  To: "[hidden email]"
> <[hidden email]> Sent: Friday, 14 April 2017, 12:40
>  Subject: Re: [squid-users] HTTPS woes
>
> >>> Then my config in Squid is like this, the dhparams file I generated as per
instructions in the squid wiki:

> >> First of all: what's Squid's version?
> >
> > And secondly; are you sufficiently capable with Debian to (cross-)build
> > your own Squid package that can run on Raspian? The Debian squid/squid3
> > packages do not have TLS/SSL/HTTPS support. So you will be building your
> > own to get the bumping features.
>
> When you decide to recompile on Raspbian, please be sure to take a look at
> https://docs.diladele.com/administrator_guide_5_0/install/rpi/squid.html -
> it describes one way of doing this  *on* RPI (without cross compiling).
> But it is slooowwww. _______________________________________________
> squid-users mailing list
> [hidden email]
> http://lists.squid-cache.org/listinfo/squid-users

--
"I think both KDE and Gnome suck - I'm quite unbiased in that, because I use a
Mac."

 - Jason Isitt

                                                   Please reply to the list;
                                                         please *don't* CC me.
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: HTTPS woes

Olly Lennox
(Sorry, reposted because first email was too big I've edited out some bits)


No I'm not getting much luck finding these, This is the result of my make install, has it installed right?



result of make

-----


Making all in compat

make[1]: Entering directory '/usr/src/squid/squid-3.5.25/compat'

make[1]: Nothing to be done for 'all'.

make[1]: Leaving directory '/usr/src/squid/squid-3.5.25/compat'

Making all in lib

make[1]: Entering directory '/usr/src/squid/squid-3.5.25/lib'

Making all in libTrie

make[2]: Entering directory '/usr/src/squid/squid-3.5.25/lib/libTrie'

Making all in .

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/lib/libTrie'

make[3]: Nothing to be done for 'all-am'.

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/lib/libTrie'

Making all in test

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/lib/libTrie/test'

make[3]: Nothing to be done for 'all'.

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/lib/libTrie/test'

make[2]: Leaving directory '/usr/src/squid/squid-3.5.25/lib/libTrie'

Making all in snmplib

make[2]: Entering directory '/usr/src/squid/squid-3.5.25/lib/snmplib'

make[2]: Nothing to be done for 'all'.

make[2]: Leaving directory '/usr/src/squid/squid-3.5.25/lib/snmplib'

Making all in rfcnb

make[2]: Entering directory '/usr/src/squid/squid-3.5.25/lib/rfcnb'

make[2]: Nothing to be done for 'all'.

make[2]: Leaving directory '/usr/src/squid/squid-3.5.25/lib/rfcnb'

Making all in smblib

make[2]: Entering directory '/usr/src/squid/squid-3.5.25/lib/smblib'

make[2]: Nothing to be done for 'all'.

make[2]: Leaving directory '/usr/src/squid/squid-3.5.25/lib/smblib'

Making all in ntlmauth

make[2]: Entering directory '/usr/src/squid/squid-3.5.25/lib/ntlmauth'

make[2]: Nothing to be done for 'all'.

make[2]: Leaving directory '/usr/src/squid/squid-3.5.25/lib/ntlmauth'

make[2]: Entering directory '/usr/src/squid/squid-3.5.25/lib'

make[2]: Nothing to be done for 'all-am'.

make[2]: Leaving directory '/usr/src/squid/squid-3.5.25/lib'

make[1]: Leaving directory '/usr/src/squid/squid-3.5.25/lib'

Making all in libltdl

make[1]: Entering directory '/usr/src/squid/squid-3.5.25/libltdl'

make  all-am

make[2]: Entering directory '/usr/src/squid/squid-3.5.25/libltdl'

make[2]: Leaving directory '/usr/src/squid/squid-3.5.25/libltdl'

make[1]: Leaving directory '/usr/src/squid/squid-3.5.25/libltdl'

Making all in scripts

make[1]: Entering directory '/usr/src/squid/squid-3.5.25/scripts'

make[1]: Nothing to be done for 'all'.

make[1]: Leaving directory '/usr/src/squid/squid-3.5.25/scripts'

Making all in icons

make[1]: Entering directory '/usr/src/squid/squid-3.5.25/icons'

make[1]: Nothing to be done for 'all'.

make[1]: Leaving directory '/usr/src/squid/squid-3.5.25/icons'

Making all in errors

make[1]: Entering directory '/usr/src/squid/squid-3.5.25/errors'

make[1]: Nothing to be done for 'all'.

make[1]: Leaving directory '/usr/src/squid/squid-3.5.25/errors'

Making all in doc

make[1]: Entering directory '/usr/src/squid/squid-3.5.25/doc'

Making all in manuals

make[2]: Entering directory '/usr/src/squid/squid-3.5.25/doc/manuals'

make[2]: Nothing to be done for 'all'.

make[2]: Leaving directory '/usr/src/squid/squid-3.5.25/doc/manuals'

Making all in release-notes

make[2]: Entering directory '/usr/src/squid/squid-3.5.25/doc/release-notes'

make[2]: Nothing to be done for 'all'.

make[2]: Leaving directory '/usr/src/squid/squid-3.5.25/doc/release-notes'

make[2]: Entering directory '/usr/src/squid/squid-3.5.25/doc'

make[2]: Nothing to be done for 'all-am'.

make[2]: Leaving directory '/usr/src/squid/squid-3.5.25/doc'

make[1]: Leaving directory '/usr/src/squid/squid-3.5.25/doc'

Making all in helpers

make[1]: Entering directory '/usr/src/squid/squid-3.5.25/helpers'

Making all in basic_auth

make[2]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/basic_auth'

Making all in DB

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/basic_auth/DB'

make[3]: Nothing to be done for 'all'.

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/basic_auth/DB'

Making all in fake

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/basic_auth/fake'

make[3]: Nothing to be done for 'all'.

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/basic_auth/fake'

Making all in getpwnam

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/basic_auth/getpwnam'

make[3]: Nothing to be done for 'all'.

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/basic_auth/getpwnam'

Making all in LDAP

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/basic_auth/LDAP'

make[3]: Nothing to be done for 'all'.

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/basic_auth/LDAP'

Making all in NCSA

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/basic_auth/NCSA'

make[3]: Nothing to be done for 'all'.

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/basic_auth/NCSA'

Making all in NIS

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/basic_auth/NIS'

make[3]: Nothing to be done for 'all'.

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/basic_auth/NIS'

Making all in PAM

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/basic_auth/PAM'

make[3]: Nothing to be done for 'all'.

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/basic_auth/PAM'

Making all in POP3

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/basic_auth/POP3'

make[3]: Nothing to be done for 'all'.

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/basic_auth/POP3'

Making all in RADIUS

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/basic_auth/RADIUS'

make[3]: Nothing to be done for 'all'.

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/basic_auth/RADIUS'

Making all in SASL

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/basic_auth/SASL'

make[3]: Nothing to be done for 'all'.

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/basic_auth/SASL'

Making all in SMB

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/basic_auth/SMB'

make[3]: Nothing to be done for 'all'.

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/basic_auth/SMB'

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/basic_auth'

make[3]: Nothing to be done for 'all-am'.

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/basic_auth'

make[2]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/basic_auth'

Making all in digest_auth

make[2]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/digest_auth'

Making all in file

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/digest_auth/file'

make[3]: Nothing to be done for 'all'.

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/digest_auth/file'

Making all in LDAP

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/digest_auth/LDAP'

make[3]: Nothing to be done for 'all'.

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/digest_auth/LDAP'

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/digest_auth'

make[3]: Nothing to be done for 'all-am'.

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/digest_auth'

make[2]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/digest_auth'

Making all in external_acl

make[2]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/external_acl'

Making all in file_userip

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/external_acl/file_userip'

make[3]: Nothing to be done for 'all'.

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/external_acl/file_userip'

Making all in kerberos_ldap_group

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/external_acl/kerberos_ldap_group'

make[4]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/external_acl/kerberos_ldap_group'

make[4]: Nothing to be done for 'all-am'.

make[4]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/external_acl/kerberos_ldap_group'

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/external_acl/kerberos_ldap_group'

Making all in LDAP_group

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/external_acl/LDAP_group'

make[3]: Nothing to be done for 'all'.

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/external_acl/LDAP_group'

Making all in session

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/external_acl/session'

make[3]: Nothing to be done for 'all'.

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/external_acl/session'

Making all in SQL_session

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/external_acl/SQL_session'

make[3]: Nothing to be done for 'all'.

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/external_acl/SQL_session'

Making all in unix_group

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/external_acl/unix_group'

make[3]: Nothing to be done for 'all'.

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/external_acl/unix_group'

Making all in wbinfo_group

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/external_acl/wbinfo_group'

make[3]: Nothing to be done for 'all'.

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/external_acl/wbinfo_group'

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/external_acl'

make[3]: Nothing to be done for 'all-am'.

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/external_acl'

make[2]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/external_acl'

Making all in log_daemon

make[2]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/log_daemon'

Making all in DB

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/log_daemon/DB'

make[3]: Nothing to be done for 'all'.

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/log_daemon/DB'

Making all in file

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/log_daemon/file'

make[3]: Nothing to be done for 'all'.

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/log_daemon/file'

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/log_daemon'

make[3]: Nothing to be done for 'all-am'.

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/log_daemon'

make[2]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/log_daemon'

Making all in negotiate_auth

make[2]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/negotiate_auth'

Making all in kerberos

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/negotiate_auth/kerberos'

make[4]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/negotiate_auth/kerberos'

make[4]: Nothing to be done for 'all-am'.

make[4]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/negotiate_auth/kerberos'

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/negotiate_auth/kerberos'

Making all in wrapper

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/negotiate_auth/wrapper'

make[3]: Nothing to be done for 'all'.

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/negotiate_auth/wrapper'

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/negotiate_auth'

make[3]: Nothing to be done for 'all-am'.

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/negotiate_auth'

make[2]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/negotiate_auth'

Making all in url_rewrite

make[2]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/url_rewrite'

Making all in fake

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/url_rewrite/fake'

make[3]: Nothing to be done for 'all'.

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/url_rewrite/fake'

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/url_rewrite'

make[3]: Nothing to be done for 'all-am'.

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/url_rewrite'

make[2]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/url_rewrite'

Making all in storeid_rewrite

make[2]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/storeid_rewrite'

Making all in file

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/storeid_rewrite/file'

make[3]: Nothing to be done for 'all'.

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/storeid_rewrite/file'

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/storeid_rewrite'

make[3]: Nothing to be done for 'all-am'.

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/storeid_rewrite'

make[2]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/storeid_rewrite'

Making all in ntlm_auth

make[2]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/ntlm_auth'

Making all in fake

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/ntlm_auth/fake'

make[3]: Nothing to be done for 'all'.

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/ntlm_auth/fake'

Making all in smb_lm

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/ntlm_auth/smb_lm'

make[3]: Nothing to be done for 'all'.

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/ntlm_auth/smb_lm'

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/ntlm_auth'

make[3]: Nothing to be done for 'all-am'.

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/ntlm_auth'

make[2]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/ntlm_auth'

make[2]: Entering directory '/usr/src/squid/squid-3.5.25/helpers'

make[2]: Nothing to be done for 'all-am'.

make[2]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers'

make[1]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers'

Making all in src

make[1]: Entering directory '/usr/src/squid/squid-3.5.25/src'

make  all-recursive

make[2]: Entering directory '/usr/src/squid/squid-3.5.25/src'

Making all in base

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/src/base'

make[3]: Nothing to be done for 'all'.

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/src/base'

Making all in anyp

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/src/anyp'

make[3]: Nothing to be done for 'all'.

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/src/anyp'

Making all in helper

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/src/helper'

make[3]: Nothing to be done for 'all'.

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/src/helper'

Making all in ftp

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/src/ftp'

make[3]: Nothing to be done for 'all'.

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/src/ftp'

Making all in parser

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/src/parser'

make[3]: Nothing to be done for 'all'.

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/src/parser'

Making all in comm

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/src/comm'

make[3]: Nothing to be done for 'all'.

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/src/comm'

Making all in eui

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/src/eui'

make[3]: Nothing to be done for 'all'.

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/src/eui'

Making all in acl

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/src/acl'

make[3]: Nothing to be done for 'all'.

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/src/acl'

Making all in format

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/src/format'

make[3]: Nothing to be done for 'all'.

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/src/format'

Making all in clients

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/src/clients'

make[3]: Nothing to be done for 'all'.

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/src/clients'

Making all in servers

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/src/servers'

make[3]: Nothing to be done for 'all'.

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/src/servers'

Making all in fs

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/src/fs'

make[3]: Nothing to be done for 'all'.

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/src/fs'

Making all in repl

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/src/repl'

make[3]: Nothing to be done for 'all'.

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/src/repl'

Making all in auth

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/src/auth'

Making all in basic

make[4]: Entering directory '/usr/src/squid/squid-3.5.25/src/auth/basic'

make[4]: Nothing to be done for 'all'.

make[4]: Leaving directory '/usr/src/squid/squid-3.5.25/src/auth/basic'

Making all in digest

make[4]: Entering directory '/usr/src/squid/squid-3.5.25/src/auth/digest'

make[4]: Nothing to be done for 'all'.

make[4]: Leaving directory '/usr/src/squid/squid-3.5.25/src/auth/digest'

Making all in negotiate

make[4]: Entering directory '/usr/src/squid/squid-3.5.25/src/auth/negotiate'

make[4]: Nothing to be done for 'all'.

make[4]: Leaving directory '/usr/src/squid/squid-3.5.25/src/auth/negotiate'

Making all in ntlm

make[4]: Entering directory '/usr/src/squid/squid-3.5.25/src/auth/ntlm'

make[4]: Nothing to be done for 'all'.

make[4]: Leaving directory '/usr/src/squid/squid-3.5.25/src/auth/ntlm'

make[4]: Entering directory '/usr/src/squid/squid-3.5.25/src/auth'

make[4]: Nothing to be done for 'all-am'.

make[4]: Leaving directory '/usr/src/squid/squid-3.5.25/src/auth'

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/src/auth'

Making all in http

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/src/http'

make[3]: Nothing to be done for 'all'.

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/src/http'

Making all in ip

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/src/ip'

make[3]: Nothing to be done for 'all'.

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/src/ip'

Making all in icmp

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/src/icmp'

make[3]: Nothing to be done for 'all'.

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/src/icmp'

Making all in ident

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/src/ident'

make[3]: Nothing to be done for 'all'.

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/src/ident'

Making all in log

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/src/log'

make[3]: Nothing to be done for 'all'.

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/src/log'

Making all in ipc

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/src/ipc'

make[3]: Nothing to be done for 'all'.

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/src/ipc'

Making all in mgr

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/src/mgr'

make[3]: Nothing to be done for 'all'.

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/src/mgr'

Making all in snmp

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/src/snmp'

make[3]: Nothing to be done for 'all'.

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/src/snmp'

Making all in adaptation

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/src/adaptation'

Making all in icap

make[4]: Entering directory '/usr/src/squid/squid-3.5.25/src/adaptation/icap'

make[4]: Nothing to be done for 'all'.

make[4]: Leaving directory '/usr/src/squid/squid-3.5.25/src/adaptation/icap'

Making all in ecap

make[4]: Entering directory '/usr/src/squid/squid-3.5.25/src/adaptation/ecap'

make[4]: Nothing to be done for 'all'.

make[4]: Leaving directory '/usr/src/squid/squid-3.5.25/src/adaptation/ecap'

make[4]: Entering directory '/usr/src/squid/squid-3.5.25/src/adaptation'

make[4]: Nothing to be done for 'all-am'.

make[4]: Leaving directory '/usr/src/squid/squid-3.5.25/src/adaptation'

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/src/adaptation'

Making all in esi

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/src/esi'

make[3]: Nothing to be done for 'all'.

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/src/esi'

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/src'

make[3]: Nothing to be done for 'all-am'.

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/src'

make[2]: Leaving directory '/usr/src/squid/squid-3.5.25/src'

make[1]: Leaving directory '/usr/src/squid/squid-3.5.25/src'

Making all in tools

make[1]: Entering directory '/usr/src/squid/squid-3.5.25/tools'

Making all in purge

make[2]: Entering directory '/usr/src/squid/squid-3.5.25/tools/purge'

make[2]: Nothing to be done for 'all'.

make[2]: Leaving directory '/usr/src/squid/squid-3.5.25/tools/purge'

Making all in squidclient

make[2]: Entering directory '/usr/src/squid/squid-3.5.25/tools/squidclient'

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/tools/squidclient'

make[3]: Nothing to be done for 'all-am'.

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/tools/squidclient'

make[2]: Leaving directory '/usr/src/squid/squid-3.5.25/tools/squidclient'

Making all in systemd

make[2]: Entering directory '/usr/src/squid/squid-3.5.25/tools/systemd'

make[2]: Nothing to be done for 'all'.

make[2]: Leaving directory '/usr/src/squid/squid-3.5.25/tools/systemd'

Making all in sysvinit

make[2]: Entering directory '/usr/src/squid/squid-3.5.25/tools/sysvinit'

make[2]: Nothing to be done for 'all'.

make[2]: Leaving directory '/usr/src/squid/squid-3.5.25/tools/sysvinit'

make[2]: Entering directory '/usr/src/squid/squid-3.5.25/tools'

make[2]: Nothing to be done for 'all-am'.

make[2]: Leaving directory '/usr/src/squid/squid-3.5.25/tools'

make[1]: Leaving directory '/usr/src/squid/squid-3.5.25/tools'

Making all in test-suite

make[1]: Entering directory '/usr/src/squid/squid-3.5.25/test-suite'

make[1]: Nothing to be done for 'all'.

make[1]: Leaving directory '/usr/src/squid/squid-3.5.25/test-suite'

make[1]: Entering directory '/usr/src/squid/squid-3.5.25'

make[1]: Nothing to be done for 'all-am'.

make[1]: Leaving directory '/usr/src/squid/squid-3.5.25'



------


result of make install


-------------


Making install in compat

make[1]: Entering directory '/usr/src/squid/squid-3.5.25/compat'

make[2]: Entering directory '/usr/src/squid/squid-3.5.25/compat'

make[2]: Nothing to be done for 'install-exec-am'.

make[2]: Nothing to be done for 'install-data-am'.

make[2]: Leaving directory '/usr/src/squid/squid-3.5.25/compat'

make[1]: Leaving directory '/usr/src/squid/squid-3.5.25/compat'

Making install in lib

make[1]: Entering directory '/usr/src/squid/squid-3.5.25/lib'

Making all in libTrie

make[2]: Entering directory '/usr/src/squid/squid-3.5.25/lib/libTrie'

Making all in .

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/lib/libTrie'

make[3]: Nothing to be done for 'all-am'.

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/lib/libTrie'

Making all in test

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/lib/libTrie/test'

make[3]: Nothing to be done for 'all'.

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/lib/libTrie/test'

make[2]: Leaving directory '/usr/src/squid/squid-3.5.25/lib/libTrie'

Making all in snmplib

make[2]: Entering directory '/usr/src/squid/squid-3.5.25/lib/snmplib'

make[2]: Nothing to be done for 'all'.

make[2]: Leaving directory '/usr/src/squid/squid-3.5.25/lib/snmplib'

Making all in rfcnb

make[2]: Entering directory '/usr/src/squid/squid-3.5.25/lib/rfcnb'

make[2]: Nothing to be done for 'all'.

make[2]: Leaving directory '/usr/src/squid/squid-3.5.25/lib/rfcnb'

Making all in smblib

make[2]: Entering directory '/usr/src/squid/squid-3.5.25/lib/smblib'

make[2]: Nothing to be done for 'all'.

make[2]: Leaving directory '/usr/src/squid/squid-3.5.25/lib/smblib'

Making all in ntlmauth

make[2]: Entering directory '/usr/src/squid/squid-3.5.25/lib/ntlmauth'

make[2]: Nothing to be done for 'all'.

make[2]: Leaving directory '/usr/src/squid/squid-3.5.25/lib/ntlmauth'

make[2]: Entering directory '/usr/src/squid/squid-3.5.25/lib'

make[2]: Nothing to be done for 'all-am'.

make[2]: Leaving directory '/usr/src/squid/squid-3.5.25/lib'

make[1]: Leaving directory '/usr/src/squid/squid-3.5.25/lib'

Making install in libltdl

make[1]: Entering directory '/usr/src/squid/squid-3.5.25/libltdl'

make  install-am

make[2]: Entering directory '/usr/src/squid/squid-3.5.25/libltdl'

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/libltdl'

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/libltdl'

make[2]: Leaving directory '/usr/src/squid/squid-3.5.25/libltdl'

make[1]: Leaving directory '/usr/src/squid/squid-3.5.25/libltdl'

Making install in scripts

make[1]: Entering directory '/usr/src/squid/squid-3.5.25/scripts'

make[2]: Entering directory '/usr/src/squid/squid-3.5.25/scripts'

make[2]: Nothing to be done for 'install-exec-am'.

make[2]: Nothing to be done for 'install-data-am'.

make[2]: Leaving directory '/usr/src/squid/squid-3.5.25/scripts'

make[1]: Leaving directory '/usr/src/squid/squid-3.5.25/scripts'

Making install in icons

make[1]: Entering directory '/usr/src/squid/squid-3.5.25/icons'

make[2]: Entering directory '/usr/src/squid/squid-3.5.25/icons'

make[2]: Nothing to be done for 'install-exec-am'.

/bin/mkdir -p '/usr/share/squid3/icons/silk'

/usr/bin/install -c -m 644 silk/application.png silk/arrow_up.png silk/bomb.png silk/box.png silk/bricks.png silk/bullet_red.png silk/cd.png silk/chart_line.png silk/compress.png silk/computer_link.png silk/css.png silk/cup.png silk/database.png silk/database_table.png silk/drive_disk.png silk/film_key.png silk/film.png silk/folder.png silk/folder_table.png silk/image.png silk/information.png silk/layers.png silk/layout.png silk/link.png silk/music.png silk/package_go.png silk/package.png silk/page_code.png silk/page_excel.png silk/page_green.png silk/page_white_acrobat.png silk/page_white_cplusplus.png silk/page_white_c.png silk/page_white_flash.png silk/page_white_magnify.png silk/page_white_picture.png silk/page_white.png silk/page_white_powerpoint.png silk/page_white_stack.png silk/page_white_text.png '/usr/share/squid3/icons/silk'

/usr/bin/install -c -m 644 silk/page_white_word.png silk/page_white_zip.png silk/page_world.png silk/photo.png silk/picture.png silk/plugin_add.png silk/plugin.png silk/script_gear.png silk/script_palette.png silk/script.png '/usr/share/squid3/icons/silk'

/usr/bin/install -c -m 644 ./SN.png "/usr/share/squid3/icons/"

make[2]: Leaving directory '/usr/src/squid/squid-3.5.25/icons'

make[1]: Leaving directory '/usr/src/squid/squid-3.5.25/icons'

Making install in errors

make[1]: Entering directory '/usr/src/squid/squid-3.5.25/errors'

make[2]: Entering directory '/usr/src/squid/squid-3.5.25/errors'

if test -f /etc/squid3/errorpage.css ; then \

echo "install-exec-local will not overwrite existing /etc/squid3/errorpage.css" ; \

else \

/bin/bash /usr/src/squid/squid-3.5.25/cfgaux/install-sh -d `dirname /etc/squid3/errorpage.css` ; \

echo "/usr/bin/install -c -m 644 ./errorpage.css /etc/squid3/errorpage.css"; \

/usr/bin/install -c -m 644 ./errorpage.css /etc/squid3/errorpage.css; \

fi

install-exec-local will not overwrite existing /etc/squid3/errorpage.css

/bin/bash /usr/src/squid/squid-3.5.25/cfgaux/install-sh -d /usr/share/squid3/errors ; \

for l in af.lang ar.lang az.lang bg.lang ca.lang cs.lang da.lang de.lang el.lang en.lang es.lang et.lang fa.lang fi.lang fr.lang he.lang hu.lang hy.lang id.lang it.lang ja.lang ka.lang ko.lang lt.lang lv.lang ms.lang nl.lang oc.lang pl.lang pt-br.lang pt.lang ro.lang ru.lang sk.lang sl.lang sr-cyrl.lang sr-latn.lang sv.lang th.lang tr.lang uk.lang uz.lang vi.lang zh-hans.lang zh-hant.lang  templates; do \

    l=`basename $l .lang`; \

    echo "Located $l for install..."; \

    if test -d ./$l || test -d ./$l; then \

/bin/bash /usr/src/squid/squid-3.5.25/cfgaux/install-sh -d /usr/share/squid3/errors/$l; \

    fi; \

    for f in templates/ERR_ACCESS_DENIED templates/ERR_ACL_TIME_QUOTA_EXCEEDED templates/ERR_AGENT_CONFIGURE templates/ERR_AGENT_WPAD templates/ERR_CACHE_ACCESS_DENIED templates/ERR_CACHE_MGR_ACCESS_DENIED templates/ERR_CANNOT_FORWARD templates/ERR_CONFLICT_HOST templates/ERR_CONNECT_FAIL templates/ERR_DIR_LISTING templates/ERR_DNS_FAIL templates/ERR_ESI templates/ERR_FORWARDING_DENIED templates/ERR_FTP_DISABLED templates/ERR_FTP_FAILURE templates/ERR_FTP_FORBIDDEN templates/ERR_FTP_NOT_FOUND templates/ERR_FTP_PUT_CREATED templates/ERR_FTP_PUT_ERROR templates/ERR_FTP_PUT_MODIFIED templates/ERR_FTP_UNAVAILABLE templates/ERR_GATEWAY_FAILURE templates/ERR_ICAP_FAILURE templates/ERR_INVALID_REQ templates/ERR_INVALID_RESP templates/ERR_INVALID_URL templates/ERR_LIFETIME_EXP templates/ERR_NO_RELAY templates/ERR_ONLY_IF_CACHED_MISS templates/ERR_PRECONDITION_FAILED templates/ERR_READ_ERROR templates/ERR_READ_TIMEOUT templates/ERR_SECURE_CONNECT_FAIL templates/ERR_SHUTTING_DOWN templates/ERR_SOCKET_FAILURE templates/ERR_TOO_BIG templates/ERR_UNSUP_HTTPVERSION templates/ERR_UNSUP_REQ templates/ERR_URN_RESOLVE templates/ERR_WRITE_ERROR templates/ERR_ZERO_SIZE_OBJECT  templates/error-details.txt; do \

page=`basename $f`; \

if test -f ./$l/$page; then \

   echo "/usr/bin/install -c -m 644 ./$l/$page /usr/share/squid3/errors/$l"; \

   /usr/bin/install -c -m 644 ./$l/$page /usr/share/squid3/errors/$l; \

elif test -f ./$l/$page; then \

   echo "/usr/bin/install -c -m 644 ./$l/$page /usr/share/squid3/errors/$l"; \

   /usr/bin/install -c -m 644 ./$l/$page /usr/share/squid3/errors/$l; \

fi; \

    done; \

done; \

/usr/bin/install -c -m 644 ./TRANSLATORS /usr/share/squid3/errors/TRANSLATORS; \

/usr/bin/install -c -m 644 ./COPYRIGHT /usr/share/squid3/errors/COPYRIGHT; \

/usr/bin/install -c -m 644 ./errorpage.css /etc/squid3/errorpage.css.default; \

/bin/bash ./alias-link.sh "/bin/ln" "/bin/rm -f" "/usr/share/squid3/errors" "./aliases" || exit 1 ;

Located af for install...

/usr/bin/install -c -m 644 ./af/ERR_ACCESS_DENIED /usr/share/squid3/errors/af


...
<lots of errors>
...
/usr/bin/install -c -m 644 ./templates/ERR_ZERO_SIZE_OBJECT /usr/share/squid3/errors/templates

/usr/bin/install -c -m 644 ./templates/error-details.txt /usr/share/squid3/errors/templates

WARNING: ## translations do not exist. Nothing to do for: Copyright (C) 1996-2017 The Squid Software Foundation and contributors

WARNING: ## translations do not exist. Nothing to do for:

WARNING: ## translations do not exist. Nothing to do for: Squid software is distributed under GPLv2+ license and includes

WARNING: ## translations do not exist. Nothing to do for: contributions from numerous individuals and organizations.

WARNING: ## translations do not exist. Nothing to do for: Please see the COPYING and CONTRIBUTORS files for details.

WARNING: ## translations do not exist. Nothing to do for:

make[2]: Leaving directory '/usr/src/squid/squid-3.5.25/errors'

make[1]: Leaving directory '/usr/src/squid/squid-3.5.25/errors'

Making install in doc

make[1]: Entering directory '/usr/src/squid/squid-3.5.25/doc'

Making install in manuals

make[2]: Entering directory '/usr/src/squid/squid-3.5.25/doc/manuals'

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/doc/manuals'

make[3]: Nothing to be done for 'install-exec-am'.

make[3]: Nothing to be done for 'install-data-am'.

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/doc/manuals'

make[2]: Leaving directory '/usr/src/squid/squid-3.5.25/doc/manuals'

Making install in release-notes

make[2]: Entering directory '/usr/src/squid/squid-3.5.25/doc/release-notes'

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/doc/release-notes'

make[3]: Nothing to be done for 'install-exec-am'.

make[3]: Nothing to be done for 'install-data-am'.

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/doc/release-notes'

make[2]: Leaving directory '/usr/src/squid/squid-3.5.25/doc/release-notes'

make[2]: Entering directory '/usr/src/squid/squid-3.5.25/doc'

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/doc'

make[3]: Nothing to be done for 'install-exec-am'.

make[3]: Nothing to be done for 'install-data-am'.

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/doc'

make[2]: Leaving directory '/usr/src/squid/squid-3.5.25/doc'

make[1]: Leaving directory '/usr/src/squid/squid-3.5.25/doc'

Making install in helpers

make[1]: Entering directory '/usr/src/squid/squid-3.5.25/helpers'

Making install in basic_auth

make[2]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/basic_auth'

Making install in DB

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/basic_auth/DB'

make[4]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/basic_auth/DB'

/bin/mkdir -p '/lib/squid3'

/usr/bin/install -c basic_db_auth '/lib/squid3'

/bin/mkdir -p '/usr/share/man/man8'

/usr/bin/install -c -m 644 basic_db_auth.8 '/usr/share/man/man8'

make[4]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/basic_auth/DB'

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/basic_auth/DB'

Making install in fake

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/basic_auth/fake'

make[4]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/basic_auth/fake'

/bin/mkdir -p '/lib/squid3'

  /bin/bash ../../../libtool   --mode=install /usr/bin/install -c basic_fake_auth '/lib/squid3'

libtool: install: /usr/bin/install -c basic_fake_auth /lib/squid3/basic_fake_auth

make[4]: Nothing to be done for 'install-data-am'.

make[4]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/basic_auth/fake'

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/basic_auth/fake'

Making install in getpwnam

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/basic_auth/getpwnam'

make[4]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/basic_auth/getpwnam'

/bin/mkdir -p '/lib/squid3'

  /bin/bash ../../../libtool   --mode=install /usr/bin/install -c basic_getpwnam_auth '/lib/squid3'

libtool: install: /usr/bin/install -c basic_getpwnam_auth /lib/squid3/basic_getpwnam_auth

/bin/mkdir -p '/usr/share/man/man8'

/usr/bin/install -c -m 644 basic_getpwnam_auth.8 '/usr/share/man/man8'

make[4]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/basic_auth/getpwnam'

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/basic_auth/getpwnam'

Making install in LDAP

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/basic_auth/LDAP'

make[4]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/basic_auth/LDAP'

/bin/mkdir -p '/lib/squid3'

  /bin/bash ../../../libtool   --mode=install /usr/bin/install -c basic_ldap_auth '/lib/squid3'

libtool: install: /usr/bin/install -c basic_ldap_auth /lib/squid3/basic_ldap_auth

/bin/mkdir -p '/usr/share/man/man8'

/usr/bin/install -c -m 644 basic_ldap_auth.8 '/usr/share/man/man8'

make[4]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/basic_auth/LDAP'

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/basic_auth/LDAP'

Making install in NCSA

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/basic_auth/NCSA'

make[4]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/basic_auth/NCSA'

/bin/mkdir -p '/lib/squid3'

  /bin/bash ../../../libtool   --mode=install /usr/bin/install -c basic_ncsa_auth '/lib/squid3'

libtool: install: /usr/bin/install -c basic_ncsa_auth /lib/squid3/basic_ncsa_auth

/bin/mkdir -p '/usr/share/man/man8'

/usr/bin/install -c -m 644 basic_ncsa_auth.8 '/usr/share/man/man8'

make[4]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/basic_auth/NCSA'

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/basic_auth/NCSA'

Making install in NIS

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/basic_auth/NIS'

make[4]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/basic_auth/NIS'

/bin/mkdir -p '/lib/squid3'

  /bin/bash ../../../libtool   --mode=install /usr/bin/install -c basic_nis_auth '/lib/squid3'

libtool: install: /usr/bin/install -c basic_nis_auth /lib/squid3/basic_nis_auth

make[4]: Nothing to be done for 'install-data-am'.

make[4]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/basic_auth/NIS'

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/basic_auth/NIS'

Making install in PAM

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/basic_auth/PAM'

make[4]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/basic_auth/PAM'

/bin/mkdir -p '/lib/squid3'

  /bin/bash ../../../libtool   --mode=install /usr/bin/install -c basic_pam_auth '/lib/squid3'

libtool: install: /usr/bin/install -c basic_pam_auth /lib/squid3/basic_pam_auth

/bin/mkdir -p '/usr/share/man/man8'

/usr/bin/install -c -m 644 basic_pam_auth.8 '/usr/share/man/man8'

make[4]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/basic_auth/PAM'

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/basic_auth/PAM'

Making install in POP3

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/basic_auth/POP3'

make[4]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/basic_auth/POP3'

/bin/mkdir -p '/lib/squid3'

/usr/bin/install -c basic_pop3_auth '/lib/squid3'

/bin/mkdir -p '/usr/share/man/man8'

/usr/bin/install -c -m 644 basic_pop3_auth.8 '/usr/share/man/man8'

make[4]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/basic_auth/POP3'

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/basic_auth/POP3'

Making install in RADIUS

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/basic_auth/RADIUS'

make[4]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/basic_auth/RADIUS'

/bin/mkdir -p '/lib/squid3'

  /bin/bash ../../../libtool   --mode=install /usr/bin/install -c basic_radius_auth '/lib/squid3'

libtool: install: /usr/bin/install -c basic_radius_auth /lib/squid3/basic_radius_auth

/bin/mkdir -p '/usr/share/man/man8'

/usr/bin/install -c -m 644 basic_radius_auth.8 '/usr/share/man/man8'

make[4]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/basic_auth/RADIUS'

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/basic_auth/RADIUS'

Making install in SASL

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/basic_auth/SASL'

make[4]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/basic_auth/SASL'

/bin/mkdir -p '/lib/squid3'

  /bin/bash ../../../libtool   --mode=install /usr/bin/install -c basic_sasl_auth '/lib/squid3'

libtool: install: /usr/bin/install -c basic_sasl_auth /lib/squid3/basic_sasl_auth

/bin/mkdir -p '/usr/share/man/man8'

/usr/bin/install -c -m 644 basic_sasl_auth.8 '/usr/share/man/man8'

make[4]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/basic_auth/SASL'

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/basic_auth/SASL'

Making install in SMB

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/basic_auth/SMB'

make[4]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/basic_auth/SMB'

/bin/mkdir -p '/lib/squid3'

  /bin/bash ../../../libtool   --mode=install /usr/bin/install -c basic_smb_auth '/lib/squid3'

libtool: install: /usr/bin/install -c basic_smb_auth /lib/squid3/basic_smb_auth

/bin/mkdir -p '/lib/squid3'

/usr/bin/install -c basic_smb_auth.sh '/lib/squid3'

make[4]: Nothing to be done for 'install-data-am'.

make[4]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/basic_auth/SMB'

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/basic_auth/SMB'

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/basic_auth'

make[4]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/basic_auth'

make[4]: Nothing to be done for 'install-exec-am'.

make[4]: Nothing to be done for 'install-data-am'.

make[4]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/basic_auth'

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/basic_auth'

make[2]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/basic_auth'

Making install in digest_auth

make[2]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/digest_auth'

Making install in file

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/digest_auth/file'

make[4]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/digest_auth/file'

/bin/mkdir -p '/lib/squid3'

  /bin/bash ../../../libtool   --mode=install /usr/bin/install -c digest_file_auth '/lib/squid3'

libtool: install: /usr/bin/install -c digest_file_auth /lib/squid3/digest_file_auth

/bin/mkdir -p '/usr/share/man/man8'

/usr/bin/install -c -m 644 digest_file_auth.8 '/usr/share/man/man8'

make[4]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/digest_auth/file'

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/digest_auth/file'

Making install in LDAP

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/digest_auth/LDAP'

make[4]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/digest_auth/LDAP'

/bin/mkdir -p '/lib/squid3'

  /bin/bash ../../../libtool   --mode=install /usr/bin/install -c digest_ldap_auth '/lib/squid3'

libtool: install: /usr/bin/install -c digest_ldap_auth /lib/squid3/digest_ldap_auth

make[4]: Nothing to be done for 'install-data-am'.

make[4]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/digest_auth/LDAP'

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/digest_auth/LDAP'

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/digest_auth'

make[4]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/digest_auth'

make[4]: Nothing to be done for 'install-exec-am'.

make[4]: Nothing to be done for 'install-data-am'.

make[4]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/digest_auth'

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/digest_auth'

make[2]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/digest_auth'

Making install in external_acl

make[2]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/external_acl'

Making install in file_userip

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/external_acl/file_userip'

make[4]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/external_acl/file_userip'

/bin/mkdir -p '/lib/squid3'

  /bin/bash ../../../libtool   --mode=install /usr/bin/install -c ext_file_userip_acl '/lib/squid3'

libtool: install: /usr/bin/install -c ext_file_userip_acl /lib/squid3/ext_file_userip_acl

/bin/mkdir -p '/usr/share/man/man8'

/usr/bin/install -c -m 644 ext_file_userip_acl.8 '/usr/share/man/man8'

make[4]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/external_acl/file_userip'

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/external_acl/file_userip'

Making install in kerberos_ldap_group

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/external_acl/kerberos_ldap_group'

make[4]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/external_acl/kerberos_ldap_group'

make[5]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/external_acl/kerberos_ldap_group'

/bin/mkdir -p '/lib/squid3'

  /bin/bash ../../../libtool   --mode=install /usr/bin/install -c ext_kerberos_ldap_group_acl '/lib/squid3'

libtool: install: /usr/bin/install -c ext_kerberos_ldap_group_acl /lib/squid3/ext_kerberos_ldap_group_acl

/bin/mkdir -p '/lib/squid3'

/usr/bin/install -c cert_tool '/lib/squid3'

make[5]: Nothing to be done for 'install-data-am'.

make[5]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/external_acl/kerberos_ldap_group'

make[4]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/external_acl/kerberos_ldap_group'

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/external_acl/kerberos_ldap_group'

Making install in LDAP_group

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/external_acl/LDAP_group'

make[4]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/external_acl/LDAP_group'

/bin/mkdir -p '/lib/squid3'

  /bin/bash ../../../libtool   --mode=install /usr/bin/install -c ext_ldap_group_acl '/lib/squid3'

libtool: install: /usr/bin/install -c ext_ldap_group_acl /lib/squid3/ext_ldap_group_acl

/bin/mkdir -p '/usr/share/man/man8'

/usr/bin/install -c -m 644 ext_ldap_group_acl.8 '/usr/share/man/man8'

make[4]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/external_acl/LDAP_group'

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/external_acl/LDAP_group'

Making install in session

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/external_acl/session'

make[4]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/external_acl/session'

/bin/mkdir -p '/lib/squid3'

  /bin/bash ../../../libtool   --mode=install /usr/bin/install -c ext_session_acl '/lib/squid3'

libtool: install: /usr/bin/install -c ext_session_acl /lib/squid3/ext_session_acl

/bin/mkdir -p '/usr/share/man/man8'

/usr/bin/install -c -m 644 ext_session_acl.8 '/usr/share/man/man8'

make[4]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/external_acl/session'

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/external_acl/session'

Making install in SQL_session

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/external_acl/SQL_session'

make[4]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/external_acl/SQL_session'

/bin/mkdir -p '/lib/squid3'

/usr/bin/install -c ext_sql_session_acl '/lib/squid3'

/bin/mkdir -p '/usr/share/man/man8'

/usr/bin/install -c -m 644 ext_sql_session_acl.8 '/usr/share/man/man8'

make[4]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/external_acl/SQL_session'

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/external_acl/SQL_session'

Making install in unix_group

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/external_acl/unix_group'

make[4]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/external_acl/unix_group'

/bin/mkdir -p '/lib/squid3'

  /bin/bash ../../../libtool   --mode=install /usr/bin/install -c ext_unix_group_acl '/lib/squid3'

libtool: install: /usr/bin/install -c ext_unix_group_acl /lib/squid3/ext_unix_group_acl

/bin/mkdir -p '/usr/share/man/man8'

/usr/bin/install -c -m 644 ext_unix_group_acl.8 '/usr/share/man/man8'

make[4]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/external_acl/unix_group'

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/external_acl/unix_group'

Making install in wbinfo_group

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/external_acl/wbinfo_group'

make[4]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/external_acl/wbinfo_group'

/bin/mkdir -p '/lib/squid3'

/usr/bin/install -c ext_wbinfo_group_acl '/lib/squid3'

/bin/mkdir -p '/usr/share/man/man8'

/usr/bin/install -c -m 644 ext_wbinfo_group_acl.8 '/usr/share/man/man8'

make[4]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/external_acl/wbinfo_group'

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/external_acl/wbinfo_group'

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/external_acl'

make[4]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/external_acl'

make[4]: Nothing to be done for 'install-exec-am'.

make[4]: Nothing to be done for 'install-data-am'.

make[4]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/external_acl'

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/external_acl'

make[2]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/external_acl'

Making install in log_daemon

make[2]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/log_daemon'

Making install in DB

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/log_daemon/DB'

make[4]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/log_daemon/DB'

/bin/mkdir -p '/lib/squid3'

/usr/bin/install -c log_db_daemon '/lib/squid3'

/bin/mkdir -p '/usr/share/man/man8'

/usr/bin/install -c -m 644 log_db_daemon.8 '/usr/share/man/man8'

make[4]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/log_daemon/DB'

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/log_daemon/DB'

Making install in file

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/log_daemon/file'

make[4]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/log_daemon/file'

/bin/mkdir -p '/lib/squid3'

  /bin/bash ../../../libtool   --mode=install /usr/bin/install -c log_file_daemon '/lib/squid3'

libtool: install: /usr/bin/install -c log_file_daemon /lib/squid3/log_file_daemon

make[4]: Nothing to be done for 'install-data-am'.

make[4]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/log_daemon/file'

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/log_daemon/file'

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/log_daemon'

make[4]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/log_daemon'

make[4]: Nothing to be done for 'install-exec-am'.

make[4]: Nothing to be done for 'install-data-am'.

make[4]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/log_daemon'

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/log_daemon'

make[2]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/log_daemon'

Making install in negotiate_auth

make[2]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/negotiate_auth'

Making install in kerberos

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/negotiate_auth/kerberos'

make[4]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/negotiate_auth/kerberos'

make[5]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/negotiate_auth/kerberos'

/bin/mkdir -p '/lib/squid3'

  /bin/bash ../../../libtool   --mode=install /usr/bin/install -c negotiate_kerberos_auth negotiate_kerberos_auth_test '/lib/squid3'

libtool: install: /usr/bin/install -c negotiate_kerberos_auth /lib/squid3/negotiate_kerberos_auth

libtool: install: /usr/bin/install -c negotiate_kerberos_auth_test /lib/squid3/negotiate_kerberos_auth_test

/bin/mkdir -p '/usr/share/man/man8'

/usr/bin/install -c -m 644 negotiate_kerberos_auth.8 '/usr/share/man/man8'

make[5]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/negotiate_auth/kerberos'

make[4]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/negotiate_auth/kerberos'

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/negotiate_auth/kerberos'

Making install in wrapper

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/negotiate_auth/wrapper'

make[4]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/negotiate_auth/wrapper'

/bin/mkdir -p '/lib/squid3'

  /bin/bash ../../../libtool   --mode=install /usr/bin/install -c negotiate_wrapper_auth '/lib/squid3'

libtool: install: /usr/bin/install -c negotiate_wrapper_auth /lib/squid3/negotiate_wrapper_auth

make[4]: Nothing to be done for 'install-data-am'.

make[4]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/negotiate_auth/wrapper'

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/negotiate_auth/wrapper'

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/negotiate_auth'

make[4]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/negotiate_auth'

make[4]: Nothing to be done for 'install-exec-am'.

make[4]: Nothing to be done for 'install-data-am'.

make[4]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/negotiate_auth'

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/negotiate_auth'

make[2]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/negotiate_auth'

Making install in url_rewrite

make[2]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/url_rewrite'

Making install in fake

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/url_rewrite/fake'

make[4]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/url_rewrite/fake'

/bin/mkdir -p '/lib/squid3'

  /bin/bash ../../../libtool   --mode=install /usr/bin/install -c url_fake_rewrite '/lib/squid3'

libtool: install: /usr/bin/install -c url_fake_rewrite /lib/squid3/url_fake_rewrite

/bin/mkdir -p '/lib/squid3'

/usr/bin/install -c url_fake_rewrite.sh '/lib/squid3'

make[4]: Nothing to be done for 'install-data-am'.

make[4]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/url_rewrite/fake'

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/url_rewrite/fake'

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/url_rewrite'

make[4]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/url_rewrite'

make[4]: Nothing to be done for 'install-exec-am'.

make[4]: Nothing to be done for 'install-data-am'.

make[4]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/url_rewrite'

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/url_rewrite'

make[2]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/url_rewrite'

Making install in storeid_rewrite

make[2]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/storeid_rewrite'

Making install in file

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/storeid_rewrite/file'

make[4]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/storeid_rewrite/file'

/bin/mkdir -p '/lib/squid3'

/usr/bin/install -c storeid_file_rewrite '/lib/squid3'

/bin/mkdir -p '/usr/share/man/man8'

/usr/bin/install -c -m 644 storeid_file_rewrite.8 '/usr/share/man/man8'

make[4]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/storeid_rewrite/file'

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/storeid_rewrite/file'

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/storeid_rewrite'

make[4]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/storeid_rewrite'

make[4]: Nothing to be done for 'install-exec-am'.

make[4]: Nothing to be done for 'install-data-am'.

make[4]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/storeid_rewrite'

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/storeid_rewrite'

make[2]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/storeid_rewrite'

Making install in ntlm_auth

make[2]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/ntlm_auth'

Making install in fake

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/ntlm_auth/fake'

make[4]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/ntlm_auth/fake'

/bin/mkdir -p '/lib/squid3'

  /bin/bash ../../../libtool   --mode=install /usr/bin/install -c ntlm_fake_auth '/lib/squid3'

libtool: install: /usr/bin/install -c ntlm_fake_auth /lib/squid3/ntlm_fake_auth

make[4]: Nothing to be done for 'install-data-am'.

make[4]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/ntlm_auth/fake'

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/ntlm_auth/fake'

Making install in smb_lm

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/ntlm_auth/smb_lm'

make[4]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/ntlm_auth/smb_lm'

/bin/mkdir -p '/lib/squid3'

  /bin/bash ../../../libtool   --mode=install /usr/bin/install -c ntlm_smb_lm_auth '/lib/squid3'

libtool: install: /usr/bin/install -c ntlm_smb_lm_auth /lib/squid3/ntlm_smb_lm_auth

make[4]: Nothing to be done for 'install-data-am'.

make[4]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/ntlm_auth/smb_lm'

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/ntlm_auth/smb_lm'

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/ntlm_auth'

make[4]: Entering directory '/usr/src/squid/squid-3.5.25/helpers/ntlm_auth'

make[4]: Nothing to be done for 'install-exec-am'.

make[4]: Nothing to be done for 'install-data-am'.

make[4]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/ntlm_auth'

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/ntlm_auth'

make[2]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers/ntlm_auth'

make[2]: Entering directory '/usr/src/squid/squid-3.5.25/helpers'

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/helpers'

make[3]: Nothing to be done for 'install-exec-am'.

make[3]: Nothing to be done for 'install-data-am'.

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers'

make[2]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers'

make[1]: Leaving directory '/usr/src/squid/squid-3.5.25/helpers'

Making install in src

make[1]: Entering directory '/usr/src/squid/squid-3.5.25/src'

make  install-recursive

make[2]: Entering directory '/usr/src/squid/squid-3.5.25/src'

Making install in base

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/src/base'

make[4]: Entering directory '/usr/src/squid/squid-3.5.25/src/base'

make[4]: Nothing to be done for 'install-exec-am'.

make[4]: Nothing to be done for 'install-data-am'.

make[4]: Leaving directory '/usr/src/squid/squid-3.5.25/src/base'

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/src/base'

Making install in anyp

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/src/anyp'

make[4]: Entering directory '/usr/src/squid/squid-3.5.25/src/anyp'

make[4]: Nothing to be done for 'install-exec-am'.

make[4]: Nothing to be done for 'install-data-am'.

make[4]: Leaving directory '/usr/src/squid/squid-3.5.25/src/anyp'

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/src/anyp'

Making install in helper

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/src/helper'

make[4]: Entering directory '/usr/src/squid/squid-3.5.25/src/helper'

make[4]: Nothing to be done for 'install-exec-am'.

make[4]: Nothing to be done for 'install-data-am'.

make[4]: Leaving directory '/usr/src/squid/squid-3.5.25/src/helper'

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/src/helper'

Making install in ftp

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/src/ftp'

make[4]: Entering directory '/usr/src/squid/squid-3.5.25/src/ftp'

make[4]: Nothing to be done for 'install-exec-am'.

make[4]: Nothing to be done for 'install-data-am'.

make[4]: Leaving directory '/usr/src/squid/squid-3.5.25/src/ftp'

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/src/ftp'

Making install in parser

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/src/parser'

make[4]: Entering directory '/usr/src/squid/squid-3.5.25/src/parser'

make[4]: Nothing to be done for 'install-exec-am'.

make[4]: Nothing to be done for 'install-data-am'.

make[4]: Leaving directory '/usr/src/squid/squid-3.5.25/src/parser'

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/src/parser'

Making install in comm

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/src/comm'

make[4]: Entering directory '/usr/src/squid/squid-3.5.25/src/comm'

make[4]: Nothing to be done for 'install-exec-am'.

make[4]: Nothing to be done for 'install-data-am'.

make[4]: Leaving directory '/usr/src/squid/squid-3.5.25/src/comm'

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/src/comm'

Making install in eui

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/src/eui'

make[4]: Entering directory '/usr/src/squid/squid-3.5.25/src/eui'

make[4]: Nothing to be done for 'install-exec-am'.

make[4]: Nothing to be done for 'install-data-am'.

make[4]: Leaving directory '/usr/src/squid/squid-3.5.25/src/eui'

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/src/eui'

Making install in acl

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/src/acl'

make[4]: Entering directory '/usr/src/squid/squid-3.5.25/src/acl'

make[4]: Nothing to be done for 'install-exec-am'.

make[4]: Nothing to be done for 'install-data-am'.

make[4]: Leaving directory '/usr/src/squid/squid-3.5.25/src/acl'

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/src/acl'

Making install in format

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/src/format'

make[4]: Entering directory '/usr/src/squid/squid-3.5.25/src/format'

make[4]: Nothing to be done for 'install-exec-am'.

make[4]: Nothing to be done for 'install-data-am'.

make[4]: Leaving directory '/usr/src/squid/squid-3.5.25/src/format'

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/src/format'

Making install in clients

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/src/clients'

make[4]: Entering directory '/usr/src/squid/squid-3.5.25/src/clients'

make[4]: Nothing to be done for 'install-exec-am'.

make[4]: Nothing to be done for 'install-data-am'.

make[4]: Leaving directory '/usr/src/squid/squid-3.5.25/src/clients'

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/src/clients'

Making install in servers

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/src/servers'

make[4]: Entering directory '/usr/src/squid/squid-3.5.25/src/servers'

make[4]: Nothing to be done for 'install-exec-am'.

make[4]: Nothing to be done for 'install-data-am'.

make[4]: Leaving directory '/usr/src/squid/squid-3.5.25/src/servers'

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/src/servers'

Making install in fs

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/src/fs'

make[4]: Entering directory '/usr/src/squid/squid-3.5.25/src/fs'

make[4]: Nothing to be done for 'install-exec-am'.

make[4]: Nothing to be done for 'install-data-am'.

make[4]: Leaving directory '/usr/src/squid/squid-3.5.25/src/fs'

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/src/fs'

Making install in repl

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/src/repl'

make[4]: Entering directory '/usr/src/squid/squid-3.5.25/src/repl'

make[4]: Nothing to be done for 'install-exec-am'.

make[4]: Nothing to be done for 'install-data-am'.

make[4]: Leaving directory '/usr/src/squid/squid-3.5.25/src/repl'

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/src/repl'

Making install in auth

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/src/auth'

Making install in basic

make[4]: Entering directory '/usr/src/squid/squid-3.5.25/src/auth/basic'

make[5]: Entering directory '/usr/src/squid/squid-3.5.25/src/auth/basic'

make[5]: Nothing to be done for 'install-exec-am'.

make[5]: Nothing to be done for 'install-data-am'.

make[5]: Leaving directory '/usr/src/squid/squid-3.5.25/src/auth/basic'

make[4]: Leaving directory '/usr/src/squid/squid-3.5.25/src/auth/basic'

Making install in digest

make[4]: Entering directory '/usr/src/squid/squid-3.5.25/src/auth/digest'

make[5]: Entering directory '/usr/src/squid/squid-3.5.25/src/auth/digest'

make[5]: Nothing to be done for 'install-exec-am'.

make[5]: Nothing to be done for 'install-data-am'.

make[5]: Leaving directory '/usr/src/squid/squid-3.5.25/src/auth/digest'

make[4]: Leaving directory '/usr/src/squid/squid-3.5.25/src/auth/digest'

Making install in negotiate

make[4]: Entering directory '/usr/src/squid/squid-3.5.25/src/auth/negotiate'

make[5]: Entering directory '/usr/src/squid/squid-3.5.25/src/auth/negotiate'

make[5]: Nothing to be done for 'install-exec-am'.

make[5]: Nothing to be done for 'install-data-am'.

make[5]: Leaving directory '/usr/src/squid/squid-3.5.25/src/auth/negotiate'

make[4]: Leaving directory '/usr/src/squid/squid-3.5.25/src/auth/negotiate'

Making install in ntlm

make[4]: Entering directory '/usr/src/squid/squid-3.5.25/src/auth/ntlm'

make[5]: Entering directory '/usr/src/squid/squid-3.5.25/src/auth/ntlm'

make[5]: Nothing to be done for 'install-exec-am'.

make[5]: Nothing to be done for 'install-data-am'.

make[5]: Leaving directory '/usr/src/squid/squid-3.5.25/src/auth/ntlm'

make[4]: Leaving directory '/usr/src/squid/squid-3.5.25/src/auth/ntlm'

make[4]: Entering directory '/usr/src/squid/squid-3.5.25/src/auth'

make[5]: Entering directory '/usr/src/squid/squid-3.5.25/src/auth'

make[5]: Nothing to be done for 'install-exec-am'.

make[5]: Nothing to be done for 'install-data-am'.

make[5]: Leaving directory '/usr/src/squid/squid-3.5.25/src/auth'

make[4]: Leaving directory '/usr/src/squid/squid-3.5.25/src/auth'

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/src/auth'

Making install in http

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/src/http'

make[4]: Entering directory '/usr/src/squid/squid-3.5.25/src/http'

make[4]: Nothing to be done for 'install-exec-am'.

make[4]: Nothing to be done for 'install-data-am'.

make[4]: Leaving directory '/usr/src/squid/squid-3.5.25/src/http'

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/src/http'

Making install in ip

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/src/ip'

make[4]: Entering directory '/usr/src/squid/squid-3.5.25/src/ip'

make[4]: Nothing to be done for 'install-exec-am'.

make[4]: Nothing to be done for 'install-data-am'.

make[4]: Leaving directory '/usr/src/squid/squid-3.5.25/src/ip'

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/src/ip'

Making install in icmp

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/src/icmp'

make[4]: Entering directory '/usr/src/squid/squid-3.5.25/src/icmp'

/bin/mkdir -p '/lib/squid3'

  /bin/bash ../../libtool   --mode=install /usr/bin/install -c pinger '/lib/squid3'

libtool: install: /usr/bin/install -c pinger /lib/squid3/pinger

make[4]: Nothing to be done for 'install-data-am'.

make[4]: Leaving directory '/usr/src/squid/squid-3.5.25/src/icmp'

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/src/icmp'

Making install in ident

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/src/ident'

make[4]: Entering directory '/usr/src/squid/squid-3.5.25/src/ident'

make[4]: Nothing to be done for 'install-exec-am'.

make[4]: Nothing to be done for 'install-data-am'.

make[4]: Leaving directory '/usr/src/squid/squid-3.5.25/src/ident'

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/src/ident'

Making install in log

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/src/log'

make[4]: Entering directory '/usr/src/squid/squid-3.5.25/src/log'

make[4]: Nothing to be done for 'install-exec-am'.

make[4]: Nothing to be done for 'install-data-am'.

make[4]: Leaving directory '/usr/src/squid/squid-3.5.25/src/log'

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/src/log'

Making install in ipc

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/src/ipc'

make[4]: Entering directory '/usr/src/squid/squid-3.5.25/src/ipc'

make[4]: Nothing to be done for 'install-exec-am'.

/bin/bash /usr/src/squid/squid-3.5.25/cfgaux/install-sh -d /var/run/squid;

make[4]: Leaving directory '/usr/src/squid/squid-3.5.25/src/ipc'

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/src/ipc'

Making install in mgr

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/src/mgr'

make[4]: Entering directory '/usr/src/squid/squid-3.5.25/src/mgr'

make[4]: Nothing to be done for 'install-exec-am'.

make[4]: Nothing to be done for 'install-data-am'.

make[4]: Leaving directory '/usr/src/squid/squid-3.5.25/src/mgr'

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/src/mgr'

Making install in snmp

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/src/snmp'

make[4]: Entering directory '/usr/src/squid/squid-3.5.25/src/snmp'

make[4]: Nothing to be done for 'install-exec-am'.

make[4]: Nothing to be done for 'install-data-am'.

make[4]: Leaving directory '/usr/src/squid/squid-3.5.25/src/snmp'

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/src/snmp'

Making install in adaptation

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/src/adaptation'

Making install in icap

make[4]: Entering directory '/usr/src/squid/squid-3.5.25/src/adaptation/icap'

make[5]: Entering directory '/usr/src/squid/squid-3.5.25/src/adaptation/icap'

make[5]: Nothing to be done for 'install-exec-am'.

make[5]: Nothing to be done for 'install-data-am'.

make[5]: Leaving directory '/usr/src/squid/squid-3.5.25/src/adaptation/icap'

make[4]: Leaving directory '/usr/src/squid/squid-3.5.25/src/adaptation/icap'

Making install in ecap

make[4]: Entering directory '/usr/src/squid/squid-3.5.25/src/adaptation/ecap'

make[5]: Entering directory '/usr/src/squid/squid-3.5.25/src/adaptation/ecap'

make[5]: Nothing to be done for 'install-exec-am'.

make[5]: Nothing to be done for 'install-data-am'.

make[5]: Leaving directory '/usr/src/squid/squid-3.5.25/src/adaptation/ecap'

make[4]: Leaving directory '/usr/src/squid/squid-3.5.25/src/adaptation/ecap'

make[4]: Entering directory '/usr/src/squid/squid-3.5.25/src/adaptation'

make[5]: Entering directory '/usr/src/squid/squid-3.5.25/src/adaptation'

make[5]: Nothing to be done for 'install-exec-am'.

make[5]: Nothing to be done for 'install-data-am'.

make[5]: Leaving directory '/usr/src/squid/squid-3.5.25/src/adaptation'

make[4]: Leaving directory '/usr/src/squid/squid-3.5.25/src/adaptation'

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/src/adaptation'

Making install in esi

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/src/esi'

make[4]: Entering directory '/usr/src/squid/squid-3.5.25/src/esi'

make[4]: Nothing to be done for 'install-exec-am'.

make[4]: Nothing to be done for 'install-data-am'.

make[4]: Leaving directory '/usr/src/squid/squid-3.5.25/src/esi'

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/src/esi'

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/src'

make[4]: Entering directory '/usr/src/squid/squid-3.5.25/src'

/bin/mkdir -p '/lib/squid3'

  /bin/bash ../libtool   --mode=install /usr/bin/install -c DiskIO/DiskDaemon/diskd unlinkd '/lib/squid3'

libtool: install: /usr/bin/install -c DiskIO/DiskDaemon/diskd /lib/squid3/diskd

libtool: install: /usr/bin/install -c unlinkd /lib/squid3/unlinkd

/bin/mkdir -p '/usr/sbin'

  /bin/bash ../libtool   --mode=install /usr/bin/install -c squid '/usr/sbin'

libtool: install: /usr/bin/install -c squid /usr/sbin/squid

/bin/mkdir -p '/etc/squid3'

/usr/bin/install -c -m 644 squid.conf.default squid.conf.documented mime.conf.default '/etc/squid3'

/bin/mkdir -p '/usr/share/squid3'

/usr/bin/install -c -m 644 mib.txt '/usr/share/squid3'

install-data-local will not overwrite existing /etc/squid3/mime.conf

install-data-local will not overwrite existing /etc/squid3/squid.conf

echo "/usr/bin/install -c -m 644 squid.conf.default /etc/squid3/squid.conf.default"; \

/usr/bin/install -c -m 644 squid.conf.default /etc/squid3/squid.conf.default; \

echo "/usr/bin/install -c -m 644 squid.conf.documented /etc/squid3/squid.conf.documented"; \

/usr/bin/install -c -m 644 squid.conf.documented /etc/squid3/squid.conf.documented; \

/bin/bash /usr/src/squid/squid-3.5.25/cfgaux/install-sh -d /var/log/squid3; \

/bin/bash /usr/src/squid/squid-3.5.25/cfgaux/install-sh -d /var/spool/squid3; \

/bin/bash /usr/src/squid/squid-3.5.25/cfgaux/install-sh -d `dirname /var/run/squid3.pid`

/usr/bin/install -c -m 644 squid.conf.default /etc/squid3/squid.conf.default

/usr/bin/install -c -m 644 squid.conf.documented /etc/squid3/squid.conf.documented

/bin/mkdir -p '/usr/share/man/man8'

/usr/bin/install -c -m 644 squid.8 '/usr/share/man/man8'

make[4]: Leaving directory '/usr/src/squid/squid-3.5.25/src'

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/src'

make[2]: Leaving directory '/usr/src/squid/squid-3.5.25/src'

make[1]: Leaving directory '/usr/src/squid/squid-3.5.25/src'

Making install in tools

make[1]: Entering directory '/usr/src/squid/squid-3.5.25/tools'

Making install in purge

make[2]: Entering directory '/usr/src/squid/squid-3.5.25/tools/purge'

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/tools/purge'

/bin/mkdir -p '/usr/bin'

  /bin/bash ../../libtool   --mode=install /usr/bin/install -c purge '/usr/bin'

libtool: install: /usr/bin/install -c purge /usr/bin/purge

make[3]: Nothing to be done for 'install-data-am'.

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/tools/purge'

make[2]: Leaving directory '/usr/src/squid/squid-3.5.25/tools/purge'

Making install in squidclient

make[2]: Entering directory '/usr/src/squid/squid-3.5.25/tools/squidclient'

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/tools/squidclient'

make[4]: Entering directory '/usr/src/squid/squid-3.5.25/tools/squidclient'

/bin/mkdir -p '/usr/bin'

  /bin/bash ../../libtool   --mode=install /usr/bin/install -c squidclient '/usr/bin'

libtool: install: /usr/bin/install -c squidclient /usr/bin/squidclient

/bin/mkdir -p '/usr/share/man/man1'

/usr/bin/install -c -m 644 squidclient.1 '/usr/share/man/man1'

make[4]: Leaving directory '/usr/src/squid/squid-3.5.25/tools/squidclient'

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/tools/squidclient'

make[2]: Leaving directory '/usr/src/squid/squid-3.5.25/tools/squidclient'

Making install in systemd

make[2]: Entering directory '/usr/src/squid/squid-3.5.25/tools/systemd'

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/tools/systemd'

make[3]: Nothing to be done for 'install-exec-am'.

make[3]: Nothing to be done for 'install-data-am'.

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/tools/systemd'

make[2]: Leaving directory '/usr/src/squid/squid-3.5.25/tools/systemd'

Making install in sysvinit

make[2]: Entering directory '/usr/src/squid/squid-3.5.25/tools/sysvinit'

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/tools/sysvinit'

make[3]: Nothing to be done for 'install-exec-am'.

make[3]: Nothing to be done for 'install-data-am'.

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/tools/sysvinit'

make[2]: Leaving directory '/usr/src/squid/squid-3.5.25/tools/sysvinit'

make[2]: Entering directory '/usr/src/squid/squid-3.5.25/tools'

make[3]: Entering directory '/usr/src/squid/squid-3.5.25/tools'

/bin/mkdir -p '/lib/squid3'

  /bin/bash ../libtool   --mode=install /usr/bin/install -c cachemgr.cgi '/lib/squid3'

libtool: install: /usr/bin/install -c cachemgr.cgi /lib/squid3/cachemgr.cgi

/bin/mkdir -p '/lib/squid3'

/usr/bin/install -c helper-mux.pl '/lib/squid3'

/usr/bin/install -c -m 644 ./cachemgr.conf /etc/squid3/cachemgr.conf.default

install-data-local will not overwrite existing /etc/squid3/cachemgr.conf

/bin/mkdir -p '/usr/share/man/man8'

/usr/bin/install -c -m 644 cachemgr.cgi.8 '/usr/share/man/man8'

make[3]: Leaving directory '/usr/src/squid/squid-3.5.25/tools'

make[2]: Leaving directory '/usr/src/squid/squid-3.5.25/tools'

make[1]: Leaving directory '/usr/src/squid/squid-3.5.25/tools'

Making install in test-suite

make[1]: Entering directory '/usr/src/squid/squid-3.5.25/test-suite'

make[2]: Entering directory '/usr/src/squid/squid-3.5.25/test-suite'

make[2]: Nothing to be done for 'install-exec-am'.

make[2]: Nothing to be done for 'install-data-am'.

make[2]: Leaving directory '/usr/src/squid/squid-3.5.25/test-suite'

make[1]: Leaving directory '/usr/src/squid/squid-3.5.25/test-suite'

make[1]: Entering directory '/usr/src/squid/squid-3.5.25'

make[2]: Entering directory '/usr/src/squid/squid-3.5.25'

make[2]: Nothing to be done for 'install-exec-am'.

make[2]: Nothing to be done for 'install-data-am'.

make[2]: Leaving directory '/usr/src/squid/squid-3.5.25'

make[1]: Leaving directory '/usr/src/squid/squid-3.5.25'



[hidden email]

lennox-it.uk

tel: 07900 648 252




________________________________

From: Antony Stone <[hidden email]>

To: "[hidden email]" <[hidden email]>

Sent: Friday, 14 April 2017, 12:58

Subject: Re: [squid-users] HTTPS woes




On Friday 14 April 2017 at 13:52:08, Olly Lennox wrote:


> I've tried building it and it seems to have make install -ed correctly but

> I'm getting "command not found" when I try to execute squid3.


Well, what command are you trying to run (the one which is "not found")?


And what do you from "whereis squid"?


If that second command shows nothing, what do you get from:

"find / -type f -name squid"?



Antony.


>       From: Rafael Akchurin <[hidden email]>

>  To: "[hidden email]"

> <[hidden email]> Sent: Friday, 14 April 2017, 12:40

>  Subject: Re: [squid-users] HTTPS woes

>

> >>> Then my config in Squid is like this, the dhparams file I generated as per

instructions in the squid wiki:

> >> First of all: what's Squid's version?

> >

> > And secondly; are you sufficiently capable with Debian to (cross-)build

> > your own Squid package that can run on Raspian? The Debian squid/squid3

> > packages do not have TLS/SSL/HTTPS support. So you will be building your

> > own to get the bumping features.

>

> When you decide to recompile on Raspbian, please be sure to take a look at

> https://docs.diladele.com/administrator_guide_5_0/install/rpi/squid.html -

> it describes one way of doing this  *on* RPI (without cross compiling).

> But it is slooowwww. _______________________________________________

> squid-users mailing list

> [hidden email]

> http://lists.squid-cache.org/listinfo/squid-users


--

"I think both KDE and Gnome suck - I'm quite unbiased in that, because I use a

Mac."


- Jason Isitt


                                                   Please reply to the list;

                                                         please *don't* CC me.


_______________________________________________

squid-users mailing list

[hidden email]

http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: HTTPS woes

Olly Lennox
In reply to this post by Rafael Akchurin
Thanks Rafael,

I'm trying this out now, have had to enable the stretch repos but seems to be building!
 
[hidden email]
lennox-it.uk
tel: 07900 648 252



From: Rafael Akchurin <[hidden email]>
To: "[hidden email]" <[hidden email]>
Sent: Friday, 14 April 2017, 12:40
Subject: Re: [squid-users] HTTPS woes

>>> Then my config in Squid is like this, the dhparams file I generated as per instructions in the squid wiki:
>> First of all: what's Squid's version?

> And secondly; are you sufficiently capable with Debian to (cross-)build your own Squid package that can run on Raspian?
> The Debian squid/squid3 packages do not have TLS/SSL/HTTPS support. So you will be building your own to get the bumping features.

When you decide to recompile on Raspbian, please be sure to take a look at https://docs.diladele.com/administrator_guide_5_0/install/rpi/squid.html - it describes one way of doing this  *on* RPI (without cross compiling). But it is slooowwww.

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users



_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: HTTPS woes

Amos Jeffries
Administrator
In reply to this post by Olly Lennox
On 15/04/2017 12:15 a.m., Olly Lennox wrote:
> libtool: install: /usr/bin/install -c squid /usr/sbin/squid


So, like I said the binary name is just "squid", not 'squid3'

Amos

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: HTTPS woes

Olly Lennox
In reply to this post by Olly Lennox
Hi Guys.

I'm still struggling with this. I'm trying to build a version of 3.5 but I just can't get it to work. I'm currently attempting to rebuild the stretch package with SSL enabled but build keeps failing with the following:

../../src/ssl/gadgets.h:83:45: error: âCRYPTO_LOCK_X509â was not declared in this scope
 typedef LockingPointer<X509, X509_free_cpp, CRYPTO_LOCK_X509> X509_Pointer;
                                             ^~~~~~~~~~~~~~~~
../../src/ssl/gadgets.h:83:61: error: template argument 3 is invalid
 typedef LockingPointer<X509, X509_free_cpp, CRYPTO_LOCK_X509> X509_Pointer;
                                                             ^
../../src/ssl/gadgets.h:89:53: error: âCRYPTO_LOCK_EVP_PKEYâ was not declared in this scope
 typedef LockingPointer<EVP_PKEY, EVP_PKEY_free_cpp, CRYPTO_LOCK_EVP_PKEY> EVP_PKEY_Pointer;
                                                     ^~~~~~~~~~~~~~~~~~~~
../../src/ssl/gadgets.h:89:73: error: template argument 3 is invalid
 typedef LockingPointer<EVP_PKEY, EVP_PKEY_free_cpp, CRYPTO_LOCK_EVP_PKEY> EVP_PKEY_Pointer;
                                                                         ^
../../src/ssl/gadgets.h:116:43: error: âCRYPTO_LOCK_SSLâ was not declared in this scope
 typedef LockingPointer<SSL, SSL_free_cpp, CRYPTO_LOCK_SSL> SSL_Pointer;
                                           ^~~~~~~~~~~~~~~
../../src/ssl/gadgets.h:116:58: error: template argument 3 is invalid
 typedef LockingPointer<SSL, SSL_free_cpp, CRYPTO_LOCK_SSL> SSL_Pointer;
                                                          ^

Any ideas?

Thanks
 
[hidden email]
lennox-it.uk
tel: 07900 648 252



From: Olly Lennox <[hidden email]>
To: Rafael Akchurin <[hidden email]>; "[hidden email]" <[hidden email]>
Sent: Friday, 14 April 2017, 14:07
Subject: Re: [squid-users] HTTPS woes

Thanks Rafael,

I'm trying this out now, have had to enable the stretch repos but seems to be building!
 
[hidden email]
lennox-it.uk
tel: 07900 648 252



From: Rafael Akchurin <[hidden email]>
To: "[hidden email]" <[hidden email]>
Sent: Friday, 14 April 2017, 12:40
Subject: Re: [squid-users] HTTPS woes

>>> Then my config in Squid is like this, the dhparams file I generated as per instructions in the squid wiki:
>> First of all: what's Squid's version?

> And secondly; are you sufficiently capable with Debian to (cross-)build your own Squid package that can run on Raspian?
> The Debian squid/squid3 packages do not have TLS/SSL/HTTPS support. So you will be building your own to get the bumping features.

When you decide to recompile on Raspbian, please be sure to take a look at https://docs.diladele.com/administrator_guide_5_0/install/rpi/squid.html - it describes one way of doing this  *on* RPI (without cross compiling). But it is slooowwww.

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users


_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users



_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: HTTPS woes

Amos Jeffries
Administrator
On 15/04/2017 9:59 a.m., Olly Lennox wrote:
> Hi Guys.
> I'm still struggling with this. I'm trying to build a version of 3.5 but I just can't get it to work. I'm currently attempting to rebuild the stretch package with SSL enabled but build keeps failing with the following:
> ../../src/ssl/gadgets.h:83:45: error: âCRYPTO_LOCK_X509â was not declared in this scope typedef LockingPointer<X509, X509_free_cpp, CRYPTO_LOCK_X509> X509_Pointer;                                             ^~~~~~~~~~~~~~~~../../src/ssl/gadgets.h:83:61: error: template argument 3 is invalid typedef LockingPointer<X509, X509_free_cpp, CRYPTO_LOCK_X509> X509_Pointer;                                                             ^../../src/ssl/gadgets.h:89:53: error: âCRYPTO_LOCK_EVP_PKEYâ was not declared in this scope typedef LockingPointer<EVP_PKEY, EVP_PKEY_free_cpp, CRYPTO_LOCK_EVP_PKEY> EVP_PKEY_Pointer;                                                     ^~~~~~~~~~~~~~~~~~~~../../src/ssl/gadgets.h:89:73: error: template argument 3 is invalid typedef LockingPointer<EVP_PKEY, EVP_PKEY_free_cpp, CRYPTO_LOCK_EVP_PKEY> EVP_PKEY_Pointer;                                                                         ^../../src/ssl/gadgets.h:116:43: error: âCRYPTO_LOCK_SSLâ was not declared in this scope typedef LockingPointer<SSL, SSL_free_cpp, CRYPTO_LOCK_SSL> SSL_Pointer;                                           ^~~~~~~~~~~~~~~../../src/ssl/gadgets.h:116:58: error: template argument 3 is invalid typedef LockingPointer<SSL, SSL_free_cpp, CRYPTO_LOCK_SSL> SSL_Pointer;                                                          ^
> Any ideas?



On Jesse/stable:

 apt-get build-dep squid3
 apt-get install libss-dev


On stretch/testing/unstable:

 apt-get build-dep squid
 apt-get install libss1.0-dev


That should do it for you.

Amos

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: HTTPS woes

Olly Lennox
Thanks Amos, it's finally built but I had to disabled ecap, for whatever reason this kept failing (with version 1.0.1 installed). It failed on a reference to the Area function I think but I don't have the error message copied. I'm trying now to configure the ssl stare/peek and will let you know how it goes.

Olly
 
[hidden email]
lennox-it.uk
tel: 07900 648 252



From: Amos Jeffries <[hidden email]>
To: [hidden email]
Sent: Saturday, 15 April 2017, 23:07
Subject: Re: [squid-users] HTTPS woes

On 15/04/2017 9:59 a.m., Olly Lennox wrote:
> Hi Guys.
> I'm still struggling with this. I'm trying to build a version of 3.5 but I just can't get it to work. I'm currently attempting to rebuild the stretch package with SSL enabled but build keeps failing with the following:
> ../../src/ssl/gadgets.h:83:45: error: âCRYPTO_LOCK_X509â was not declared in this scope typedef LockingPointer<X509, X509_free_cpp, CRYPTO_LOCK_X509> X509_Pointer;                                            ^~~~~~~~~~~~~~~~../../src/ssl/gadgets.h:83:61: error: template argument 3 is invalid typedef LockingPointer<X509, X509_free_cpp, CRYPTO_LOCK_X509> X509_Pointer;                                                            ^../../src/ssl/gadgets.h:89:53: error: âCRYPTO_LOCK_EVP_PKEYâ was not declared in this scope typedef LockingPointer<EVP_PKEY, EVP_PKEY_free_cpp, CRYPTO_LOCK_EVP_PKEY> EVP_PKEY_Pointer;                                                    ^~~~~~~~~~~~~~~~~~~~../../src/ssl/gadgets.h:89:73: error: template argument 3 is invalid typedef LockingPointer<EVP_PKEY, EVP_PKEY_free_cpp, CRYPTO_LOCK_EVP_PKEY> EVP_PKEY_Pointer;                                                                        ^../../src/ssl/gadgets.h:116:43: error: âCRYPTO_LOCK_SSLâ was not declared in this scope typedef LockingPointer<SSL, SSL_free_cpp, CRYPTO_LOCK_SSL> SSL_Pointer;                                          ^~~~~~~~~~~~~~~../../src/ssl/gadgets.h:116:58: error: template argument 3 is invalid typedef LockingPointer<SSL, SSL_free_cpp, CRYPTO_LOCK_SSL> SSL_Pointer;                                                          ^
> Any ideas?



On Jesse/stable:

apt-get build-dep squid3
apt-get install libss-dev


On stretch/testing/unstable:

apt-get build-dep squid
apt-get install libss1.0-dev


That should do it for you.

Amos


_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users



_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: HTTPS woes

Olly Lennox
Hi All,

Still having problems here. This is my https config now:


---------------------------------https_port 3129 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid3/ssl_cert/squid.crt key=/etc/squid3/ssl_cert/squid.key options=NO_SSLv3 dhparams=/etc/squid3/ssl_cert/dhparam.pem

acl step1 at_step SslBump1
ssl_bump peek step1
ssl_bump bump all
sslproxy_options NO_SSLv2,NO_SSLv3,SINGLE_DH_USE
sslproxy_cipher EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS

sslcrtd_program /usr/lib/squid3/ssl_crtd -s /var/lib/ssl_db -M 4MB
sslcrtd_children 8 startup=1 idle=1

---------------------------------


I'm running version 3.5.23 with openssl 1.0. I've had to disable libecap because I couldn't build 3.5 with ecap enabled. I'm getting the following error when trying to connect with SSL:

---------------------------------

The following error was encountered while trying to retrieve the URL: https://www.google.co.uk/* 

Failed to establish a secure connection to 216.58.198.67

The system returned:

(71) Protocol error (TLS code: X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY)
SSL Certficate error: certificate issuer (CA) not known: /C=US/O=Equifax/OU=Equifax Secure Certificate Authority

This proxy and the remote host failed to negotiate a mutually acceptable security settings for handling your request. It is possible that the remote host does not support secure connections, or the proxy is not satisfied with the host security credentials.

Your cache administrator is webmaster.

Generated Tue, 18 Apr 2017 12:23:40 GMT by raspberrypi (squid/3.5.23)
---------------------------------

The CA is always listed as not known not matter what site I try I always get this error.

Any ideas?

Thanks,

Olly

________________________________
From: Olly Lennox <[hidden email]>
To: Amos Jeffries <[hidden email]>; "[hidden email]" <[hidden email]>
Sent: Sunday, 16 April 2017, 9:31
Subject: Re: [squid-users] HTTPS woes



Thanks Amos, it's finally built but I had to disabled ecap, for whatever reason this kept failing (with version 1.0.1 installed). It failed on a reference to the Area function I think but I don't have the error message copied. I'm trying now to configure the ssl stare/peek and will let you know how it goes.

Olly
 
[hidden email]
lennox-it.uk
tel: 07900 648 252



________________________________
From: Amos Jeffries <[hidden email]>
To: [hidden email]
Sent: Saturday, 15 April 2017, 23:07
Subject: Re: [squid-users] HTTPS woes



On 15/04/2017 9:59 a.m., Olly Lennox wrote:
> Hi Guys.
> I'm still struggling with this. I'm trying to build a version of 3.5 but I just can't get it to work. I'm currently attempting to rebuild the stretch package with SSL enabled but build keeps failing with the following:
> ../../src/ssl/gadgets.h:83:45: error: âCRYPTO_LOCK_X509â was not declared in this scope typedef LockingPointer<X509, X509_free_cpp, CRYPTO_LOCK_X509> X509_Pointer;                                             ^~~~~~~~~~~~~~~~../../src/ssl/gadgets.h:83:61: error: template argument 3 is invalid typedef LockingPointer<X509, X509_free_cpp, CRYPTO_LOCK_X509> X509_Pointer;                                                             ^../../src/ssl/gadgets.h:89:53: error: âCRYPTO_LOCK_EVP_PKEYâ was not declared in this scope typedef LockingPointer<EVP_PKEY, EVP_PKEY_free_cpp, CRYPTO_LOCK_EVP_PKEY> EVP_PKEY_Pointer;                                                     ^~~~~~~~~~~~~~~~~~~~../../src/ssl/gadgets.h:89:73: error: template argument 3 is invalid typedef LockingPointer<EVP_PKEY, EVP_PKEY_free_cpp, CRYPTO_LOCK_EVP_PKEY> EVP_PKEY_Pointer;                                                                         ^../../src/ssl/gadgets.h:116:43: error: âCRYPTO_LOCK_SSLâ was not declared in this scope typedef LockingPointer<SSL, SSL_free_cpp, CRYPTO_LOCK_SSL> SSL_Pointer;                                           ^~~~~~~~~~~~~~~../../src/ssl/gadgets.h:116:58: error: template argument 3 is invalid typedef LockingPointer<SSL, SSL_free_cpp, CRYPTO_LOCK_SSL> SSL_Pointer;                                                          ^
> Any ideas?



On Jesse/stable:

apt-get build-dep squid3
apt-get install libss-dev


On stretch/testing/unstable:

apt-get build-dep squid
apt-get install libss1.0-dev


That should do it for you.

Amos


_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users



_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: HTTPS woes

Yuri Voinov
Try to specify roots CA bundle/dir explicity by specifying one of this
params:


#  TAG: sslproxy_cafile
#    file containing CA certificates to use when verifying server
#    certificates while proxying https:// URLs
#Default:
# none

#  TAG: sslproxy_capath
#    directory containing CA certificates to use when verifying
#    server certificates while proxying https:// URLs
#Default:
# none



18.04.2017 18:46, Olly Lennox пишет:

> Hi All,
>
> Still having problems here. This is my https config now:
>
>
> ---------------------------------https_port 3129 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid3/ssl_cert/squid.crt key=/etc/squid3/ssl_cert/squid.key options=NO_SSLv3 dhparams=/etc/squid3/ssl_cert/dhparam.pem
>
> acl step1 at_step SslBump1
> ssl_bump peek step1
> ssl_bump bump all
> sslproxy_options NO_SSLv2,NO_SSLv3,SINGLE_DH_USE
> sslproxy_cipher EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS
>
> sslcrtd_program /usr/lib/squid3/ssl_crtd -s /var/lib/ssl_db -M 4MB
> sslcrtd_children 8 startup=1 idle=1
>
> ---------------------------------
>
>
> I'm running version 3.5.23 with openssl 1.0. I've had to disable libecap because I couldn't build 3.5 with ecap enabled. I'm getting the following error when trying to connect with SSL:
>
> ---------------------------------
>
> The following error was encountered while trying to retrieve the URL: https://www.google.co.uk/*
>
> Failed to establish a secure connection to 216.58.198.67
>
> The system returned:
>
> (71) Protocol error (TLS code: X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY)
> SSL Certficate error: certificate issuer (CA) not known: /C=US/O=Equifax/OU=Equifax Secure Certificate Authority
>
> This proxy and the remote host failed to negotiate a mutually acceptable security settings for handling your request. It is possible that the remote host does not support secure connections, or the proxy is not satisfied with the host security credentials.
>
> Your cache administrator is webmaster.
>
> Generated Tue, 18 Apr 2017 12:23:40 GMT by raspberrypi (squid/3.5.23)
> ---------------------------------
>
> The CA is always listed as not known not matter what site I try I always get this error.
>
> Any ideas?
>
> Thanks,
>
> Olly
>
> ________________________________
> From: Olly Lennox <[hidden email]>
> To: Amos Jeffries <[hidden email]>; "[hidden email]" <[hidden email]>
> Sent: Sunday, 16 April 2017, 9:31
> Subject: Re: [squid-users] HTTPS woes
>
>
>
> Thanks Amos, it's finally built but I had to disabled ecap, for whatever reason this kept failing (with version 1.0.1 installed). It failed on a reference to the Area function I think but I don't have the error message copied. I'm trying now to configure the ssl stare/peek and will let you know how it goes.
>
> Olly
>  
> [hidden email]
> lennox-it.uk
> tel: 07900 648 252
>
>
>
> ________________________________
> From: Amos Jeffries <[hidden email]>
> To: [hidden email]
> Sent: Saturday, 15 April 2017, 23:07
> Subject: Re: [squid-users] HTTPS woes
>
>
>
> On 15/04/2017 9:59 a.m., Olly Lennox wrote:
>> Hi Guys.
>> I'm still struggling with this. I'm trying to build a version of 3.5 but I just can't get it to work. I'm currently attempting to rebuild the stretch package with SSL enabled but build keeps failing with the following:
>> ../../src/ssl/gadgets.h:83:45: error: âCRYPTO_LOCK_X509â was not declared in this scope typedef LockingPointer<X509, X509_free_cpp, CRYPTO_LOCK_X509> X509_Pointer;                                             ^~~~~~~~~~~~~~~~../../src/ssl/gadgets.h:83:61: error: template argument 3 is invalid typedef LockingPointer<X509, X509_free_cpp, CRYPTO_LOCK_X509> X509_Pointer;                                                             ^../../src/ssl/gadgets.h:89:53: error: âCRYPTO_LOCK_EVP_PKEYâ was not declared in this scope typedef LockingPointer<EVP_PKEY, EVP_PKEY_free_cpp, CRYPTO_LOCK_EVP_PKEY> EVP_PKEY_Pointer;                                                     ^~~~~~~~~~~~~~~~~~~~../../src/ssl/gadgets.h:89:73: error: template argument 3 is invalid typedef LockingPointer<EVP_PKEY, EVP_PKEY_free_cpp, CRYPTO_LOCK_EVP_PKEY> EVP_PKEY_Pointer;                                                                         ^../../src/ssl/gadgets.h:116:43: error: âCRYPTO_LOCK_SSLâ was not declared in this scope typedef LockingPointer<SSL, SSL_free_cpp, CRYPTO_LOCK_SSL> SSL_Pointer;                                           ^~~~~~~~~~~~~~~../../src/ssl/gadgets.h:116:58: error: template argument 3 is invalid typedef LockingPointer<SSL, SSL_free_cpp, CRYPTO_LOCK_SSL> SSL_Pointer;                                                          ^
>> Any ideas?
>
>
> On Jesse/stable:
>
> apt-get build-dep squid3
> apt-get install libss-dev
>
>
> On stretch/testing/unstable:
>
> apt-get build-dep squid
> apt-get install libss1.0-dev
>
>
> That should do it for you.
>
> Amos
>
>
> _______________________________________________
> squid-users mailing list
> [hidden email]
> http://lists.squid-cache.org/listinfo/squid-users
>
>
>
> _______________________________________________
> squid-users mailing list
> [hidden email]
> http://lists.squid-cache.org/listinfo/squid-users
> _______________________________________________
> squid-users mailing list
> [hidden email]
> http://lists.squid-cache.org/listinfo/squid-users


_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: HTTPS woes

Olly Lennox
I'm using 

sslproxy_foreign_intermediate_certs

Is this the same thing? 

Also is there anywhere to get a bundle of all the major CA intermdiate certs or do you have to download them all manually?

Cheers,
 
[hidden email]
lennox-it.uk
tel: 07900 648 252



From: Yuri <[hidden email]>
To: [hidden email]
Sent: Tuesday, 18 April 2017, 13:51
Subject: Re: [squid-users] HTTPS woes

Try to specify roots CA bundle/dir explicity by specifying one of this
params:


#  TAG: sslproxy_cafile
#    file containing CA certificates to use when verifying server
#    certificates while proxying https:// URLs
#Default:
# none

#  TAG: sslproxy_capath
#    directory containing CA certificates to use when verifying
#    server certificates while proxying https:// URLs
#Default:
# none



18.04.2017 18:46, Olly Lennox пишет:

> Hi All,
>
> Still having problems here. This is my https config now:
>
>
> ---------------------------------https_port 3129 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid3/ssl_cert/squid.crt key=/etc/squid3/ssl_cert/squid.key options=NO_SSLv3 dhparams=/etc/squid3/ssl_cert/dhparam.pem
>
> acl step1 at_step SslBump1
> ssl_bump peek step1
> ssl_bump bump all
> sslproxy_options NO_SSLv2,NO_SSLv3,SINGLE_DH_USE
> sslproxy_cipher EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS
>
> sslcrtd_program /usr/lib/squid3/ssl_crtd -s /var/lib/ssl_db -M 4MB
> sslcrtd_children 8 startup=1 idle=1
>
> ---------------------------------
>
>
> I'm running version 3.5.23 with openssl 1.0. I've had to disable libecap because I couldn't build 3.5 with ecap enabled. I'm getting the following error when trying to connect with SSL:
>
> ---------------------------------
>
> The following error was encountered while trying to retrieve the URL: https://www.google.co.uk/*
>
> Failed to establish a secure connection to 216.58.198.67
>
> The system returned:
>
> (71) Protocol error (TLS code: X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY)
> SSL Certficate error: certificate issuer (CA) not known: /C=US/O=Equifax/OU=Equifax Secure Certificate Authority
>
> This proxy and the remote host failed to negotiate a mutually acceptable security settings for handling your request. It is possible that the remote host does not support secure connections, or the proxy is not satisfied with the host security credentials.
>
> Your cache administrator is webmaster.
>
> Generated Tue, 18 Apr 2017 12:23:40 GMT by raspberrypi (squid/3.5.23)
> ---------------------------------
>
> The CA is always listed as not known not matter what site I try I always get this error.
>
> Any ideas?
>
> Thanks,
>
> Olly
>
> ________________________________
> From: Olly Lennox <[hidden email]>
> To: Amos Jeffries <[hidden email]>; "[hidden email]" <[hidden email]>
> Sent: Sunday, 16 April 2017, 9:31
> Subject: Re: [squid-users] HTTPS woes
>
>
>
> Thanks Amos, it's finally built but I had to disabled ecap, for whatever reason this kept failing (with version 1.0.1 installed). It failed on a reference to the Area function I think but I don't have the error message copied. I'm trying now to configure the ssl stare/peek and will let you know how it goes.
>
> Olly

> [hidden email]
> lennox-it.uk
> tel: 07900 648 252
>
>
>
> ________________________________
> From: Amos Jeffries <[hidden email]>
> To: [hidden email]
> Sent: Saturday, 15 April 2017, 23:07
> Subject: Re: [squid-users] HTTPS woes
>
>
>
> On 15/04/2017 9:59 a.m., Olly Lennox wrote:
>> Hi Guys.
>> I'm still struggling with this. I'm trying to build a version of 3.5 but I just can't get it to work. I'm currently attempting to rebuild the stretch package with SSL enabled but build keeps failing with the following:
>> ../../src/ssl/gadgets.h:83:45: error: âCRYPTO_LOCK_X509â was not declared in this scope typedef LockingPointer<X509, X509_free_cpp, CRYPTO_LOCK_X509> X509_Pointer;                                            ^~~~~~~~~~~~~~~~../../src/ssl/gadgets.h:83:61: error: template argument 3 is invalid typedef LockingPointer<X509, X509_free_cpp, CRYPTO_LOCK_X509> X509_Pointer;                                                            ^../../src/ssl/gadgets.h:89:53: error: âCRYPTO_LOCK_EVP_PKEYâ was not declared in this scope typedef LockingPointer<EVP_PKEY, EVP_PKEY_free_cpp, CRYPTO_LOCK_EVP_PKEY> EVP_PKEY_Pointer;                                                    ^~~~~~~~~~~~~~~~~~~~../../src/ssl/gadgets.h:89:73: error: template argument 3 is invalid typedef LockingPointer<EVP_PKEY, EVP_PKEY_free_cpp, CRYPTO_LOCK_EVP_PKEY> EVP_PKEY_Pointer;                                                                        ^../../src/ssl/gadgets.h:116:43: error: âCRYPTO_LOCK_SSLâ was not declared in this scope typedef LockingPointer<SSL, SSL_free_cpp, CRYPTO_LOCK_SSL> SSL_Pointer;                                          ^~~~~~~~~~~~~~~../../src/ssl/gadgets.h:116:58: error: template argument 3 is invalid typedef LockingPointer<SSL, SSL_free_cpp, CRYPTO_LOCK_SSL> SSL_Pointer;                                                          ^
>> Any ideas?
>
>
> On Jesse/stable:
>
> apt-get build-dep squid3
> apt-get install libss-dev
>
>
> On stretch/testing/unstable:
>
> apt-get build-dep squid
> apt-get install libss1.0-dev
>
>
> That should do it for you.
>
> Amos
>
>
> _______________________________________________
> squid-users mailing list
> [hidden email]
> http://lists.squid-cache.org/listinfo/squid-users
>
>
>
> _______________________________________________
> squid-users mailing list
> [hidden email]
> http://lists.squid-cache.org/listinfo/squid-users

> _______________________________________________
> squid-users mailing list
> [hidden email]
> http://lists.squid-cache.org/listinfo/squid-users


_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users



_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: HTTPS woes

Yuri Voinov



18.04.2017 18:56, Olly Lennox пишет:
I'm using 

sslproxy_foreign_intermediate_certs

Is this the same thing?
No. You firstly required CA roots available for squid. CA roots and intermediate is the different things.

Also is there anywhere to get a bundle of all the major CA intermdiate certs or do you have to download them all manually?
No. You should build it by yourself.

Cheers,
 
[hidden email]
lennox-it.uk
tel: 07900 648 252



From: Yuri [hidden email]
To: [hidden email]
Sent: Tuesday, 18 April 2017, 13:51
Subject: Re: [squid-users] HTTPS woes

Try to specify roots CA bundle/dir explicity by specifying one of this
params:


#  TAG: sslproxy_cafile
#    file containing CA certificates to use when verifying server
#    certificates while proxying <a class="moz-txt-link-freetext" href="https://">https:// URLs
#Default:
# none

#  TAG: sslproxy_capath
#    directory containing CA certificates to use when verifying
#    server certificates while proxying <a class="moz-txt-link-freetext" href="https://">https:// URLs
#Default:
# none



18.04.2017 18:46, Olly Lennox пишет:
> Hi All,
>
> Still having problems here. This is my https config now:
>
>
> ---------------------------------https_port 3129 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid3/ssl_cert/squid.crt key=/etc/squid3/ssl_cert/squid.key options=NO_SSLv3 dhparams=/etc/squid3/ssl_cert/dhparam.pem
>
> acl step1 at_step SslBump1
> ssl_bump peek step1
> ssl_bump bump all
> sslproxy_options NO_SSLv2,NO_SSLv3,SINGLE_DH_USE
> sslproxy_cipher EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS
>
> sslcrtd_program /usr/lib/squid3/ssl_crtd -s /var/lib/ssl_db -M 4MB
> sslcrtd_children 8 startup=1 idle=1
>
> ---------------------------------
>
>
> I'm running version 3.5.23 with openssl 1.0. I've had to disable libecap because I couldn't build 3.5 with ecap enabled. I'm getting the following error when trying to connect with SSL:
>
> ---------------------------------
>
> The following error was encountered while trying to retrieve the URL: https://www.google.co.uk/*
>
> Failed to establish a secure connection to 216.58.198.67
>
> The system returned:
>
> (71) Protocol error (TLS code: X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY)
> SSL Certficate error: certificate issuer (CA) not known: /C=US/O=Equifax/OU=Equifax Secure Certificate Authority
>
> This proxy and the remote host failed to negotiate a mutually acceptable security settings for handling your request. It is possible that the remote host does not support secure connections, or the proxy is not satisfied with the host security credentials.
>
> Your cache administrator is webmaster.
>
> Generated Tue, 18 Apr 2017 12:23:40 GMT by raspberrypi (squid/3.5.23)
> ---------------------------------
>
> The CA is always listed as not known not matter what site I try I always get this error.
>
> Any ideas?
>
> Thanks,
>
> Olly
>
> ________________________________
> From: Olly Lennox <[hidden email]>
> To: Amos Jeffries <[hidden email]>; "[hidden email]" <[hidden email]>
> Sent: Sunday, 16 April 2017, 9:31
> Subject: Re: [squid-users] HTTPS woes
>
>
>
> Thanks Amos, it's finally built but I had to disabled ecap, for whatever reason this kept failing (with version 1.0.1 installed). It failed on a reference to the Area function I think but I don't have the error message copied. I'm trying now to configure the ssl stare/peek and will let you know how it goes.
>
> Olly

> [hidden email]
> lennox-it.uk
> tel: 07900 648 252
>
>
>
> ________________________________
> From: Amos Jeffries <[hidden email]>
> To: [hidden email]
> Sent: Saturday, 15 April 2017, 23:07
> Subject: Re: [squid-users] HTTPS woes
>
>
>
> On 15/04/2017 9:59 a.m., Olly Lennox wrote:
>> Hi Guys.
>> I'm still struggling with this. I'm trying to build a version of 3.5 but I just can't get it to work. I'm currently attempting to rebuild the stretch package with SSL enabled but build keeps failing with the following:
>> ../../src/ssl/gadgets.h:83:45: error: âCRYPTO_LOCK_X509â was not declared in this scope typedef LockingPointer<X509, X509_free_cpp, CRYPTO_LOCK_X509> X509_Pointer;                                            ^~~~~~~~~~~~~~~~../../src/ssl/gadgets.h:83:61: error: template argument 3 is invalid typedef LockingPointer<X509, X509_free_cpp, CRYPTO_LOCK_X509> X509_Pointer;                                                            ^../../src/ssl/gadgets.h:89:53: error: âCRYPTO_LOCK_EVP_PKEYâ was not declared in this scope typedef LockingPointer<EVP_PKEY, EVP_PKEY_free_cpp, CRYPTO_LOCK_EVP_PKEY> EVP_PKEY_Pointer;                                                    ^~~~~~~~~~~~~~~~~~~~../../src/ssl/gadgets.h:89:73: error: template argument 3 is invalid typedef LockingPointer<EVP_PKEY, EVP_PKEY_free_cpp, CRYPTO_LOCK_EVP_PKEY> EVP_PKEY_Pointer;                                                                        ^../../src/ssl/gadgets.h:116:43: error: âCRYPTO_LOCK_SSLâ was not declared in this scope typedef LockingPointer<SSL, SSL_free_cpp, CRYPTO_LOCK_SSL> SSL_Pointer;                                          ^~~~~~~~~~~~~~~../../src/ssl/gadgets.h:116:58: error: template argument 3 is invalid typedef LockingPointer<SSL, SSL_free_cpp, CRYPTO_LOCK_SSL> SSL_Pointer;                                                          ^
>> Any ideas?
>
>
> On Jesse/stable:
>
> apt-get build-dep squid3
> apt-get install libss-dev
>
>
> On stretch/testing/unstable:
>
> apt-get build-dep squid
> apt-get install libss1.0-dev
>
>
> That should do it for you.
>
> Amos
>
>
> _______________________________________________
> squid-users mailing list
> [hidden email]
> http://lists.squid-cache.org/listinfo/squid-users
>
>
>
> _______________________________________________
> squid-users mailing list
> [hidden email]
> http://lists.squid-cache.org/listinfo/squid-users

> _______________________________________________
> squid-users mailing list
> [hidden email]
> http://lists.squid-cache.org/listinfo/squid-users


_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users




_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: HTTPS woes

Olly Lennox
So anyone who wants to use Squid over HTTPS in the way has to build this repository themselves by manually downloading all the CA bundles?
 




From: Yuri <[hidden email]>
To: Olly Lennox <[hidden email]>; "[hidden email]" <[hidden email]>
Sent: Tuesday, 18 April 2017, 14:03
Subject: Re: [squid-users] HTTPS woes



18.04.2017 18:56, Olly Lennox пишет:
I'm using 

sslproxy_foreign_intermediate_certs

Is this the same thing?
No. You firstly required CA roots available for squid. CA roots and intermediate is the different things.

Also is there anywhere to get a bundle of all the major CA intermdiate certs or do you have to download them all manually?
No. You should build it by yourself.


Cheers,
 
[hidden email]
lennox-it.uk
tel: 07900 648 252



From: Yuri [hidden email]
To: [hidden email]
Sent: Tuesday, 18 April 2017, 13:51
Subject: Re: [squid-users] HTTPS woes

Try to specify roots CA bundle/dir explicity by specifying one of this
params:


#  TAG: sslproxy_cafile
#    file containing CA certificates to use when verifying server
#    certificates while proxying https:// URLs
#Default:
# none

#  TAG: sslproxy_capath
#    directory containing CA certificates to use when verifying
#    server certificates while proxying https:// URLs
#Default:
# none



18.04.2017 18:46, Olly Lennox пишет:
> Hi All,
>
> Still having problems here. This is my https config now:
>
>
> ---------------------------------https_port 3129 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid3/ssl_cert/squid.crt key=/etc/squid3/ssl_cert/squid.key options=NO_SSLv3 dhparams=/etc/squid3/ssl_cert/dhparam.pem
>
> acl step1 at_step SslBump1
> ssl_bump peek step1
> ssl_bump bump all
> sslproxy_options NO_SSLv2,NO_SSLv3,SINGLE_DH_USE
> sslproxy_cipher EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS
>
> sslcrtd_program /usr/lib/squid3/ssl_crtd -s /var/lib/ssl_db -M 4MB
> sslcrtd_children 8 startup=1 idle=1
>
> ---------------------------------
>
>
> I'm running version 3.5.23 with openssl 1.0. I've had to disable libecap because I couldn't build 3.5 with ecap enabled. I'm getting the following error when trying to connect with SSL:
>
> ---------------------------------
>
> The following error was encountered while trying to retrieve the URL: https://www.google.co.uk/*
>
> Failed to establish a secure connection to 216.58.198.67
>
> The system returned:
>
> (71) Protocol error (TLS code: X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY)
> SSL Certficate error: certificate issuer (CA) not known: /C=US/O=Equifax/OU=Equifax Secure Certificate Authority
>
> This proxy and the remote host failed to negotiate a mutually acceptable security settings for handling your request. It is possible that the remote host does not support secure connections, or the proxy is not satisfied with the host security credentials.
>
> Your cache administrator is webmaster.
>
> Generated Tue, 18 Apr 2017 12:23:40 GMT by raspberrypi (squid/3.5.23)
> ---------------------------------
>
> The CA is always listed as not known not matter what site I try I always get this error.
>
> Any ideas?
>
> Thanks,
>
> Olly
>
> ________________________________
> From: Olly Lennox <[hidden email]>
> To: Amos Jeffries <[hidden email]>; "[hidden email]" <[hidden email]>
> Sent: Sunday, 16 April 2017, 9:31
> Subject: Re: [squid-users] HTTPS woes
>
>
>
> Thanks Amos, it's finally built but I had to disabled ecap, for whatever reason this kept failing (with version 1.0.1 installed). It failed on a reference to the Area function I think but I don't have the error message copied. I'm trying now to configure the ssl stare/peek and will let you know how it goes.
>
> Olly

> [hidden email]
> lennox-it.uk
> tel: 07900 648 252
>
>
>
> ________________________________
> From: Amos Jeffries <[hidden email]>
> To: [hidden email]
> Sent: Saturday, 15 April 2017, 23:07
> Subject: Re: [squid-users] HTTPS woes
>
>
>
> On 15/04/2017 9:59 a.m., Olly Lennox wrote:
>> Hi Guys.
>> I'm still struggling with this. I'm trying to build a version of 3.5 but I just can't get it to work. I'm currently attempting to rebuild the stretch package with SSL enabled but build keeps failing with the following:
>> ../../src/ssl/gadgets.h:83:45: error: âCRYPTO_LOCK_X509â was not declared in this scope typedef LockingPointer<X509, X509_free_cpp, CRYPTO_LOCK_X509> X509_Pointer;                                            ^~~~~~~~~~~~~~~~../../src/ssl/gadgets.h:83:61: error: template argument 3 is invalid typedef LockingPointer<X509, X509_free_cpp, CRYPTO_LOCK_X509> X509_Pointer;                                                            ^../../src/ssl/gadgets.h:89:53: error: âCRYPTO_LOCK_EVP_PKEYâ was not declared in this scope typedef LockingPointer<EVP_PKEY, EVP_PKEY_free_cpp, CRYPTO_LOCK_EVP_PKEY> EVP_PKEY_Pointer;                                                    ^~~~~~~~~~~~~~~~~~~~../../src/ssl/gadgets.h:89:73: error: template argument 3 is invalid typedef LockingPointer<EVP_PKEY, EVP_PKEY_free_cpp, CRYPTO_LOCK_EVP_PKEY> EVP_PKEY_Pointer;                                                                        ^../../src/ssl/gadgets.h:116:43: error: âCRYPTO_LOCK_SSLâ was not declared in this scope typedef LockingPointer<SSL, SSL_free_cpp, CRYPTO_LOCK_SSL> SSL_Pointer;                                          ^~~~~~~~~~~~~~~../../src/ssl/gadgets.h:116:58: error: template argument 3 is invalid typedef LockingPointer<SSL, SSL_free_cpp, CRYPTO_LOCK_SSL> SSL_Pointer;                                                          ^
>> Any ideas?
>
>
> On Jesse/stable:
>
> apt-get build-dep squid3
> apt-get install libss-dev
>
>
> On stretch/testing/unstable:
>
> apt-get build-dep squid
> apt-get install libss1.0-dev
>
>
> That should do it for you.
>
> Amos
>
>
> _______________________________________________
> squid-users mailing list
> [hidden email]
> http://lists.squid-cache.org/listinfo/squid-users
>
>
>
> _______________________________________________
> squid-users mailing list
> [hidden email]
> http://lists.squid-cache.org/listinfo/squid-users

> _______________________________________________
> squid-users mailing list
> [hidden email]
> http://lists.squid-cache.org/listinfo/squid-users


_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users






_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: HTTPS woes

Yuri Voinov

You talked about two different things.

1. root CA usually built-in in clients. For standalone use, root CA (from Mozilla) usually distributes with openssl distributions. If you need (or your openssl distribution does not contains root CAs), you can find separately distributed Mozilla CA's by short googling:

https://www.google.com/search?q=Mozilla+CA+bundle

2. Intermediate CA's is subordinate for roots CA. It does not exists by gouverned repository (because of supporting it is work, manual work and should be do by somebody), moreover, it spreaded across CA authorities. There is no automated tool to support this _intermediate_list. The problem also: intermediate CA's usuallu has much short validity period instead of roots, and should supports all time at time.

Finally - it you want to use Squid with SSL Bump, you should understand PKI infrastructure and yes - you should support root CA & intermediate CAs on proxy by yourself all time. There is no free or payment basis service which is do it for you.


18.04.2017 19:35, Olly Lennox пишет:
So anyone who wants to use Squid over HTTPS in the way has to build this repository themselves by manually downloading all the CA bundles?
 




From: Yuri [hidden email]
To: Olly Lennox [hidden email]; [hidden email] [hidden email]
Sent: Tuesday, 18 April 2017, 14:03
Subject: Re: [squid-users] HTTPS woes



18.04.2017 18:56, Olly Lennox пишет:
I'm using 

sslproxy_foreign_intermediate_certs

Is this the same thing?
No. You firstly required CA roots available for squid. CA roots and intermediate is the different things.

Also is there anywhere to get a bundle of all the major CA intermdiate certs or do you have to download them all manually?
No. You should build it by yourself.


Cheers,
 
[hidden email]
lennox-it.uk
tel: 07900 648 252



From: Yuri [hidden email]
To: [hidden email]
Sent: Tuesday, 18 April 2017, 13:51
Subject: Re: [squid-users] HTTPS woes

Try to specify roots CA bundle/dir explicity by specifying one of this
params:


#  TAG: sslproxy_cafile
#    file containing CA certificates to use when verifying server
#    certificates while proxying https:// URLs
#Default:
# none

#  TAG: sslproxy_capath
#    directory containing CA certificates to use when verifying
#    server certificates while proxying https:// URLs
#Default:
# none



18.04.2017 18:46, Olly Lennox пишет:
> Hi All,
>
> Still having problems here. This is my https config now:
>
>
> ---------------------------------https_port 3129 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid3/ssl_cert/squid.crt key=/etc/squid3/ssl_cert/squid.key options=NO_SSLv3 dhparams=/etc/squid3/ssl_cert/dhparam.pem
>
> acl step1 at_step SslBump1
> ssl_bump peek step1
> ssl_bump bump all
> sslproxy_options NO_SSLv2,NO_SSLv3,SINGLE_DH_USE
> sslproxy_cipher EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS
>
> sslcrtd_program /usr/lib/squid3/ssl_crtd -s /var/lib/ssl_db -M 4MB
> sslcrtd_children 8 startup=1 idle=1
>
> ---------------------------------
>
>
> I'm running version 3.5.23 with openssl 1.0. I've had to disable libecap because I couldn't build 3.5 with ecap enabled. I'm getting the following error when trying to connect with SSL:
>
> ---------------------------------
>
> The following error was encountered while trying to retrieve the URL: https://www.google.co.uk/*
>
> Failed to establish a secure connection to 216.58.198.67
>
> The system returned:
>
> (71) Protocol error (TLS code: X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY)
> SSL Certficate error: certificate issuer (CA) not known: /C=US/O=Equifax/OU=Equifax Secure Certificate Authority
>
> This proxy and the remote host failed to negotiate a mutually acceptable security settings for handling your request. It is possible that the remote host does not support secure connections, or the proxy is not satisfied with the host security credentials.
>
> Your cache administrator is webmaster.
>
> Generated Tue, 18 Apr 2017 12:23:40 GMT by raspberrypi (squid/3.5.23)
> ---------------------------------
>
> The CA is always listed as not known not matter what site I try I always get this error.
>
> Any ideas?
>
> Thanks,
>
> Olly
>
> ________________________________
> From: Olly Lennox <[hidden email]>
> To: Amos Jeffries <[hidden email]>; "[hidden email]" <[hidden email]>
> Sent: Sunday, 16 April 2017, 9:31
> Subject: Re: [squid-users] HTTPS woes
>
>
>
> Thanks Amos, it's finally built but I had to disabled ecap, for whatever reason this kept failing (with version 1.0.1 installed). It failed on a reference to the Area function I think but I don't have the error message copied. I'm trying now to configure the ssl stare/peek and will let you know how it goes.
>
> Olly

> [hidden email]
> lennox-it.uk
> tel: 07900 648 252
>
>
>
> ________________________________
> From: Amos Jeffries <[hidden email]>
> To: [hidden email]
> Sent: Saturday, 15 April 2017, 23:07
> Subject: Re: [squid-users] HTTPS woes
>
>
>
> On 15/04/2017 9:59 a.m., Olly Lennox wrote:
>> Hi Guys.
>> I'm still struggling with this. I'm trying to build a version of 3.5 but I just can't get it to work. I'm currently attempting to rebuild the stretch package with SSL enabled but build keeps failing with the following:
>> ../../src/ssl/gadgets.h:83:45: error: âCRYPTO_LOCK_X509â was not declared in this scope typedef LockingPointer<X509, X509_free_cpp, CRYPTO_LOCK_X509> X509_Pointer;                                            ^~~~~~~~~~~~~~~~../../src/ssl/gadgets.h:83:61: error: template argument 3 is invalid typedef LockingPointer<X509, X509_free_cpp, CRYPTO_LOCK_X509> X509_Pointer;                                                            ^../../src/ssl/gadgets.h:89:53: error: âCRYPTO_LOCK_EVP_PKEYâ was not declared in this scope typedef LockingPointer<EVP_PKEY, EVP_PKEY_free_cpp, CRYPTO_LOCK_EVP_PKEY> EVP_PKEY_Pointer;                                                    ^~~~~~~~~~~~~~~~~~~~../../src/ssl/gadgets.h:89:73: error: template argument 3 is invalid typedef LockingPointer<EVP_PKEY, EVP_PKEY_free_cpp, CRYPTO_LOCK_EVP_PKEY> EVP_PKEY_Pointer;                                                                        ^../../src/ssl/gadgets.h:116:43: error: âCRYPTO_LOCK_SSLâ was not declared in this scope typedef LockingPointer<SSL, SSL_free_cpp, CRYPTO_LOCK_SSL> SSL_Pointer;                                          ^~~~~~~~~~~~~~~../../src/ssl/gadgets.h:116:58: error: template argument 3 is invalid typedef LockingPointer<SSL, SSL_free_cpp, CRYPTO_LOCK_SSL> SSL_Pointer;                                                          ^
>> Any ideas?
>
>
> On Jesse/stable:
>
> apt-get build-dep squid3
> apt-get install libss-dev
>
>
> On stretch/testing/unstable:
>
> apt-get build-dep squid
> apt-get install libss1.0-dev
>
>
> That should do it for you.
>
> Amos
>
>
> _______________________________________________
> squid-users mailing list
> [hidden email]
> http://lists.squid-cache.org/listinfo/squid-users
>
>
>
> _______________________________________________
> squid-users mailing list
> [hidden email]
> http://lists.squid-cache.org/listinfo/squid-users

> _______________________________________________
> squid-users mailing list
> [hidden email]
> http://lists.squid-cache.org/listinfo/squid-users


_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users






--
Bugs to the Future

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users

0x613DEC46.asc (2K) Download Attachment
signature.asc (484 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: HTTPS woes

Olly Lennox
Thanks Yuri! The Mozilla Bundle has worked!! Most of the major sites seem to be working which is all we need. How often do these certificates refresh? Would they need updating every month or so?
 
[hidden email]
lennox-it.uk
tel: 07900 648 252



From: Yuri Voinov <[hidden email]>
To: Olly Lennox <[hidden email]>; "[hidden email]" <[hidden email]>
Sent: Tuesday, 18 April 2017, 14:43
Subject: Re: [squid-users] HTTPS woes

You talked about two different things.
1. root CA usually built-in in clients. For standalone use, root CA (from Mozilla) usually distributes with openssl distributions. If you need (or your openssl distribution does not contains root CAs), you can find separately distributed Mozilla CA's by short googling:
2. Intermediate CA's is subordinate for roots CA. It does not exists by gouverned repository (because of supporting it is work, manual work and should be do by somebody), moreover, it spreaded across CA authorities. There is no automated tool to support this _intermediate_list. The problem also: intermediate CA's usuallu has much short validity period instead of roots, and should supports all time at time.
Finally - it you want to use Squid with SSL Bump, you should understand PKI infrastructure and yes - you should support root CA & intermediate CAs on proxy by yourself all time. There is no free or payment basis service which is do it for you.

18.04.2017 19:35, Olly Lennox пишет:
So anyone who wants to use Squid over HTTPS in the way has to build this repository themselves by manually downloading all the CA bundles?
 




From: Yuri [hidden email]
To: Olly Lennox [hidden email]; [hidden email] [hidden email]
Sent: Tuesday, 18 April 2017, 14:03
Subject: Re: [squid-users] HTTPS woes



18.04.2017 18:56, Olly Lennox пишет:
I'm using 

sslproxy_foreign_intermediate_certs

Is this the same thing?
No. You firstly required CA roots available for squid. CA roots and intermediate is the different things.

Also is there anywhere to get a bundle of all the major CA intermdiate certs or do you have to download them all manually?
No. You should build it by yourself.


Cheers,
 
[hidden email]
lennox-it.uk
tel: 07900 648 252



From: Yuri [hidden email]
To: [hidden email]
Sent: Tuesday, 18 April 2017, 13:51
Subject: Re: [squid-users] HTTPS woes

Try to specify roots CA bundle/dir explicity by specifying one of this
params:


#  TAG: sslproxy_cafile
#    file containing CA certificates to use when verifying server
#    certificates while proxying https:// URLs
#Default:
# none

#  TAG: sslproxy_capath
#    directory containing CA certificates to use when verifying
#    server certificates while proxying https:// URLs
#Default:
# none



18.04.2017 18:46, Olly Lennox пишет:
> Hi All,
>
> Still having problems here. This is my https config now:
>
>
> ---------------------------------https_port 3129 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid3/ssl_cert/squid.crt key=/etc/squid3/ssl_cert/squid.key options=NO_SSLv3 dhparams=/etc/squid3/ssl_cert/dhparam.pem
>
> acl step1 at_step SslBump1
> ssl_bump peek step1
> ssl_bump bump all
> sslproxy_options NO_SSLv2,NO_SSLv3,SINGLE_DH_USE
> sslproxy_cipher EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS
>
> sslcrtd_program /usr/lib/squid3/ssl_crtd -s /var/lib/ssl_db -M 4MB
> sslcrtd_children 8 startup=1 idle=1
>
> ---------------------------------
>
>
> I'm running version 3.5.23 with openssl 1.0. I've had to disable libecap because I couldn't build 3.5 with ecap enabled. I'm getting the following error when trying to connect with SSL:
>
> ---------------------------------
>
> The following error was encountered while trying to retrieve the URL: https://www.google.co.uk/*
>
> Failed to establish a secure connection to 216.58.198.67
>
> The system returned:
>
> (71) Protocol error (TLS code: X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY)
> SSL Certficate error: certificate issuer (CA) not known: /C=US/O=Equifax/OU=Equifax Secure Certificate Authority
>
> This proxy and the remote host failed to negotiate a mutually acceptable security settings for handling your request. It is possible that the remote host does not support secure connections, or the proxy is not satisfied with the host security credentials.
>
> Your cache administrator is webmaster.
>
> Generated Tue, 18 Apr 2017 12:23:40 GMT by raspberrypi (squid/3.5.23)
> ---------------------------------
>
> The CA is always listed as not known not matter what site I try I always get this error.
>
> Any ideas?
>
> Thanks,
>
> Olly
>
> ________________________________
> From: Olly Lennox <[hidden email]>
> To: Amos Jeffries <[hidden email]>; "[hidden email]" <[hidden email]>
> Sent: Sunday, 16 April 2017, 9:31
> Subject: Re: [squid-users] HTTPS woes
>
>
>
> Thanks Amos, it's finally built but I had to disabled ecap, for whatever reason this kept failing (with version 1.0.1 installed). It failed on a reference to the Area function I think but I don't have the error message copied. I'm trying now to configure the ssl stare/peek and will let you know how it goes.
>
> Olly

> [hidden email]
> lennox-it.uk
> tel: 07900 648 252
>
>
>
> ________________________________
> From: Amos Jeffries <[hidden email]>
> To: [hidden email]
> Sent: Saturday, 15 April 2017, 23:07
> Subject: Re: [squid-users] HTTPS woes
>
>
>
> On 15/04/2017 9:59 a.m., Olly Lennox wrote:
>> Hi Guys.
>> I'm still struggling with this. I'm trying to build a version of 3.5 but I just can't get it to work. I'm currently attempting to rebuild the stretch package with SSL enabled but build keeps failing with the following:
>> ../../src/ssl/gadgets.h:83:45: error: âCRYPTO_LOCK_X509â was not declared in this scope typedef LockingPointer<X509, X509_free_cpp, CRYPTO_LOCK_X509> X509_Pointer;                                            ^~~~~~~~~~~~~~~~../../src/ssl/gadgets.h:83:61: error: template argument 3 is invalid typedef LockingPointer<X509, X509_free_cpp, CRYPTO_LOCK_X509> X509_Pointer;                                                            ^../../src/ssl/gadgets.h:89:53: error: âCRYPTO_LOCK_EVP_PKEYâ was not declared in this scope typedef LockingPointer<EVP_PKEY, EVP_PKEY_free_cpp, CRYPTO_LOCK_EVP_PKEY> EVP_PKEY_Pointer;                                                    ^~~~~~~~~~~~~~~~~~~~../../src/ssl/gadgets.h:89:73: error: template argument 3 is invalid typedef LockingPointer<EVP_PKEY, EVP_PKEY_free_cpp, CRYPTO_LOCK_EVP_PKEY> EVP_PKEY_Pointer;                                                                        ^../../src/ssl/gadgets.h:116:43: error: âCRYPTO_LOCK_SSLâ was not declared in this scope typedef LockingPointer<SSL, SSL_free_cpp, CRYPTO_LOCK_SSL> SSL_Pointer;                                          ^~~~~~~~~~~~~~~../../src/ssl/gadgets.h:116:58: error: template argument 3 is invalid typedef LockingPointer<SSL, SSL_free_cpp, CRYPTO_LOCK_SSL> SSL_Pointer;                                                          ^
>> Any ideas?
>
>
> On Jesse/stable:
>
> apt-get build-dep squid3
> apt-get install libss-dev
>
>
> On stretch/testing/unstable:
>
> apt-get build-dep squid
> apt-get install libss1.0-dev
>
>
> That should do it for you.
>
> Amos
>
>
> _______________________________________________
> squid-users mailing list
> [hidden email]
> http://lists.squid-cache.org/listinfo/squid-users
>
>
>
> _______________________________________________
> squid-users mailing list
> [hidden email]
> http://lists.squid-cache.org/listinfo/squid-users

> _______________________________________________
> squid-users mailing list
> [hidden email]
> http://lists.squid-cache.org/listinfo/squid-users


_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users






--
Bugs to the Future



_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
12