Hi all,
I'm testing squid 4.5 and facing two issues with intermediate
CA download
At first there is no source IP and I don't know how to allow
this kind of requests with an identification acl
172.23.0.9 - user2 [15/Jan/2019:16:34:51 +0100]
"CONNECT bugs.squid-cache.org:443 HTTP/1.1" 407 4442 447
TCP_DENIED:HIER_NONE "Mozilla/5.0 (Windows NT 6.1; WOW64;
rv:64.0) Gecko/20100101 Firefox/64.0" -
172.23.0.9 - user2 [15/Jan/2019:16:34:51 +0100] "CONNECT
bugs.squid-cache.org:443 HTTP/1.1" 200 0 447 NONE:HIER_DIRECT
"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:64.0) Gecko/20100101
Firefox/64.0" bump
As you can see the request to letsencrypt is denied because a
basic authentication is needed, how I can do a global ACL allow
requests from squid ? I tested 127.0.0.1,local addresses but
without any success
So for testing purpose I removed my identification rules
Now Squid can get the certificate
172.23.0.9 - - [15/Jan/2019:16:33:43 +0100]
"CONNECT bugs.squid-cache.org:443 HTTP/1.1" 200 0 447
NONE:HIER_DIRECT "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:64.0)
Gecko/20100101 Firefox/64.0" bump
172.23.0.9 - - [15/Jan/2019:16:33:43 +0100] "GET
https://bugs.squid-cache.org/
HTTP/1.1" 503 353 349 NONE:HIER_NONE "Mozilla/5.0 (Windows NT
6.1; WOW64; rv:64.0) Gecko/20100101 Firefox/64.0" -
Cache.log
ssl3_get_server_certificate:certificate verify failed (1/-1/0)
I'm missing something?
Thanks
FredB