[squid-users] Squid 2.6-STABLE16 problems accessing HTTPS site with certificate

From: Robert French <[email protected]>
Date: Tue, 2 Oct 2007 23:32:47 +0100

Hello,

We have two proxies which allow our users access to the internet, one as
live box and one as a backup. Both boxes are running Gentoo and Squid 2.6
STABLE16. Recently the live box was replaced with a new server. The OS and
Squid were installed as before with the same configuration file. It now
seems to have developed a problem when accessing HTTPS sites that require a
certificate. When browsing to the site, it prompts for which certificate to
use, then gives a little warning about how the hostname does not match the
URL and then loads half the page. After about 1-2mins, a 404 error is
produced in the areas which it hasn't loaded

The main issue is that the backup proxy, which is running the same version
and same configuration file, does not produce this error and loads the sites
perfectly

I have tried re-emerging Squid, building it from source myself with the same
options and have even copied the binary over from the backup server to the
live one, but it still refuses to load the page.

I know the big change is the new install (the old server has been there for
years and just updated from time to time) but I'm wondering what could be
causing the problem. Other HTTP and HTTPS sites work fine

The log files don't show any errors. The only difference being the amount of
data transferred is a lot less on the live one than on the backup one when
connecting to the problem sites

Is there something obvious I should be checking?

I would have thought that even though I've installed a new OS which has
newer versions of bits and pieces than the backup one, this wouldn't make
much of a difference. Perhaps I'm wrong?

Any thoughts or feedback would be appreciated

 
Robert French
Email : robert.french@renesas.com
 

Registered in England & Wales under number 4586709
Renesas Technology Europe Ltd
Dukes Meadow
Millboard Road, Bourne End
Buckinghamshire SL8 5FH
UK
Received on Tue Oct 02 2007 - 16:33:03 MDT

This archive was generated by hypermail pre-2.1.9 : Thu Nov 01 2007 - 13:00:00 MDT