RE: [squid-users] https --> http reverse proxy problem

From: Mirabello Massimiliano <[email protected]>
Date: Wed, 2 Apr 2008 09:44:46 +0200

 

> -----Original Message-----
> From: Mirabello Massimiliano

>
> > -----Original Message-----
> > From: Henrik Nordstrom [mailto:henrik@henriknordstrom.net]
> > Sent: Wednesday, April 02, 2008 1:11 AM
> > To: Mirabello Massimiliano
> > Cc: Squid Users
> > Subject: Re: [squid-users] https --> http reverse proxy problem
> >
> > tis 2008-04-01 klockan 17:55 +0200 skrev Mirabello Massimiliano:
> > > My cache.log reports:
> > > 2008/04/01 17:53:50| clientNegotiateSSL: Error negotiating SSL
> > > connection on FD 11: error:140B512D:SSL
> > > routines:SSL_GET_NEW_SESSION:ssl session id callback failed (1/-1)
> >
> > Hmm.. that's a new one.
> >
> > Which version of OpenSSL are you using?
> >
>
> IPAHU016 > openssl version
> OpenSSL 0.9.6k 30 Sep 2003
>
> > Try setting sslcontext=something on your https_port, may make a
> > difference (very related to session ids).
> >
>
> I tried but nothing changed. Still get the same error.
>
>
>

I think I found where the problem is:

IPAHU016 > squid -v
Squid Cache: Version 2.6.STABLE16
configure options: '--prefix=/opt/iexpress/squid' '--enable-carp'
'--enable-storeio=ufs,null,coss,diskd,aufs' '--enable-pthreads'
'--enable-removal-policies=heap,lru' '--enable-icmp'
'--enable-delay-pools' '--enable-kill-parent-hack' '--enable-snmp'
'--enable-cachemgr-hostname' '--enable-htcp' '--enable-forw-via-db'
'--enable-cache-digests' '--enable-underscores'
'--enable-basic-auth-helpers=LDAP,SMB,MSNT,NCSA,PAM,YP,multi-domain-NTLM
' '--enable-ssl' *****'--with-openssl=/opt/openssl'
*****'--enable-ntlm-auth-helpers=SMB,fakeauth'
'--enable-digest-auth-helpers=password'
'--enable-external-acl-helpers=ip_user,ldap_group,unix_group,wbinfo_grou
p' '--enable-ntlm-fail-open' '--enable-x-accelerator-vary' 'CC=gcc
-static-libgcc ' 'CFLAGS=-g' 'LDFLAGS=-Wl,+nodefaultrpath
-L/opt/openssl/lib -L/opt/iexpress/openldap/lib -L/usr/local/lib
-L/usr/lib' 'CPPFLAGS=-I/opt/iexpress/openldap/include
-I/opt/openssl/include'

IPAHU016 > ls -ltr /opt/openssl
/opt/openssl not found

The binary package I use has been compiled with option
'--with-openssl=/opt/openssl', so I think squid looks for openssl in
/opt and doesn't find it.

There is a way to instruct squid to look for openssl on other path?

thanks,
Massimiliano

Internet Email Confidentiality Footer
-----------------------------------------------------------------------------------------------------
La presente comunicazione, con le informazioni in essa contenute e ogni documento o file allegato, e' rivolta unicamente alla/e persona/e cui e' indirizzata ed alle altre da questa autorizzata/e a riceverla. Se non siete i destinatari/autorizzati siete avvisati che qualsiasi azione, copia, comunicazione, divulgazione o simili basate sul contenuto di tali informazioni e' vietata e potrebbe essere contro la legge (art. 616 C.P., D.Lgs n. 196/2003 Codice in materia di protezione dei dati personali). Se avete ricevuto questa comunicazione per errore, vi preghiamo di darne immediata notizia al mittente e di distruggere il messaggio originale e ogni file allegato senza farne copia alcuna o riprodurne in alcun modo il contenuto.

This e-mail and its attachments are intended for the addressee(s) only and are confidential and/or may contain legally privileged information. If you have received this message by mistake or are not one of the addressees above, you may take no action based on it, and you may not copy or show it to anyone; please reply to this e-mail and point out the error which has occurred.
-----------------------------------------------------------------------------------------------------
Received on Wed Apr 02 2008 - 01:45:21 MDT

This archive was generated by hypermail 2.2.0 : Thu May 01 2008 - 12:00:03 MDT