Hi
thanks for your answer. unfortunately it took me some time to try out.
>> maybe i understood something wrong but I'm trying to do the following
>> setup with squid 2.6.STABLE7 and couldn't find anything related to my
>> errors and problems:
>>
>> wished setup:
>> client --ssl (cacert signed)--> squid (reverse) --ssl (selfsigned)--> apache
>
> When using self-signed certificates you need to either add the
> certificate as a ca for the cache_peer, or tell Squid to not verify the
> certificate of the peer at all.
this i thought so however it wasn't clear for me that a host accessed
over a reverse proxy is also a peer.
>> well for me it is clear that squid cannot verify the cert as it is
>> self signed. however i'd like to tell squid that it should accept this
>> cert, not try to verify it or whatever to be possible to use it. But I
>> couldn't find such an option for the https_port option.
>
> It's the cache_peer option you need to look at..
with the following line
cache_peer $ip parent 443 0 ssl no-query originserver
sslflags=DONT_VERIFY_PEER
and
sslproxy_flags DONT_VERIFY_PEER
(hint from here:
http://www1.uk.squid-cache.org/mail-archive/squid-users/200611/0038.html
)
it is now working like i wanted it. :)
thanks! and greetings pete
Received on Thu Mar 22 2007 - 16:36:10 MDT
This archive was generated by hypermail pre-2.1.9 : Sat Mar 31 2007 - 13:00:02 MDT