RE: [squid-users] user_cert ACL in accel mode

Henrik,

installed latest squid-3.0-PRE3-20040229, disabled ssl mode in cache_peer to
not be confused which option causes problem.
To clarify, squid is running in accel/reverse proxy mode, listening on port
443 and verifying client certificates. Here is
the https_option I'm using:

https_port 443 defaultsite=proxy.mydomain.com:443 protocol=https
cert=/usr/local/squid/etc/proxy.mydomain.com.crt
clientca=/usr/local/squid/etc/cacert.crt
sslflags=DELAYED_AUTH,NO_DEFAULT_CA

Running squid with ./squid -N -X and get this error now:

2004/02/29 12:18:09.700| parse_line: debug_options ALL,1
2004/02/29 12:18:09.700| Initialising SSL.
2004/02/29 12:18:09.700| Using certificate in
/usr/local/squid/etc/proxy.mydomain.com.crt
2004/02/29 12:18:09.700| Using private key in
/usr/local/squid/etc/proxy.mydomain.com.crt
2004/02/29 12:18:09.700| Cache dir '/var/spool/squid' size changed to
20480000 KB
2004/02/29 12:18:09.700| Initialising SSL.
2004/02/29 12:18:09.700| Error error setting CA certificate locations:
error:0906D06C:PEM routines:PEM_read_bio:no start line
2004/02/29 12:18:09.700| continuing anyway...

I tryed to add capath=/usr/local/squid/etc/ but no change, still this error.
I have to say that I have many services (qmail, ipsec, courier, ..) where I
use the similar certs signed by the same CA. So I do not think my certs are
not correct, but who knows? ;)

Thank you very much for you help.

Regards,
-David

> -----Original Message-----
> From: Henrik Nordstrom [mailto:hno@squid-cache.org]
> Sent: Sunday, February 29, 2004 12:09 PM
> To: David Hajek
> Cc: squid-users@squid-cache.org
> Subject: RE: [squid-users] user_cert ACL in accel mode
>
> On Sun, 29 Feb 2004, David Hajek wrote:
>
> > I'm using squid from squid-3.0-PRE3.tar.bz2 file. Maybe I
> should give
> > a try to latest daily release?
>
> Please do.
>
> The PRE3 is very very old and a lot has happened since then.
>
> Regards
> Henrik
>
>