On Tue, Dec 9, 2014 at 6:53 AM, Stuart Henderson <st...@openbsd.org> wrote:
> On 2014/12/09 03:48, Jiri B wrote:
>> > > Index: Makefile.inc
>> > > ===================================================================
>> > > RCS file: /cvs/ports/www/squid/Makefile.inc,v
>> > > retrieving revision 1.9
>> > > diff -u -p -r1.9 Makefile.inc
>> > > --- Makefile.inc 15 May 2014 21:24:33 -0000 1.9
>> > > +++ Makefile.inc 5 Dec 2014 13:54:30 -0000
>> > > @@ -66,6 +66,7 @@ CONFIGURE_ARGS+= ${CONFIGURE_SHARED} \
>> > > --enable-referer-log \
>> > > --enable-removal-policies="lru heap" \
>> > > --enable-ssl \
>> > > + --enable-ssl-crtd \
>> > > --with-openssl \
>> > > --enable-storeio="aufs ufs diskd" \
>> > > --with-default-user="_squid" \
>
> I'll add this when I've finished with the update of snapshot to 3.5.0.2,
> which is delayed while I find time to work around libressl incompatibility.
>
Currently SSL_accept is not accepting me :-)
2014/12/11 15:38:39| clientNegotiateSSL: Error negotiating SSL
connection on FD 14: error:1407609B:SSL
routines:SSL23_GET_CLIENT_HELLO:https proxy request (1/-1)
client_side.cc:3477
debugs(83, DBG_IMPORTANT, "clientNegotiateSSL: Error
negotiating SSL connection on FD " <<
fd << ": " << ERR_error_string(ERR_get_error(), NULL) <<
" (" << ssl_error << "/" << ret << ")");
comm_close(fd);
is this the kind of libressl incompatibility you are talking about ?
> Obviously there were several missing parts to the diff that was sent.
>
>> and what about this as well?
>>
>> --enable-http-violations
>>
>> cf.
>> http://wiki.squid-cache.org/SquidFaq/ConfiguringSquid#Can_Squid_anonymize_HTTP_requests.3F
>>
>> j.
>>
>
> Not by default. I'll have a think about adding this as a flavour.
>
--
---------------------------------------------------------------------------------------------------------------------
() ascii ribbon campaign - against html e-mail
/\
