On Mon, 19 Apr 2004, Alfredo Pulido wrote:

> Many or any PC without Certificate. Config the Certificate in the
> Squid and Squid connect to www.xxxxxx.com and authenticate connection.
>
> Any PC (Client) -----> Squid/Certificate SSL ----> www.xxxxxx.com
>
> Is possible last scenary? How to?


Yes.

Easiest path is to configure your Squid-3 as an accelerator for
www.xxxxxx.com. See the cache_peer options for how to specify the client
certificte to use when talking to a site.

You need a way for the clients to know they should talk to the accelerator
instead of the real web servers. This is most easily done by adding the
host to the local hosts file on the clients, but it is also possible to
play around with the local DNS used by the clients. If your clients is
using a Squid (or other) proxy then this can also be used as the point of
redirection to the accelerator by the same techniques.

> ssl_support.o: In function `ssl_initialize(void)':
> /usr/src/squid-3.0-PRE3-20040411/src/ssl_support.cc:390: undefined
> reference to `ENGINE_by_id'
> /usr/src/squid-3.0-PRE3-20040411/src/ssl_support.cc:394: undefined
> reference to `ENGINE_set_default'


Looks like your OpenSSL libraries and headers does not match each other.

The build process has found OpenSSL headers with engine support but the
resulting code got linked to a OpenSSL library without engine support..

Regards
Henrik