Hi!

I am trying to configure two squid servers to communicate with each other over ssl:
from the config:

cache_peer ADRESS parent Port 3130 no-query proxy-only ssl sslflags="DONT_VERIFY_PEER NO_DEFAULT_CA DONT_VERIFY_DOMAIN"

and getting very informative error msg:

FATAL: Bungled squid.conf line 1383: cache_peer ADRESS parent Port
3130 no-query proxy-only ssl sslflags=DONT_VERIFY_PEER NO_DEFAULT_CA
DONT_VERIFY_DOMAIN

It doesn't helped a lot even if i pointed to the server's key and cert files, the msg was the same. -D option also did not helped.

So, the question is - how to configure parent and secondary server to get them using ssl for communication?

Squid documentation and google are very poor on that account.

well that is squid at a basic file parsing level saying that it doesn't understand the line. to me that suggests that squid isn't built with the right ssl support to do this, and you'll need to build it yourself with it enabled, or find an alternative version.

yes, there were problems, I corrected them, but now i have such msg in secondary cache cache.log:
fwdNegotiateSSL: Error negotiating SSL connection on FD 18: error:00000000:lib(0):func(0):reason(0) (5/0/0)

corresponding conf line looks like:
cache_peer IP_addr parent PORT 3130 proxy-only ssl \
sslcert=/etc/ssl/host.cert \
sslkey=/etc/ssl/host.key \
sslflags=DONT_VERIFY_PEER

Other sslflags (NO_DEFAUL_CA, DONT_VERIFY_DOMAIN) caused bungled error.

there are no any error in parent cache server cache.log file.

May be something must be done at the parebt side also?