Re: Can't figure the SSL patch

On Fri, Jun 02, 2000 at 09:48:11PM +0200, Henrik Nordstrom wrote:
> > Simple one at that... Missing sock,NULL params for httpAcceptDefer, I
> > do hope it's the correct one to put in though.... ;)
> It is correct. Comitted to the sourceforge sources.

Wow, it's just a wild guess ;)

> > Another thing is that it does not add -I/usr/local/squid/ssl/include
> > to the Makefile in src and src/fs/ufs directory, blowing up
> > compilation..
> Hmm.. is that the OpenSSL includes or the Squid includes?

The open ssl includes, I put openssl in /usr/local/squid/ssl, I did add in
the --with-ssl-include=/usr/local/squid/ssl/include where it then manage
to find ssl.h, but screws up in the end ;)

> Builds fine here with your small patch, but then OpenSSL includes are in
> /usr/include/openssl/ and I always build Squid in a directory separate
> from the sources..

Yup, it compiles, but it doesn't work! hehe... sheesh. here the output
from cache.log

-------------------------------------------------------------------
2000/06/03 11:47:20| Starting Squid Cache version 2.4.DEVEL3 for i686-pc-linux-gnu...
2000/06/03 11:47:20| Process ID 20582
2000/06/03 11:47:20| With 1024 file descriptors available
2000/06/03 11:47:20| Performing DNS Tests...
2000/06/03 11:47:20| Successful DNS name lookup tests...
2000/06/03 11:47:20| DNS Socket created on FD 1
2000/06/03 11:47:20| Adding nameserver 127.0.0.1 from /etc/resolv.conf
FATAL: Received Segment Violation...dying.
2000/06/03 11:47:20| Not currently OK to rewrite swap log.
2000/06/03 11:47:20| storeDirWriteCleanLogs: Operation aborted.
CPU Usage: 0.010 seconds = 0.010 user + 0.000 sys
Maximum Resident Size: 0 KB
Page faults with physical i/o: 243
-------------------------------------------------------------------

Here's my config file...

-------------------------------------------------------------------
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_dir ufs -1 /usr/local/squid/squid-ssl/cache 100 16 256
redirect_rewrites_host_header off
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow all
icp_access allow all
cache_effective_user squid
cache_effective_group users
httpd_accel_port 81
httpd_accel_single_host off
dns_testnames wizoffice.com
https_port 443
ssl_certificate /usr/local/squid/ssl/certs/www.wizoffice.com.cert
ssl_key /usr/local/squid/ssl/certs/www.wizoffice.com.key
ssl_version 1
----------------------------------------------------------------------

even if I run without the https_port, there will be a segfault... hmmm...
btw, the httpd_accel_port it pointing to 81 so as no to disturb the
current running squid at port 80.. I did kill that squid though, but same
results..

> > Another thing is that the sources does not patch cleanly with the
> > useragent log patch that changes the log format to an apache style
> > Combined Log Format, some patch.elf file I got to log referers.. Can't
> > find the link to that file anymore though.. I do not know where I've
> > found it.. I'll include that with this mail..
> Sorry. Cannot use patches where the author is unknown.

Hehhe, after digging further, it's from roy@idle.com, got it in the
mailing lists somewhere.. It patches on every version out there starting
from 2.2 til 2.4DEVEL2 except for the cvs bit... the address of the patch
is http://www.idle.com/~roy/patch.elf... It's useful for the referer stuff
in the logs, it's for webalizer to make use of (and also for the stinking
management to see)..

-- 
Regards: Wari Wahab
How wonderful opera would be if there were no singers.