[squid-users] Squid-2.6stable4 in reverse proxy mode - possible SSL memory leak

From: Paul Freeman <prf@dont-contact.us>
Date: Tue, 31 Oct 2006 11:21:15 +1100

Hi
I am running squid-2.6stable4 in reverse proxy mode as a front end for a Microsoft exchange 2003 SP2 server providing outlook web access, outlook mobile access and active synch.

I am terminating the SSL connection between the internet client and squid at the squid server then establishing another https connection between squid and the exchange server.

The configuration is working well however I am getting lots of the following errors in my cache log.

2006/10/31 10:50:16| fwdNegotiateSSL: Error negotiating SSL connection on FD 16: error:00000000:lib(0):func(0):reason(0) (5/0/0)
2006/10/31 10:50:16| TCP connection to xxx.xxx.xxx.xxx/443 failed

No errors are reported by the client or in the access log and everything appears to working fine.

The memory usage of squid grows and eventually I get an out of memory error and squid is terminated by the kernel. This takes about a week to occur with the current usage of the proxy.

I upgraded from squid-2.6stable3 as I was seeing the same behaviour and hoped stable4 may have a fix.

The relevant (hopefully) sections of my squid.conf follow (hostnames edited)

https_port squid.exchange.proxy.ip:443 defaultsite=xxx.xxx.xxx.xxx \
        cert=/etc/httpd/conf/ssl.crt/xxx.xxx.xxx.xxx_proxy.pem \
        key=/etc/httpd/conf/ssl.key/xxx.xxx.xxx.xxx_proxy.key protocol=https

cache_peer exchange.server.fqdn parent 443 0 front-end-https=on \
        ssl sslcert=/etc/httpd/conf/ssl.crt/emlcssurproxy02_client.pem \
        sslkey=/etc/httpd/conf/ssl.key/emlcssurproxy02_client.key \
        sslcafile=/etc/httpd/conf/ssl.crt/emlcsca.pem \
        originserver proxy-only connection-auth=off no-digest login=PASS

Perhaps I have an incorrect setting in squid.conf which is causing the error? I have searched on the net for similar errors but have not found an adequate explanation yet.

I look forward to suggestions from the group. Please let me know if there is more information required to debug the problem.

Regards

Paul Freeman

+++---+++---+++---+++---+++---+++---+++---+++---+++---+++---+++---+++
EML Consulting Services Pty Ltd            Telephone: +61 3 9836 1999
417-431 Canterbury Road                    Facsimile: +61 3 9836 0517 SURREY HILLS, VICTORIA 3127            Email: Paul.Freeman@eml.com.au
+++---+++---+++---+++---+++---+++---+++---+++---+++---+++---+++---+++
Received on Mon Oct 30 2006 - 17:21:19 MST

This archive was generated by hypermail pre-2.1.9 : Wed Nov 01 2006 - 12:00:05 MST