Re: [squid-users] problems with ssl_crtd

From: Linos <info_at_linos.es>
Date: Fri, 21 Sep 2012 11:34:18 +0200

On 21/09/12 09:20, Amos Jeffries wrote:
> Firstly, is this problem still occuring with a recent snapshot? we have done a
> lot of stabilization on squid-3 in the months working up towards 3.2.1 release
> and the SSL code has had two new features added to improve the bumping process
> and behaviours.
>
>
> Secondly, the issue as you found is not in Squid but in the helper. You should
> be able to add -d option to the helper command line to get a debug trace out of
> it into cache.log. Set Squid to a normal (0 or 1) level to avoid any squid debug
> confusing the helper traces.
>
> In 3.2 helpers crashing is not usually a fatal event, you will simply see an
> annoying amount of that:
> "
>
> 2012/09/20 14:58:23| WARNING: ssl_crtd #2 exited
> 2012/09/20 14:58:23| Too few ssl_crtd processes are running (need 1/5)
> 2012/09/20 14:58:23| Starting new helpers
> "
>
>
> In this case there is something in the cert database or system environment which
> is triggering the crash and persisting across into newly started helpers,
> crashing them as well. This is the one case where Squid is still killed by
> helpers dying faster than they can be sent lookups, thus the
>
> "FATAL: The ssl_crtd helpers are crashing too rapidly, need help!"
>
> HTH
> Amos
>

Tested squid-3.HEAD-20120921-r12321, squid crash itself very fast with this
version, i have no time to test the ssl problem:

squid3 -N
2012/09/21 11:09:49| SECURITY NOTICE: auto-converting deprecated "ssl_bump allow
<acl>" to "ssl_bump client-first <acl>" which is usually inferior to the newer
server-first bumping mode. Update your ssl_bump rules.
Abortado (`core' generado)

about the core file, no matter what i put in squid.conf, squid does not generate
it, i have this line right now:
coredump_dir /var/log/squid3

but i have tried use the squid cache_dir itself and does not work either, i have
executed it in gdb and get this backtrace.

#0 0x00007ffff579a445 in raise () from /lib/x86_64-linux-gnu/libc.so.6
#1 0x00007ffff579dbab in abort () from /lib/x86_64-linux-gnu/libc.so.6
#2 0x00005555556cf63d in xassert (
    msg=0x555555906778 "!conn() || conn()->clientConnection == NULL ||
conn()->clientConnection->fd == aDescriptor", file=<optimized out>, line=103)
    at debug.cc:565
#3 0x00005555557c8985 in ACLFilledChecklist::fd (this=0x55555691b418,
    aDescriptor=11) at FilledChecklist.cc:103
#4 0x00005555556f73bd in FwdState::initiateSSL (this=0x555557b00268)
    at forward.cc:831
#5 0x00005555557fd204 in AsyncCall::make (this=0x5555577c9cf0)
    at AsyncCall.cc:35
#6 0x0000555555800227 in AsyncCallQueue::fireNext (this=<optimized out>)
    at AsyncCallQueue.cc:52
#7 0x0000555555800380 in AsyncCallQueue::fire (this=0x555555d5aba0)
    at AsyncCallQueue.cc:38
#8 0x00005555556e8604 in EventLoop::runOnce (this=0x7fffffffe460)
    at EventLoop.cc:130
#9 0x00005555556e86d8 in EventLoop::run (this=0x7fffffffe460)
    at EventLoop.cc:94
#10 0x0000555555749249 in SquidMain (argc=<optimized out>,
    argv=<optimized out>) at main.cc:1518
#11 0x0000555555678536 in SquidMainSafe (argv=<optimized out>,
    argc=<optimized out>) at main.cc:1240
#12 main (argc=<optimized out>, argv=<optimized out>) at main.cc:1232

Regards,
Miguel Angel.
Received on Fri Sep 21 2012 - 09:34:33 MDT

This archive was generated by hypermail 2.2.0 : Fri Sep 21 2012 - 12:00:04 MDT