Re: [squid-users] ssl_crtd helpers are crashing to rapidly

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Tue, 09 Oct 2012 11:19:59 +1300

On 09.10.2012 10:41, Jesse Smith wrote:
> I got it working, was missing the configure.ac file for my src
> distrib.
>

What do you mean by this?

> Now, i get that port 443 is binded and not available.
>

Something is already using it. Details would help. (but sort out the
version you are using first, see below).

>
>
> On 10/8/2012 2:46 PM, Jesse Smith wrote:
>> Greetings, any help with this would be greatly appreciated. I am
>> trying to use the ssl_bump option to dynamically generate
>> certificates.
>>
>> I am getting the/*'fatal ssl_crtd helpers are crashing to rapidly
>> squid'*/ when running Squid *3.1.2.0* and openssl-*1.0.0i*.

"3.1.2.0" ?? there was no such number release. On stable releases of
Squid we only have three numeric positions and the last one is always
"1" or higher for our formal packages, never "0" (which would indicate
the undocumented alpha code from before beta series started).

Did you mean 3.1.20?

>>
>> I have all the latest patches applied.

Then your version should be 3.1.21 (final 3.1 series release) or 3.2.2
(current stable release). There have been no patches ported to those
series since either was packaged.

For SSL-bump feature related stuff please use 3.2 series at the oldest
if your require "stable" stamp on any code built. 3.3 packages are
starting to become available now for testing and have about the same
stability as 3.2 series - and a *LOT* better SSL-Bump functionality.

Amos

>>
>> Here is my squid.conf:
>>
>> sslproxy_cert_error allow all
>>
>> always_direct allow all
>> ssl_bump server-first
>>
>> http_port 10.1.10.136:3128 ssl-bump generate-host-certificates=on
>> cert=/usr/local/squid3/certs/www.sample.com.pem accel vhost
>> defaultsite=sd.primepubsafety.com
>>
>> https_port 10.1.10.136:3129 ssl-bump intercept
>> generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
>> cert=/usr/local/squid3/certs/www.sample.com.pem
>>
>> sslproxy_flags DONT_VERIFY_PEER
>>
>> sslcrtd_program /user/local/squid3/libexec/ssl_crtd -s -d
>> :/usr/local/squid3/var/ssl_db -M 4MB
>> sslcrtd_children 30 startup=5 idle=1
>>
>> Permissions have been set on ssl_db for the Squid user. Swap
>> directories have been created.
>>
>> Thanks,
>> Jesse
>>
>>
Received on Mon Oct 08 2012 - 22:20:05 MDT

This archive was generated by hypermail 2.2.0 : Tue Oct 09 2012 - 12:00:03 MDT