I am trying to get SSL bumping to work on my CentOS system.
I am using these options in my squid.conf
http_port 3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/usr/local/squid/ssl_cert/myCA.pem
sslcrtd_program /usr/lib/squid/ssl_crtd -s /usr/local/squid/var/lib/ssl_db -M 4MB
sslcrtd_children 5
Here is the output of cache.log
2012/11/24 00:57:39| Starting Squid Cache version 3.2.3 for x86_64-unknown-linux-gnu...
2012/11/24 00:57:39| Process ID 53204
2012/11/24 00:57:39| Process Roles: master worker
2012/11/24 00:57:39| With 1024 file descriptors available
2012/11/24 00:57:39| Initializing IP Cache...
2012/11/24 00:57:39| DNS Socket created at [::], FD 5
2012/11/24 00:57:39| DNS Socket created at 0.0.0.0, FD 6
2012/11/24 00:57:39| Adding domain localdomain from /etc/resolv.conf
2012/11/24 00:57:39| Adding domain localdomain from /etc/resolv.conf
2012/11/24 00:57:39| Adding nameserver 192.168.253.2 from /etc/resolv.conf
2012/11/24 00:57:39| helperOpenServers: Starting 5/5 'ssl_crtd' processes
(ssl_crtd):
Uninitialized SSL certificate database directory:
/usr/local/squid/var/lib/ssl_db. To initialize, run "ssl_crtd -c -s
/usr/local/squid/var/lib/ssl_db".
(ssl_crtd): Uninitialized SSL
certificate database directory: /usr/local/squid/var/lib/ssl_db. To
initialize, run "ssl_crtd -c -s /usr/local/squid/var/lib/ssl_db".
(ssl_crtd):
Uninitialized SSL certificate database directory:
/usr/local/squid/var/lib/ssl_db. To initialize, run "ssl_crtd -c -s
/usr/local/squid/var/lib/ssl_db".
2012/11/24 00:57:39| Logfile: opening log daemon:/var/log/access.log
2012/11/24 00:57:39| Logfile Daemon: opening log /var/log/access.log
2012/11/24 00:57:39| Store logging disabled
2012/11/24 00:57:39| Swap maxSize 0 + 262144 KB, estimated 20164 objects
2012/11/24 00:57:39| Target number of buckets: 1008
2012/11/24 00:57:39| Using 8192 Store buckets
2012/11/24 00:57:39| Max Mem size: 262144 KB
2012/11/24 00:57:39| Max Swap size: 0 KB
2012/11/24 00:57:39| Using Least Load store dir selection
2012/11/24 00:57:39| Set Current Directory to /var/cache/squid
(ssl_crtd):
Uninitialized SSL certificate database directory:
/usr/local/squid/var/lib/ssl_db. To initialize, run "ssl_crtd -c -s
/usr/local/squid/var/lib/ssl_db".
(ssl_crtd): Uninitialized SSL
certificate database directory: /usr/local/squid/var/lib/ssl_db. To
initialize, run "ssl_crtd -c -s /usr/local/squid/var/lib/ssl_db".
2012/11/24 00:57:39| Loaded Icons.
2012/11/24 00:57:39| HTCP Disabled.
2012/11/24 00:57:39| Squid plugin modules loaded: 0
2012/11/24 00:57:39| Accepting SSL bumped HTTP Socket connections at local=[::]:3128 remote=[::] FD 19 flags=9
2012/11/24 00:57:39| WARNING: ssl_crtd #1 exited
2012/11/24 00:57:39| Too few ssl_crtd processes are running (need 1/5)
2012/11/24 00:57:39| Closing HTTP port [::]:3128
2012/11/24 00:57:39| storeDirWriteCleanLogs: Starting...
2012/11/24 00:57:39| Finished. Wrote 0 entries.
2012/11/24 00:57:39| Took 0.00 seconds ( 0.00 entries/sec).
FATAL: The ssl_crtd helpers are crashing too rapidly, need help!
Squid Cache (Version 3.2.3): Terminated abnormally.
CPU Usage: 0.051 seconds = 0.023 user + 0.028 sys
Maximum Resident Size: 44192 KB
Page faults with physical i/o: 0
Memory usage for squid via mallinfo():
total space in arena: 4908 KB
Ordinary blocks: 4848 KB 8 blks
Small blocks: 0 KB 1 blks
Holding blocks: 664 KB 2 blks
Free Small blocks: 0 KB
Free Ordinary blocks: 59 KB
Total in use: 5512 KB 112%
Total free: 59 KB 1%
I see that it complains about the certificate db which is not initialized, so I run:
[root_at_localhost ssl_cert]# /usr/lib/squid/ssl_crtd -c -s /usr/local/squid/var/lib/ssl_db
Initialization SSL db...
/usr/lib/squid/ssl_crtd: Cannot create /usr/local/squid/var/lib/ssl_db
I have the correct ownership and file permissions set to /usr/local/squid/var/lib/ssl_db
[root_at_localhost ssl_cert]# ls -l /usr/local/squid/var/lib/
total 4
drwxr-xr-x. 2 proxy proxy 4096 Nov 24 00:48 ssl_db
How can I get this to work?
Received on Sat Nov 24 2012 - 17:58:00 MST
This archive was generated by hypermail 2.2.0 : Sun Nov 25 2012 - 12:00:04 MST