[squid-users] Squid restarting when ssl_bump is enabled.

Greetings!
I have a problem with enabling of ssl_bump on my proxy.
When I'm trying to do it, only small amount of https requests succeeds,
all others are failing and every fail causes squid restart.
I tried to set "debug_options ALL,9" in squid.conf and that's what i
found in cache.log:

2013/05/16 12:13:30.863 kid1| client_side.cc(3501) getSslContextStart:
Finding SSL certificate for vk.com in cache
2013/05/16 12:13:30.863 kid1| client_side.cc(3505) getSslContextStart:
SSL certificate for vk.com have found in cache
(squid-1)(_Z5deathi+0x4b)[0x8288b7b]
/lib/libssl.so.1.0.0(ssl_set_cert_masks+0x3b)[0xb782d2fb]
/lib/libssl.so.1.0.0(ssl_get_server_send_pkey+0x39)[0xb782d9e9]
/lib/libssl.so.1.0.0(ssl_get_server_send_cert+0x1b)[0xb782dacb]
/lib/libssl.so.1.0.0(SSL_get_certificate+0x38)[0xb782dfa8]
(squid-1)(_ZN3Ssl24verifySslCertificateDateEP10ssl_ctx_st+0x30)[0x840b2b0]
(squid-1)(_ZN13ConnStateData18getSslContextStartEv+0x95)[0x815e0b5]
(squid-1)(_ZN13ConnStateData13switchToHttpsEPKc+0x1dc)[0x815ebbc]
(squid-1)(_ZN14CommIoCbPtrFun4dialEv+0x35)[0x83159d5]
(squid-1)(_ZN9AsyncCall4makeEv+0x3a5)[0x8302375]
(squid-1)(_ZN14AsyncCallQueue8fireNextEv+0x1ee)[0x830656e]
(squid-1)(_ZN14AsyncCallQueue4fireEv+0x30)[0x83067e0]
(squid-1)(_ZN9EventLoop7runOnceEv+0xdd)[0x819fb2d]
(squid-1)(_ZN9EventLoop3runEv+0x20)[0x819fd00]
(squid-1)(_Z9SquidMainiPPc+0x11b0)[0x8219880]
(squid-1)(main+0x23)[0x821a8f3]
/lib/libc.so.6(__libc_start_main+0xf5)[0xb73870d5]
(squid-1)[0x811caf1]
FATAL: Received Segment Violation...dying.
2013/05/16 12:13:30.863 kid1| Closing HTTP port 192.168.0.252:3128

So, Squid crashes every time when trying to check previously generated
certificate, while generating certificates goes fine.

What i have:

>squid -v
Squid Cache: Version 3.2.8
configure options: '--prefix=/usr' '--sysconfdir=/etc/squid'
'--bindir=/usr/sbin' '--sbindir=/usr/sbin' '--localstatedir=/var'
'--libexecdir=/usr/sbin' '--datadir=/usr/share/squid'
'--mandir=/usr/share/man' '--libdir=/usr/lib'
'--sharedstatedir=/var/squid' '--with-logdir=/var/log/squid'
'--with-swapdir=/var/cache/squid' '--with-pidfile=/var/run/squid.pid'
'--with-dl' '--with-large-files' '--enable-storeio'
'--enable-disk-io=AIO,Blocking,DiskDaemon,DiskThreads'
'--enable-removal-policies=heap,lru' '--enable-icmp'
'--enable-delay-pools' '--enable-esi' '--enable-icap-client'
'--enable-useragent-log' '--enable-referer-log'
'--enable-kill-parent-hack' '--enable-arp-acl' '--enable-ssl'
'--enable-forw-via-db' '--enable-cache-digests'
'--enable-linux-netfilter' '--enable-underscores' '--enable-auth'
'--enable-basic-auth-helpers=DB,LDAP,MSNT,NCSA,PAM,POP3,SASL,SMB,YP,getpwnam,multi-domain-NTLM,squid_radius_auth'
'--enable-ntlm-auth-helpers=fakeauth,no_check,smb_lm'
'--enable-negotiate-auth-helpers=squid_kerb_auth'
'--enable-digest-auth-helpers=eDirectory,ldap,password'
'--enable-external-acl-helpers=ip_user,ldap_group,session,unix_group,wbinfo_group'
'--enable-ntlm-fail-open' '--enable-stacktraces'
'--enable-x-accelerator-vary' '--with-default-user=squid'
'--enable-ssl-crtd' '--disable-ipv6' --enable-ltdl-convenience

>openssl version
OpenSSL 1.0.0k 5 Feb 2013

P.S. Sorry for my English if it's terrible.
Received on Thu May 16 2013 - 09:34:20 MDT