On 05/23/2013 08:27 AM, Dieter Bloms wrote:
> Hi,
>
> I use squid 3.3.5 with the ssl-bump feature.
> My private key is crypted and I want to enter the password at start time.
>
> Since 3.3.5 squid wants to execute a program even I haven't configured
> sslpassword_program and start squid with the -N option.
>
> --snip--
> idvhttpsproxy01:~ # squid -f /etc/squid/squid.conf -NY
> sh: (null): command not found
> FATAL: No valid signing SSL certificate configured for http_port MYIP:8080
> Squid Cache (Version 3.3.5): Terminated abnormally.
> CPU Usage: 0.004 seconds = 0.000 user + 0.004 sys
> Maximum Resident Size: 21248 KB
> Page faults with physical i/o: 0
> --snip--
>
> when I set sslpassword_program to a program which print the password on
> stdout squid starts, but I want to enter the password during start of
> squid.
>
> Is this a bug ?
Yes, I think it is. Please check whether the attached patch works when
you start Squid with -N and _without_ sslpassword_program.
The patch may or may not work when you start Squid without -N and with
sslpassword_program. The outcome depends on whether snprintf() crashes
when given a NULL pointer and on whether your sslpassword_program needs
to know the name of the key file Squid is trying to load (that name will
not be passed to your sslpassword_program). If you can test this
scenario, please do.
Please let us know what your tests show.
The patch is against trunk and is untested beyond compilation. It should
apply to v3.3 as well.
HTH,
Alex.
This archive was generated by hypermail 2.2.0 : Fri May 24 2013 - 12:00:48 MDT