RE: [squid-users] Re: anyOne who has working ssl_bump configuration for facebook ??? from Shinoj Gangadharan on 2013-11-24 (squid-users)

From: Shinoj Gangadharan <sgangadharan_at_wavecrest.gi>
Date: Mon, 25 Nov 2013 11:16:46 +0530

Hi iishiii,

In the conf you sent, you have this line :

sslcrtd_program /usr/local/squid/libexec/ssl_crtd -s
/usr/local/squid/var/lib/ssl_db -M 4MB sslcrtd_children 5

but the error below indicates :

*(ssl_crtd): Cannot create /cache/lib/ssl_db

What is the correct ssl_db location? Run the following to create one if
you have not already done that :

ssl_crtd -c -s /cache/lib/ssl_db

assuming /cache/lib/ssl_db is the folder configured in your squid.conf .
Change ownership to squid after running the above command.

Regards,
Shinoj.

> -----Original Message-----
> From: iishiii [mailto:eshnaz_at_gmail.com]
> Sent: Sunday, November 24, 2013 5:26 AM
> To: squid-users_at_squid-cache.org
> Subject: [squid-users] Re: anyOne who has working ssl_bump configuration
> for facebook ???
>
> Dear Amos and all
>
> I am still having issue .... Re checked the conf file as you said and
now these
> are the logs
>
> 2013/11/24 04:51:53 kid1| Set Current Directory to /cache
> 2013/11/24 04:51:53 kid1| Starting Squid Cache version
> 3.4.0.2-20131121-r13036 for x86_64-unknown-linux-gnu...
> 2013/11/24 04:51:53 kid1| Process ID 4235
> 2013/11/24 04:51:53 kid1| Process Roles: worker
> 2013/11/24 04:51:53 kid1| With 65536 file descriptors available
> 2013/11/24 04:51:53 kid1| Initializing IP Cache...
> 2013/11/24 04:51:53 kid1| DNS Socket created at [::], FD 7
> 2013/11/24 04:51:53 kid1| DNS Socket created at 0.0.0.0, FD 8
> 2013/11/24 04:51:53 kid1| Adding nameserver 192.168.7.1 from squid.conf
> 2013/11/24 04:51:53 kid1| helperOpenServers: Starting 5/32 'ssl_crtd'
> processes
> 2013/11/24 04:51:53 kid1| Logfile: opening log /var/log/squid/access.log
> 2013/11/24 04:51:53 kid1| WARNING: log name now starts with a module
> name.
> Use 'stdio:/var/log/squid/access.log'
> 2013/11/24 04:51:53 kid1| Local cache digest enabled; rebuild/rewrite
every
> 3600/3600 sec
> 2013/11/24 04:51:53 kid1| Store logging disabled
> 2013/11/24 04:51:53 kid1| Swap maxSize 358400000 + 3145728 KB, estimated
> 27811209 objects
> 2013/11/24 04:51:53 kid1| Target number of buckets: 1390560
> 2013/11/24 04:51:53 kid1| Using 2097152 Store buckets
> 2013/11/24 04:51:53 kid1| Max Mem size: 3145728 KB
> 2013/11/24 04:51:53 kid1| Max Swap size: 358400000 KB
> 2013/11/24 04:51:53 kid1| Rebuilding storage in /cache (dirty log)
> 2013/11/24 04:51:53 kid1| Using Least Load store dir selection
> 2013/11/24 04:51:53 kid1| Set Current Directory to /cache
> *(ssl_crtd): Cannot create /cache/lib/ssl_db
> (ssl_crtd): Cannot create /cache/lib/ssl_db
> (ssl_crtd): Cannot create /cache/lib/ssl_db
> (ssl_crtd): Cannot create /cache/lib/ssl_db
> (ssl_crtd): Cannot create /cache/lib/ssl_db*
> 2013/11/24 04:51:53 kid1| Finished loading MIME types and icons.
> 2013/11/24 04:51:53 kid1| Sending SNMP messages from [::]:3401
> 2013/11/24 04:51:53 kid1| Squid plugin modules loaded: 0
> 2013/11/24 04:51:53 kid1| Adaptation support is off.
> 2013/11/24 04:51:53 kid1| Accepting HTTP Socket connections at
> local=[::]:3129 remote=[::] FD 22 flags=9
> 2013/11/24 04:51:53 kid1| Accepting NAT intercepted HTTP Socket
> connections at local=[::]:3128 remote=[::] FD 23 flags=41
> 2013/11/24 04:51:53 kid1| Accepting NAT intercepted SSL bumped HTTPS
> Socket connections at local=[::]:3127 remote=[::] FD 24 flags=41
> 2013/11/24 04:51:53 kid1| Accepting SNMP messages on [::]:3401
> 2013/11/24 04:51:53 kid1| Store rebuilding is 4.02% complete
> 2013/11/24 04:51:53 kid1| *helperHandleRead: unexpected read from
> ssl_crtd #4, 25 bytes 'Initialization SSL db...
> '
> 2013/11/24 04:51:53 kid1| helperHandleRead: unexpected read from
ssl_crtd
> #1, 25 bytes 'Initialization SSL db...
> '
> 2013/11/24 04:51:53 kid1| helperHandleRead: unexpected read from
ssl_crtd
> #2, 25 bytes 'Initialization SSL db...
> '
> 2013/11/24 04:51:53 kid1| helperHandleRead: unexpected read from
ssl_crtd
> #3, 25 bytes 'Initialization SSL db...
> '
> 2013/11/24 04:51:53 kid1| helperHandleRead: unexpected read from
ssl_crtd
> #5, 25 bytes 'Initialization SSL db...
> '*
> 2013/11/24 04:51:53 kid1| WARNING: ssl_crtd #4 exited
> 2013/11/24 04:51:53 kid1| Too few ssl_crtd processes are running (need
> 1/32)
> 2013/11/24 04:51:53 kid1| Closing HTTP port [::]:3129
> 2013/11/24 04:51:53 kid1| Closing HTTP port [::]:3128
> 2013/11/24 04:51:53 kid1| Closing HTTPS port [::]:3127
> *FATAL: The ssl_crtd helpers are crashing too rapidly, need help!*
>
> *Squid Cache (Version 3.4.0.2-20131121-r13036): Terminated abnormally.*
> CPU Usage: 0.121 seconds = 0.071 user + 0.050 sys Maximum Resident Size:
> 148496 KB Page faults with physical i/o: 0 Memory usage for squid via
> mallinfo():
> total space in arena: 7432 KB
> Ordinary blocks: 7394 KB 9 blks
> Small blocks: 0 KB 1 blks
> Holding blocks: 69596 KB 9 blks
> Free Small blocks: 0 KB
> Free Ordinary blocks: 37 KB
> Total in use: 76990 KB 1036%
> Total free: 37 KB 1%
>
>
>
> --
> View this message in context: http://squid-web-proxy-
> cache.1019090.n4.nabble.com/anyOne-who-has-working-ssl-bump-
> configuration-for-facebook-tp4663452p4663486.html
> Sent from the Squid - Users mailing list archive at Nabble.com.
Received on Mon Nov 25 2013 - 05:46:57 MST

This archive was generated by hypermail 2.2.0 : Mon Nov 25 2013 - 12:00:05 MST