With squid running sslbump in routing mode, and used by a handful of
users, squid is crashing regularly, linked to visiting SSL sites.
Logs
-- 2011/11/29 11:39:36| clientNegotiateSSL: Error negotiating SSL connection on FD 45: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number (1/-1) 2011/11/29 11:39:43| WARNING: ssl_crtd #2 (FD 11) exited 2011/11/29 11:39:43| Too few ssl_crtd processes are running (need 1/50) 2011/11/29 11:39:43| Starting new helpers 2011/11/29 11:39:43| helperOpenServers: Starting 1/50 'ssl_crtd' processes 2011/11/29 11:39:43| client_side.cc(3462) sslCrtdHandleReply: "ssl_crtd" helper return <NULL> reply 2011/11/29 11:39:44| WARNING: ssl_crtd #1 (FD 9) exited 2011/11/29 11:39:44| Too few ssl_crtd processes are running (need 1/50) 2011/11/29 11:39:44| storeDirWriteCleanLogs: Starting... 2011/11/29 11:39:44| Finished. Wrote 0 entries. 2011/11/29 11:39:44| Took 0.00 seconds ( 0.00 entries/sec). FATAL: The ssl_crtd helpers are crashing too rapidly, need help! -- So ssl_crtd is dying which is one issue, but its also killing squid which is even worse. Initially I though it might be lack of ssL_crtd resources, so the process count was increased up from 5 to 50, but that didn't help Some config settings: -- http_port 80 ssl-bump cert=/etc/squid/ssl/www.sample.com.pem generate-host-certificates=on dynamic_cert_mem_cache_size=4MB sslproxy_flags DONT_VERIFY_PEER sslcrtd_program /usr/local/squid/libexec/ssl_crtd -s /var/lib/squid_ssl_db -M 4MB sslcrtd_children 50 -- This has happened with squid 3.1 and currently on 3.2 HEAD. A bug report has been opened http://bugs.squid-cache.org/show_bug.cgi?id=3436 Has anyone a workaround to keep squid running and somehow reset its run away ssl children? SeanReceived on Fri Dec 02 2011 - 15:44:18 MST
This archive was generated by hypermail 2.2.0 : Fri Dec 02 2011 - 12:00:01 MST