Re: [squid-users] problems with ssl_crtd

From: Linos <info_at_linos.es>
Date: Fri, 21 Sep 2012 10:43:07 +0200

On 21/09/12 09:20, Amos Jeffries wrote:
> Firstly, is this problem still occuring with a recent snapshot? we have done a
> lot of stabilization on squid-3 in the months working up towards 3.2.1 release
> and the SSL code has had two new features added to improve the bumping process
> and behaviours.
>
>
> Secondly, the issue as you found is not in Squid but in the helper. You should
> be able to add -d option to the helper command line to get a debug trace out of
> it into cache.log. Set Squid to a normal (0 or 1) level to avoid any squid debug
> confusing the helper traces.
>
> In 3.2 helpers crashing is not usually a fatal event, you will simply see an
> annoying amount of that:
> "
>
> 2012/09/20 14:58:23| WARNING: ssl_crtd #2 exited
> 2012/09/20 14:58:23| Too few ssl_crtd processes are running (need 1/5)
> 2012/09/20 14:58:23| Starting new helpers
> "
>
>
> In this case there is something in the cert database or system environment which
> is triggering the crash and persisting across into newly started helpers,
> crashing them as well. This is the one case where Squid is still killed by
> helpers dying faster than they can be sent lookups, thus the
>
> "FATAL: The ssl_crtd helpers are crashing too rapidly, need help!"
>
> HTH
> Amos
>

I have not tried a recent snapshot but i am going to do right now.

I have added a -d option, now i have this line in squid.conf:
sslcrtd_program /usr/lib/squid3/ssl_crtd -d -s /var/spool/squid3/squid_ssl_db -M
16MB

Still i don't get nothing new in cache.log, this is the last crash:

(ssl_crtd): Cannot create ssl certificate or private key.
2012/09/21 10:33:10| WARNING: ssl_crtd #2 exited
2012/09/21 10:33:10| Too few ssl_crtd processes are running (need 1/10)
2012/09/21 10:33:10| Starting new helpers
2012/09/21 10:33:10| helperOpenServers: Starting 1/10 'ssl_crtd' processes
2012/09/21 10:33:10| client_side.cc(3477) sslCrtdHandleReply: "ssl_crtd" helper
return <NULL> reply
(ssl_crtd): Cannot create ssl certificate or private key.
2012/09/21 10:33:10| WARNING: ssl_crtd #1 exited
2012/09/21 10:33:10| Too few ssl_crtd processes are running (need 1/10)
2012/09/21 10:33:10| Closing HTTP port 0.0.0.0:3128
2012/09/21 10:33:10| Closing HTTP port [::]:3150
2012/09/21 10:33:10| storeDirWriteCleanLogs: Starting...
2012/09/21 10:33:10| 65536 entries written so far.
2012/09/21 10:33:10| Finished. Wrote 112080 entries.
2012/09/21 10:33:10| Took 0.04 seconds (2691254.86 entries/sec).
FATAL: The ssl_crtd helpers are crashing too rapidly, need help!

Squid Cache (Version 3.2.1): Terminated abnormally.
(ssl_crtd): Cannot create ssl certificate or private key.
CPU Usage: 1.196 seconds = 0.720 user + 0.476 sys
Maximum Resident Size: 199824 KB
Page faults with physical i/o: 0
Memory usage for squid via mallinfo():
        total space in arena: 34196 KB
        Ordinary blocks: 33966 KB 52 blks
        Small blocks: 0 KB 1 blks
        Holding blocks: 37268 KB 8 blks
        Free Small blocks: 0 KB
        Free Ordinary blocks: 229 KB
        Total in use: 71234 KB 208%
        Total free: 229 KB 1%

I have tried to attach to the five ssl_crtd processes but after the crash i get:

[Inferior 1 (process 465) exited normally]
[Inferior 1 (process 463) exited normally]
[Inferior 1 (process 464) exited normally]
[Inferior 1 (process 466) exited with code 01]
[Inferior 1 (process 467) exited with code 01]

so no backtrace, not in gdb neither in cache.log.

About the environment problem seems to be related with google domains, i don't
if i could trigger with other but not as easily for sure.

I am going to try the last snapshot in a while and post here my results.

Regards,
Miguel Angel.
Received on Fri Sep 21 2012 - 08:43:11 MDT

This archive was generated by hypermail 2.2.0 : Fri Sep 21 2012 - 12:00:04 MDT