Hi List,
I just install from sources the last 3.2.9 squid with ssl-bump feature.
It works fine, except that I get "random" crashes as you can see below:
[...]
2013/03/14 16:48:45 kid1| assertion failed: client_side.cc:3584:
"!switchedToHttps_"
2013/03/14 16:48:48 kid1| Starting Squid Cache version 3.2.9 for
x86_64-unknown-linux-gnu...
2013/03/14 16:48:48 kid1| Process ID 17578
2013/03/14 16:48:48 kid1| Process Roles: worker
2013/03/14 16:48:48 kid1| With 1024 file descriptors available
2013/03/14 16:48:48 kid1| Initializing IP Cache...
2013/03/14 16:48:48 kid1| DNS Socket created at 0.0.0.0, FD 8
2013/03/14 16:48:48 kid1| Adding domain cr0.sw-servers.local from
/etc/resolv.conf
2013/03/14 16:48:48 kid1| Adding domain sw-servers.local from
/etc/resolv.conf
2013/03/14 16:48:48 kid1| Adding nameserver 10.0.0.1 from /etc/resolv.conf
2013/03/14 16:48:48 kid1| helperOpenServers: Starting 5/25 'ssl_crtd'
processes
2013/03/14 16:48:48 kid1| Logfile: opening log
stdio:/var/log/squid/access.log
2013/03/14 16:48:48 kid1| Unlinkd pipe opened on FD 23
2013/03/14 16:48:48 kid1| Store logging disabled
2013/03/14 16:48:48 kid1| Swap maxSize 117760000 + 3170304 KB, estimated
9302331 objects
2013/03/14 16:48:48 kid1| Target number of buckets: 465116
2013/03/14 16:48:48 kid1| Using 524288 Store buckets
2013/03/14 16:48:48 kid1| Max Mem size: 3170304 KB
2013/03/14 16:48:48 kid1| Max Swap size: 117760000 KB
2013/03/14 16:48:48 kid1| Rebuilding storage in /var/cache/squid (dirty log)
2013/03/14 16:48:48 kid1| Using Least Load store dir selection
2013/03/14 16:48:48 kid1| Set Current Directory to /var/cache/squid
[...]
Here is the conf:
[...]
### SSL Bumping
always_direct allow all
ssl_bump allow all
# the following two options are unsafe and not always necessary:
#sslproxy_cert_error allow all
#sslproxy_flags DONT_VERIFY_PEER
sslcrtd_program /usr/lib/squid/ssl_crtd -s /var/cache/squid/ssl_db -M 4MB
sslcrtd_children 25
###
http_port 3128 ssl-bump generate-host-certificates=on
dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl/myCA.pem
[...]
Does someone encountered this error ?
Cheers,
Sebastien WENSKE
This archive was generated by hypermail 2.2.0 : Thu Mar 14 2013 - 12:00:06 MDT