Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Squid ssl_crtd crashing

    Scheduled Pinned Locked Moved pfSense Packages
    5 Posts 2 Posters 4.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sathishlinux
      last edited by

      Hello,

      I have installed squid-3.1.22 from Packages menu. The squid is getting crash while generating dynamic SSL certs. The following the configuration related to ssl-bump:

      http_port 192.168.2.70:3129 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=40MB cert=/usr/local/etc/squid/squidssl/public.pem key=/usr/local/etc/squid/squidssl/private.pem
always_direct allow all
ssl_bump allow all
sslproxy_cert_error allow all
sslproxy_flags DONT_VERIFY_PEER
sslcrtd_program /usr/pbi/squid-i386/libexec/squid/ssl_crtd -d -s /tmp/ssl_db16 -M 400MB
sslcrtd_children 30

      Squid starts without any errors and if I browse https://      it creates a dynamic SSL certs then squid-child stops and showing the following error:

      Apr 30 15:08:28 pfSense kernel: pid 26207 (squid), uid 62: exited on signal 6
Apr 30 15:08:31 pfSense squid[79333]: Squid Parent: child process 78164 started
Apr 30 15:08:37 pfSense squid[79333]: Squid Parent: child process 78164 exited due to signal 6 with status 0
Apr 30 15:08:37 pfSense kernel: pid 78164 (squid), uid 62: exited on signal 6
Apr 30 15:08:37 pfSense squid[79333]: Exiting due to repeated, frequent failures

      I am trying to solve this problem since last two days and I have no luck so far. But I am able to run the above setup in FreeBSD-8.3 without squid crashes.

      Can some one help me to fix the problem?

      Thank you.

      Best,
      Sathish.

      1 Reply Last reply Reply Quote 0
      • N
        Nachtfalke
        last edited by

        Don't know what is happening behind that code but what I focused was:

        40 MB

        dynamic_cert_mem_cache_size=40MB

        and here 400 MB

        sslcrtd_program /usr/pbi/squid-i386/libexec/squid/ssl_crtd -d -s /tmp/ssl_db16 -M 400MB

        Was this intention?

        1 Reply Last reply Reply Quote 0
        • S
          sathishlinux
          last edited by

          Thank you for your reply.

          I have changed it to recommended value:

          dynamic_cert_mem_cache_size=4MB

sslcrtd_program /usr/pbi/squid-i386/libexec/squid/ssl_crtd -d -s /tmp/ssl_db16 -M 4MB

          But I still get same errors.

          1 Reply Last reply Reply Quote 0
          • S
            sathishlinux
            last edited by

            When I checked in the cache log, I can see the following fatal error:

            2013/05/01 05:33:39| Ready to serve requests.
            2013/05/01 05:33:40| storeLateRelease: released 0 objects
            FATAL: Received Segment Violation…dying.
            2013/05/01 05:33:45| storeDirWriteCleanLogs: Starting…
            2013/05/01 05:33:45|  Finished.  Wrote 0 entries.
            2013/05/01 05:33:45|  Took 0.00 seconds (  0.00 entries/sec).
            CPU Usage: 0.067 seconds = 0.022 user + 0.044 sys

            I am not sure if its related gcc options specified here: http://www.comfsm.fm/computing/squid/FAQ.html#toc11.48

            1 Reply Last reply Reply Quote 0
            • N
              Nachtfalke
              last edited by

              Found this thread:
              http://forum.pfsense.org/index.php/topic,58368.0.html

              marcelloc is working on (the same?) feature as you and it seems like he could finish it.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.