Bug Lightsquid?



  • I installed pfSense 2.3.2 with squid + Squidguard + Lightsquid (v. 3.0.4)

    Lightsquid does not start because of a problem with the SSL certificate to /var/etc/lightsquid/cert.pem
    In practice, merging of the certificate + private key is carried out in the wrong way (see attached image)…
    Just fix the line below and the service starts normally ...

    
    EYUUYc+NjDKTrScBEf+s/iB/d5r3MrIm9TpY5ex5ZrDaDtNirBQXK37Jfzy+IEUN
    e4b3Q7NODtF1v94mgrjZUVT3OvxLvw==
    -----END CERTIFICATE-----
    -----BEGIN RSA PRIVATE KEY-----
    MIIEpQIBAAKCAQEAthu0Z2MFFp63YKmwZYNO6mOlPdrzXj0A6zhoWYcY6ATjep2P
    HWkt3dPkJv6SOCnoLH+wMgLZVrkivGqz6gwPr6PyRjqaLmBi1lTIK2VhJtZNPeFA
    
    

    Sorry for my English…
    ![Schermata del 2016-08-23 12-02-01.png](/public/imported_attachments/1/Schermata del 2016-08-23 12-02-01.png)
    ![Schermata del 2016-08-23 12-02-01.png_thumb](/public/imported_attachments/1/Schermata del 2016-08-23 12-02-01.png_thumb)


  • Rebel Alliance Developer Netgate

    Did you import that certificate? Or was it generated by pfSense?



  • No, the certificate has been imported.. (StartSSL Free)


  • Rebel Alliance Developer Netgate

    That would explain it. There probably is not a newline at the end of the cert, so the two run into one another. Should be easy to fix in the package if I can find some time.

    Try changing line 286 of /usr/local/pkg/lightsquid.inc to:

    $cert = base64_decode($lscert['crt']) . "\n";
    


  • @jimp:

    That would explain it. There probably is not a newline at the end of the cert, so the two run into one another. Should be easy to fix in the package if I can find some time.

    Try changing line 286 of /usr/local/pkg/lightsquid.inc to:

    $cert = base64_decode($lscert['crt']) . "\n";
    

    Hi, I have reinstalled the certificates to prevent an update wipe out the change, now everything is ok!
    Thank's


  • Rebel Alliance Developer Netgate

    If that change worked I'd commit it so it would be included in future updates, so that wouldn't be a concern. But either way, I'm glad that seems to have fixed it up for you.


Log in to reply