SSL Certificate Deamon Children



  • SSL Certificate Deamon Children needs a little tweaking, like:

    Default Value: sslcrtd_children 32 startup=5 idle=1

    or it always will just spawn 5 children, no matter what you put in there, because of the missing arguments startup and idle.

    Source: http://www.squid-cache.org/Doc/config/sslcrtd_children/

    Q&D Patch:

    --- /usr/local/pkg/squid.inc	2017-08-17 17:54:28.000000000 +0200
    +++ /usr/local/pkg/squid.inc.patch	2017-08-17 17:56:21.000000000 +0200
    @@ -1168,7 +1168,7 @@
     				$sslcrtd_children = ($settings['sslcrtd_children'] ? $settings['sslcrtd_children'] : 5);
     				$ssl_interception .= "ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=" . ($sslcrtd_children*2) . "MB cert={$crt_pk} capath={$crt_capath} cipher={$sslproxy_cipher} {$sslproxy_dhparams} options={$sslproxy_options}\n";
     				$interception_checks = "sslcrtd_program " . SQUID_LOCALBASE . "/libexec/squid/ssl_crtd -s " . SQUID_SSL_DB . " -M 4MB -b 2048\n";
    -				$interception_checks .= "sslcrtd_children {$sslcrtd_children}";
    +				$interception_checks .= "sslcrtd_children {$sslcrtd_children} startup=10 idle=1\n";
     				$interception_checks .= "sslproxy_capath {$crt_capath}\n";
     				$interception_checks .= "sslproxy_options {$sslproxy_options}\n";
     				$interception_checks .= "sslproxy_cipher {$sslproxy_cipher}\n";
    
    

    :)