Squid ssl_crtd crashing



  • Hello,

    I have installed squid-3.1.22 from Packages menu. The squid is getting crash while generating dynamic SSL certs. The following the configuration related to ssl-bump:

    http_port 192.168.2.70:3129 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=40MB cert=/usr/local/etc/squid/squidssl/public.pem key=/usr/local/etc/squid/squidssl/private.pem
    always_direct allow all
    ssl_bump allow all
    sslproxy_cert_error allow all
    sslproxy_flags DONT_VERIFY_PEER
    sslcrtd_program /usr/pbi/squid-i386/libexec/squid/ssl_crtd -d -s /tmp/ssl_db16 -M 400MB
    sslcrtd_children 30
    
    

    Squid starts without any errors and if I browse https://      it creates a dynamic SSL certs then squid-child stops and showing the following error:

    Apr 30 15:08:28 pfSense kernel: pid 26207 (squid), uid 62: exited on signal 6
    Apr 30 15:08:31 pfSense squid[79333]: Squid Parent: child process 78164 started
    Apr 30 15:08:37 pfSense squid[79333]: Squid Parent: child process 78164 exited due to signal 6 with status 0
    Apr 30 15:08:37 pfSense kernel: pid 78164 (squid), uid 62: exited on signal 6
    Apr 30 15:08:37 pfSense squid[79333]: Exiting due to repeated, frequent failures
    
    

    I am trying to solve this problem since last two days and I have no luck so far. But I am able to run the above setup in FreeBSD-8.3 without squid crashes.

    Can some one help me to fix the problem?

    Thank you.

    Best,
    Sathish.



  • Don't know what is happening behind that code but what I focused was:

    40 MB

    dynamic_cert_mem_cache_size=40MB
    

    and here 400 MB

    sslcrtd_program /usr/pbi/squid-i386/libexec/squid/ssl_crtd -d -s /tmp/ssl_db16 -M 400MB
    

    Was this intention?



  • Thank you for your reply.

    I have changed it to recommended value:

    dynamic_cert_mem_cache_size=4MB
    
    sslcrtd_program /usr/pbi/squid-i386/libexec/squid/ssl_crtd -d -s /tmp/ssl_db16 -M 4MB
    

    But I still get same errors.



  • When I checked in the cache log, I can see the following fatal error:

    2013/05/01 05:33:39| Ready to serve requests.
    2013/05/01 05:33:40| storeLateRelease: released 0 objects
    FATAL: Received Segment Violation…dying.
    2013/05/01 05:33:45| storeDirWriteCleanLogs: Starting…
    2013/05/01 05:33:45|  Finished.  Wrote 0 entries.
    2013/05/01 05:33:45|  Took 0.00 seconds (  0.00 entries/sec).
    CPU Usage: 0.067 seconds = 0.022 user + 0.044 sys

    I am not sure if its related gcc options specified here: http://www.comfsm.fm/computing/squid/FAQ.html#toc11.48



  • Found this thread:
    http://forum.pfsense.org/index.php/topic,58368.0.html

    marcelloc is working on (the same?) feature as you and it seems like he could finish it.


Log in to reply