Package: squid Version: 4.6-1+deb10u3 Followup-For: Bug #966395 Dear Maintainer,
I have attempted to use the squid package using plain-text input to the proxy, but a https URL, which exercises some of the same code paths as SSL bumping configurations, and have investigated further why this doesn't work with gnutls. It seems that the key log line (visible with debugging verbosity of 8) is 2020/08/15 12:14:50.252 kid1| 5,3| Read.cc(92) ReadNow: local=192.168.0.4:51944 remote=142.250.67.14:443 FD 15 flags=1, size 65536, retval -28, errno 0 It turns out that -28 means GNUTLS_E_AGAIN. This should be a non-fatal error, but squid looks in errno to decide if an error is fatal, not in the return value. But gnutls just returns the value, it doesn't set the errno: https://gitlab.com/gnutls/gnutls/-/blob/master/lib/buffers.c#L617 So this seems like a squid upstream bug with how it integrates with gnutls. I haven't had any success signing up for upstream's Bugzilla, so haven't been able to report this to upstream yet. -- System Information: Debian Release: 10.5 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.6.0-0.bpo.2-amd64 (SMP w/12 CPU cores) Kernel taint flags: TAINT_WARN, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages squid depends on: ii adduser 3.118 ii libc6 2.28-10 ii libcap2 1:2.25-2 ii libcom-err2 1.44.5-1+deb10u3 ii libdb5.3 5.3.28+dfsg1-0.5 ii libdbi-perl 1.642-1+b1 ii libecap3 1.0.1-3.2 ii libexpat1 2.2.6-2+deb10u1 ii libgcc1 1:8.3.0-6 ii libgnutls30 3.6.7-4+deb10u5 ii libgssapi-krb5-2 1.17-3 ii libkrb5-3 1.17-3 ii libldap-2.4-2 2.4.47+dfsg-3+deb10u2 ii libltdl7 2.4.6-9 ii libnetfilter-conntrack3 1.0.7-1 ii libnettle6 3.4.1-1 ii libpam0g 1.3.1-5 ii libsasl2-2 2.1.27+dfsg-1+deb10u1 ii libstdc++6 8.3.0-6 ii libxml2 2.9.4+dfsg1-7+b3 ii logrotate 3.14.0-4 ii lsb-base 10.2019051400 ii netbase 5.6 ii squid-common 4.6-1+deb10u3 Versions of packages squid recommends: ii ca-certificates 20190110 ii libcap2-bin 1:2.25-2 Versions of packages squid suggests: ii resolvconf 1.79 ii smbclient 2:4.9.5+dfsg-5+deb10u1 pn squid-cgi <none> pn squid-purge <none> ii squidclient 4.6-1+deb10u3 ii ufw 0.36-1 ii winbind 2:4.9.5+dfsg-5+deb10u1 -- no debconf information