Re: [squid-users] SSL bump not working w/some sites.
Amos Jeffries wrote: It should be safe enough to check that your system CA set is up to date. There were changes as recently as a week ago. --- My "system CA" -- when I searched for linux CA updating, it said on linux there were many possible CA locations, but going with the top choice for opensuse 13.2, I found that "/var/lib/ca-certificates/pem/" is owned by RPM ca-certificates-1_201403302107-8.1.2.src.rpm (which doesn't sound very up-to-date). Following it's internal source URL, and it pointed me to https://github.com/openSUSE/ca-certificates which was last updated Nov 10, 2015. Still doesn't sound very current. :-(... Seems like someone doesn't want to make this easy. I'll go ask on my distro list, but for "recent" updates, I might have to wait a while... Like said -- distro-list... ;-) thanks, -l ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Certificate transparency: problem for ssl-bumping, no effect, or?
Yuri Voinov wrote: Hope at this. It is difficult to make long-term plans if the software has to die soon. :) --- ..And if SW doesn't die "soon", but only a little later? I.e. with google's AI designing new encryption algorithms today (nothing said about quality), how long before they can have an AI replacing most of us? Even now PC's seem to be "short-timers" as mass-users are migrated to hand-held, consume-only platforms, and PC's evolve into tomorrows unaffordable mini-compute-cloud servers. PC's have always been too dangerous to allow in everyone's home unless they are locked down and become "content platforms" to play content similar to how game consoles are now. It seems it will be hard just to afford an X84-64 compat CPU with those getting more & more cores (and more expensive) and consumers being shunted over to the more affordable and the comparatively, celeron-classed, Atom CPUs. A year goes by quickly enough these days, to at least get an advanced "head-up" on such new "standards"... ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Objects in cache that are not found don't seem to be removed from the internal index
Amos Jeffries wrote: On 2/10/2016 8:29 p.m., Linda A. Walsh wrote: I noticed a message like this in my cache.log: 2016/09/30 18:50:27 kid1| DiskThreadsDiskFile::openDone: (2) No such file or directory 2016/09/30 18:50:27 kid1| /var/cache/squid/1D/1C/0001D708 Always wonder why, but barring that, I found multiple statements like that with the same file number. I.e. after it has failed and knows it isn't in the cache -- why do I get more failures with it trying to fetch the same bad file? Unknown without a detailed log trace containing the full Squid operations between the recorded lines. --- I don't know the sequence of actions needed to reliably trigger the above, but the cache logs I have hand show counts of "1" for 99 of the "no such file" errors, with the non-"1" counts being: 2 /var/cache/squid/11/05/00011167 12 /var/cache/squid/2C/34/0006CD0A 33 /var/cache/squid/01/31/1C56 51 /var/cache/squid/25/06/000251AD 71 /var/cache/squid/1D/1C/0001D708 In the oldest log rotated out on Sep 16, There are 6 with count 1, and 2 with 1 counts: 6 /var/cache/squid/1D/1C/0001D708 7 /var/cache/squid/25/06/000251AD In the large majority of cases, they are 1-time misses, but for some, like "/var/cache/squid/1D/1C/0001D708". I don't see any that have the two cache dirs as the 1st 2 digits -- I'd be surprised if it worked at all if that were the case -- maybe it isn't -- maybe I'm only getting memhits and the rest are hits that would have come from disk if the file was there? Which log would you want a detailed trace of... you talking debug level 9? Erk?... Probably multiple objects using the same filename. That might also explain why it is disappearing too (one got deeted, other entris not aware of that). Although the filename does not start with 1D1C which I would expect to see there given the path. Amos ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] --enable-openssl-crtd -- not building openssl-crtd? (3.5.21)
Eliezer Croitoru wrote: Hey Linda, If you need some help later we are here for any advice. Can you say on what OS are you compiling the software? --- opensuse 13.2 I have to see what else is needed (if anything). I already imported the squid-cert into my browser, but not sure if it is bumping anything or not. What I'd like to do is create a list of ssl-"banned" connections where it can store objects from those sessions into the cache under plaintext names so for those sites I can regain squid-caching that is shareable between different sessions. Right now, due to the ssl-junkies (those who want everything encrypted because it hides their streams from user eyes), it seems that many objects that used to be cached, now, can't be cached because they are part of a TUNNEL where individual objects are no longer discernible. I've noticed an overall slowdown of websites due to the slowdown from encrypting & decrypting as well as not being able to cache commonly used items. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] --enable-openssl-crtd -- not building openssl-crtd? (3.5.21)
Amos Jeffries wrote: There is no such option. Never has been. ## ./configure --help | grep ssl --enable-ssl-crtd ... --with-openssl=PATH Compile with the OpenSSL libraries. ... Oops... Conflated the two... back to configuring... tnx, -l ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
[squid-users] high volume of 'missing files' in cache....TCP_SWAPFAIL
looking in the access log: wc -l access.log 123246 access.log grep TCP_SWAPFAIL access.log|wc -l 2369 From the cache.log: Ishtar:/var/log/squid# wc cache.log 10263 92323 905184 cache.log # grep "No such" /var/log/squid/cache.log|wc 2642 27035 238727 Seems unlikely that a shutdown would cut it off: 2015/08/22 23:51:42 kid1| storeDirWriteCleanLogs: Starting... 2015/08/22 23:51:42 kid1| 65536 entries written so far. 2015/08/22 23:51:42 kid1|131072 entries written so far. 2015/08/22 23:51:42 kid1|196608 entries written so far. 2015/08/22 23:51:42 kid1|262144 entries written so far. 2015/08/22 23:51:42 kid1|327680 entries written so far. 2015/08/22 23:51:42 kid1| Finished. Wrote 349041 entries. 2015/08/22 23:51:42 kid1| Took 0.08 seconds (4348607.74 entries/sec). ... 2015/09/11 17:10:41 kid1| NETDB state saved; 0 entries, 0 msec 2015/09/11 17:25:01 kid1| DiskThreadsDiskFile::openDone: (2) No such file or direct ory 2015/09/11 17:25:01 kid1| /var/cache/squid/25/30/00025C24 2015/09/11 17:25:03 kid1| DiskThreadsDiskFile::openDone: (2) No such file or direct ory 2015/09/11 17:25:03 kid1| /var/cache/squid/25/30/00025C25 2015/09/11 17:25:07 kid1| DiskThreadsDiskFile::openDone: (2) No such file or direct ory so like for the files mentioned above: Notice 24 and 25 are really gone -- and they likely should have expired... -rw-rwSr-- 1 12472 Sep 19 2014 00025C20 -rw-rwSr-- 1348 Aug 22 14:23 00025C21 -rw-rwSr-- 1 461035 Aug 2 18:13 00025C22 -rw-rwSr-- 1 6466 Aug 22 14:23 00025C23 -rw-rwSr-- 1 37570 Aug 22 14:24 00025C26 Is there a command to run against the DB to have it check for consistency? I.e. maybe it will go away if the db is made consistent -- or... it will start doing this again after some period of time. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] linking ltrans get missing xstrerr? (SOLVED)
Linda W wrote: ltrans -- I disabled translation -- should ltrans be getting made? If so, where can I find xstrerr? --- looks like a windows only thing, so I assumed my build dir was corrupt. It is no longer corrupt. ;-/ : ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
[squid-users] linking ltrans get missing xstrerr?
ltrans -- I disabled translation -- should ltrans be getting made? If so, where can I find xstrerr? Thanks! (must be buried in *somefile*! libtool: link: g++ -Wall -Wpointer-arith -Wwrite-strings -Wcomments -Wshadow -Werror -pipe -D_REENTRANT -m64 -DOPENSSL_LOAD_CONF -O2 -m64 -fasynchronous-unwind-tables -fbranch-target-load-optimize -fdelete-null-pointer-checks -fgcse-after-reload -fgcse-las -fgcse-sm -fgraphite-identity -fipa-pta -fivopts -floop-block -floop-flatten -floop-interchange -floop-strip-mine -flto -fmessage-length=0 -fpredictive-commoning -frename-registers -freorder-blocks-and-partition -ftracer -fsched-stalled-insns=1 -fsched-stalled-insns-dep=1 -ftree-loop-linear -ftree-loop-distribution -ftree-loop-distribute-patterns -ftree-loop-im -ftree-loop-ivcanon -ftree-vectorize -ftree-slp-vectorize -funswitch-loops -funwind-tables -fvariable-expansion-in-unroller -fvect-cost-model -fweb -march=native -fpie -pipe -march=native -std=c++11 -m64 -flto=6 -fpie -O2 -fuse-linker-plugin -o log_file_daemon log_file_daemon.o -L../../../lib ../../../compat/.libs/libcompat-squid.a -lm -lnsl -lresolv -lcap -lrt -ldl /tmp/cc4OQH3C.ltrans0.ltrans.o: In function `rotate(char const*, int)': cc4OQH3C.ltrans0.o:(.text+0xe2): undefined reference to `xstrerr(int)' cc4OQH3C.ltrans0.o:(.text+0x150): undefined reference to `xstrerr(int)' collect2: error: ld returned 1 exit status ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Question on throughput
Stephen Baynes wrote: On a multi CPU box - the number of Squid workers has a very big effect of the throughput. --- Last I heard that option was only available for requests 32KB or smaller. Has it increased? Dunno about your use case, but looking at my cache right now, I see 505049 files using 86G of space. That's an average of 182836 bytes/file or about 6x the maximum allowed for parallel use. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users