Re: [squid-users] problems with ssl_crtd

2012-09-25 Thread Linos 
Sure, you have it attached.

Miguel Angel.

On 24/09/12 20:10, Ahmed Talha Khan wrote:
> Linos,
> 
> I have not debugged the issue yet. Will post results when do it.
> 
> Can anyone provide with the FATAL patch kindly?
> 
> -talha
> 
> On Mon, Sep 24, 2012 at 9:47 PM, Linos  wrote:
>> On 24/09/12 12:52, Amos Jeffries wrote:
>>> On 24/09/2012 8:44 p.m., Linos wrote:
 On 20/09/12 12:58, Ahmed Talha Khan wrote:
> Hey Guy, All
>
> I have started facing a very similar issue now.I have been using
> squid-3.HEAD-20120421-r12120 for about 5 months without any issues.
> Suddenly from yesterday ive started getting crahses in ssl_crtd
> process.
>
>
> In my case i am the only user but i observe that the behaviour is
> random. Sometimes it crashes and sometimes it works. Different https
> pages give the crash. Even non https pages have caused the crash.
>
>   These occur especially on google https pages like docs,mail,calender 
> etc..
>
> The signing cert is also ok and has NOT expired.
>
>
> My squid conf looks like this:
> ***
> sslproxy_cert_error allow all
>
> sslcrtd_program /usr/local/squid-3.3/libexec/ssl_crtd -s
> /usr/local/squid-3.3/var/lib/ssl_db -M 4MB
> sslcrtd_children 5
>
> http_port 192.168.8.134:3128 ssl-bump generate-host-certificates=on
> dynamic_cert_mem_cache_size=4MB
> cert=/home/asif/squid/www.sample.com.pem
> key=/home/asif/squid/www.sample.com.pem
>
> http_port 192.168.8.134:8080
>
> https_port 192.168.8.134:3129 ssl-bump generate-host-certificates=on
> dynamic_cert_mem_cache_size=4MB
> cert=/home/asif/squid/www.sample.com.pem
> key=/home/asif/squid/www.sample.com.pem
> ***
>
> The ssl_db directory is initialized properly with correct permissions.
>
> ***
> [talha@localhost lib]$ pwd
> /usr/local/squid-3.3/var/lib
>
> [talha@localhost lib]$ ls -al
> total 24
> drwxrwxrwx 3 root   root  4096 Sep 20 15:31 .
> drwxrwxrwx 6 root   root  4096 Sep 20 15:05 ..
> drwxrwxrwx 3 nobody talha 4096 Sep 20 15:31 ssl_db
>
> The size file also has some values in it and cert generation also
> seems to work but suddenly it all crashes .
> **
>
>
>
> 2012/09/20 14:57:45| Starting Squid Cache version
> 3.HEAD-20120425-r12120 for x86_64-unknown-linux-gnu...
> 2012/09/20 14:57:45| Process ID 23826
> 2012/09/20 14:57:45| Process Roles: master worker
> 2012/09/20 14:57:45| With 1024 file descriptors available
> 2012/09/20 14:57:45| Initializing IP Cache...
> 2012/09/20 14:57:45| DNS Socket created at [::], FD 5
> 2012/09/20 14:57:45| DNS Socket created at 0.0.0.0, FD 6
> 2012/09/20 14:57:45| Adding nameserver 192.168.8.1 from /etc/resolv.conf
> 2012/09/20 14:57:45| Adding domain localdomain from /etc/resolv.conf
> 2012/09/20 14:57:45| helperOpenServers: Starting 5/5 'ssl_crtd' processes
> 2012/09/20 14:57:45| Logfile: opening log
> daemon:/usr/local/squid-3.3/var/logs/access.log
> 2012/09/20 14:57:45| Logfile Daemon: opening log
> /usr/local/squid-3.3/var/logs/access.log
> 2012/09/20 14:57:45| Logfile: opening log 
> /usr/local/squid-3.3/var/logs/icap-log
> 2012/09/20 14:57:45| WARNING: log parameters now start with a module
> name. Use 'stdio:/usr/local/squid-3.3/var/logs/icap-log'
>
>
> 2012/09/20 14:57:45| Store logging disabled
> 2012/09/20 14:57:45| Swap maxSize 0 + 262144 KB, estimated 20164 objects
> 2012/09/20 14:57:45| Target number of buckets: 1008
> 2012/09/20 14:57:45| Using 8192 Store buckets
> 2012/09/20 14:57:45| Max Mem  size: 262144 KB
> 2012/09/20 14:57:45| Max Swap size: 0 KB
> 2012/09/20 14:57:45| Using Least Load store dir selection
> 2012/09/20 14:57:45| Set Current Directory to 
> /usr/local/squid-3.3/var/cache
> 2012/09/20 14:57:45| Loaded Icons.
> 2012/09/20 14:57:45| HTCP Disabled.
> 2012/09/20 14:57:45| /usr/local/squid-3.3/var/run/squid.pid: (13)
> Permission denied
> 2012/09/20 14:57:45| WARNING: Could not write pid file
> 2012/09/20 14:57:45| Squid plugin modules loaded: 0
> 2012/09/20 14:57:45| Adaptation support is on
> 2012/09/20 14:57:45| Accepting SSL bumped HTTP Socket connections at
> local=192.168.8.134:3128 remote=[::] FD 20 flags=9
> 2012/09/20 14:57:45| Accepting HTTP Socket connections at
> local=192.168.8.134:8080 remote=[::] FD 21 flags=9
> 2012/09/20 14:57:45| Accepting SSL bumped HTTPS Socket connections at
> local=192.168.8.134:3129 remote=[::] FD 22 flags=9
> 2012/09/20 14:57:46| storeLateRelease: released 0 objects
>
> (ssl_crtd): Cannot create

Re: [squid-users] problems with ssl_crtd

2012-09-24 Thread Ahmed Talha Khan 
Linos,

I have not debugged the issue yet. Will post results when do it.

Can anyone provide with the FATAL patch kindly?

-talha

On Mon, Sep 24, 2012 at 9:47 PM, Linos  wrote:
> On 24/09/12 12:52, Amos Jeffries wrote:
>> On 24/09/2012 8:44 p.m., Linos wrote:
>>> On 20/09/12 12:58, Ahmed Talha Khan wrote:
 Hey Guy, All

 I have started facing a very similar issue now.I have been using
 squid-3.HEAD-20120421-r12120 for about 5 months without any issues.
 Suddenly from yesterday ive started getting crahses in ssl_crtd
 process.


 In my case i am the only user but i observe that the behaviour is
 random. Sometimes it crashes and sometimes it works. Different https
 pages give the crash. Even non https pages have caused the crash.

   These occur especially on google https pages like docs,mail,calender 
 etc..

 The signing cert is also ok and has NOT expired.


 My squid conf looks like this:
 ***
 sslproxy_cert_error allow all

 sslcrtd_program /usr/local/squid-3.3/libexec/ssl_crtd -s
 /usr/local/squid-3.3/var/lib/ssl_db -M 4MB
 sslcrtd_children 5

 http_port 192.168.8.134:3128 ssl-bump generate-host-certificates=on
 dynamic_cert_mem_cache_size=4MB
 cert=/home/asif/squid/www.sample.com.pem
 key=/home/asif/squid/www.sample.com.pem

 http_port 192.168.8.134:8080

 https_port 192.168.8.134:3129 ssl-bump generate-host-certificates=on
 dynamic_cert_mem_cache_size=4MB
 cert=/home/asif/squid/www.sample.com.pem
 key=/home/asif/squid/www.sample.com.pem
 ***

 The ssl_db directory is initialized properly with correct permissions.

 ***
 [talha@localhost lib]$ pwd
 /usr/local/squid-3.3/var/lib

 [talha@localhost lib]$ ls -al
 total 24
 drwxrwxrwx 3 root   root  4096 Sep 20 15:31 .
 drwxrwxrwx 6 root   root  4096 Sep 20 15:05 ..
 drwxrwxrwx 3 nobody talha 4096 Sep 20 15:31 ssl_db

 The size file also has some values in it and cert generation also
 seems to work but suddenly it all crashes .
 **



 2012/09/20 14:57:45| Starting Squid Cache version
 3.HEAD-20120425-r12120 for x86_64-unknown-linux-gnu...
 2012/09/20 14:57:45| Process ID 23826
 2012/09/20 14:57:45| Process Roles: master worker
 2012/09/20 14:57:45| With 1024 file descriptors available
 2012/09/20 14:57:45| Initializing IP Cache...
 2012/09/20 14:57:45| DNS Socket created at [::], FD 5
 2012/09/20 14:57:45| DNS Socket created at 0.0.0.0, FD 6
 2012/09/20 14:57:45| Adding nameserver 192.168.8.1 from /etc/resolv.conf
 2012/09/20 14:57:45| Adding domain localdomain from /etc/resolv.conf
 2012/09/20 14:57:45| helperOpenServers: Starting 5/5 'ssl_crtd' processes
 2012/09/20 14:57:45| Logfile: opening log
 daemon:/usr/local/squid-3.3/var/logs/access.log
 2012/09/20 14:57:45| Logfile Daemon: opening log
 /usr/local/squid-3.3/var/logs/access.log
 2012/09/20 14:57:45| Logfile: opening log 
 /usr/local/squid-3.3/var/logs/icap-log
 2012/09/20 14:57:45| WARNING: log parameters now start with a module
 name. Use 'stdio:/usr/local/squid-3.3/var/logs/icap-log'


 2012/09/20 14:57:45| Store logging disabled
 2012/09/20 14:57:45| Swap maxSize 0 + 262144 KB, estimated 20164 objects
 2012/09/20 14:57:45| Target number of buckets: 1008
 2012/09/20 14:57:45| Using 8192 Store buckets
 2012/09/20 14:57:45| Max Mem  size: 262144 KB
 2012/09/20 14:57:45| Max Swap size: 0 KB
 2012/09/20 14:57:45| Using Least Load store dir selection
 2012/09/20 14:57:45| Set Current Directory to 
 /usr/local/squid-3.3/var/cache
 2012/09/20 14:57:45| Loaded Icons.
 2012/09/20 14:57:45| HTCP Disabled.
 2012/09/20 14:57:45| /usr/local/squid-3.3/var/run/squid.pid: (13)
 Permission denied
 2012/09/20 14:57:45| WARNING: Could not write pid file
 2012/09/20 14:57:45| Squid plugin modules loaded: 0
 2012/09/20 14:57:45| Adaptation support is on
 2012/09/20 14:57:45| Accepting SSL bumped HTTP Socket connections at
 local=192.168.8.134:3128 remote=[::] FD 20 flags=9
 2012/09/20 14:57:45| Accepting HTTP Socket connections at
 local=192.168.8.134:8080 remote=[::] FD 21 flags=9
 2012/09/20 14:57:45| Accepting SSL bumped HTTPS Socket connections at
 local=192.168.8.134:3129 remote=[::] FD 22 flags=9
 2012/09/20 14:57:46| storeLateRelease: released 0 objects

 (ssl_crtd): Cannot create ssl certificate or private key.
 2012/09/20 14:58:23| WARNING: ssl_crtd #2 exited
 2012/09/20 14:58:23| Too few ssl_crtd processes are running (need 1/5)

 2012/09/20 14:58:23| Starting new help

Re: [squid-users] problems with ssl_crtd

2012-09-24 Thread Linos 
On 24/09/12 12:52, Amos Jeffries wrote:
> On 24/09/2012 8:44 p.m., Linos wrote:
>> On 20/09/12 12:58, Ahmed Talha Khan wrote:
>>> Hey Guy, All
>>>
>>> I have started facing a very similar issue now.I have been using
>>> squid-3.HEAD-20120421-r12120 for about 5 months without any issues.
>>> Suddenly from yesterday ive started getting crahses in ssl_crtd
>>> process.
>>>
>>>
>>> In my case i am the only user but i observe that the behaviour is
>>> random. Sometimes it crashes and sometimes it works. Different https
>>> pages give the crash. Even non https pages have caused the crash.
>>>
>>>   These occur especially on google https pages like docs,mail,calender etc..
>>>
>>> The signing cert is also ok and has NOT expired.
>>>
>>>
>>> My squid conf looks like this:
>>> ***
>>> sslproxy_cert_error allow all
>>>
>>> sslcrtd_program /usr/local/squid-3.3/libexec/ssl_crtd -s
>>> /usr/local/squid-3.3/var/lib/ssl_db -M 4MB
>>> sslcrtd_children 5
>>>
>>> http_port 192.168.8.134:3128 ssl-bump generate-host-certificates=on
>>> dynamic_cert_mem_cache_size=4MB
>>> cert=/home/asif/squid/www.sample.com.pem
>>> key=/home/asif/squid/www.sample.com.pem
>>>
>>> http_port 192.168.8.134:8080
>>>
>>> https_port 192.168.8.134:3129 ssl-bump generate-host-certificates=on
>>> dynamic_cert_mem_cache_size=4MB
>>> cert=/home/asif/squid/www.sample.com.pem
>>> key=/home/asif/squid/www.sample.com.pem
>>> ***
>>>
>>> The ssl_db directory is initialized properly with correct permissions.
>>>
>>> ***
>>> [talha@localhost lib]$ pwd
>>> /usr/local/squid-3.3/var/lib
>>>
>>> [talha@localhost lib]$ ls -al
>>> total 24
>>> drwxrwxrwx 3 root   root  4096 Sep 20 15:31 .
>>> drwxrwxrwx 6 root   root  4096 Sep 20 15:05 ..
>>> drwxrwxrwx 3 nobody talha 4096 Sep 20 15:31 ssl_db
>>>
>>> The size file also has some values in it and cert generation also
>>> seems to work but suddenly it all crashes .
>>> **
>>>
>>>
>>>
>>> 2012/09/20 14:57:45| Starting Squid Cache version
>>> 3.HEAD-20120425-r12120 for x86_64-unknown-linux-gnu...
>>> 2012/09/20 14:57:45| Process ID 23826
>>> 2012/09/20 14:57:45| Process Roles: master worker
>>> 2012/09/20 14:57:45| With 1024 file descriptors available
>>> 2012/09/20 14:57:45| Initializing IP Cache...
>>> 2012/09/20 14:57:45| DNS Socket created at [::], FD 5
>>> 2012/09/20 14:57:45| DNS Socket created at 0.0.0.0, FD 6
>>> 2012/09/20 14:57:45| Adding nameserver 192.168.8.1 from /etc/resolv.conf
>>> 2012/09/20 14:57:45| Adding domain localdomain from /etc/resolv.conf
>>> 2012/09/20 14:57:45| helperOpenServers: Starting 5/5 'ssl_crtd' processes
>>> 2012/09/20 14:57:45| Logfile: opening log
>>> daemon:/usr/local/squid-3.3/var/logs/access.log
>>> 2012/09/20 14:57:45| Logfile Daemon: opening log
>>> /usr/local/squid-3.3/var/logs/access.log
>>> 2012/09/20 14:57:45| Logfile: opening log 
>>> /usr/local/squid-3.3/var/logs/icap-log
>>> 2012/09/20 14:57:45| WARNING: log parameters now start with a module
>>> name. Use 'stdio:/usr/local/squid-3.3/var/logs/icap-log'
>>>
>>>
>>> 2012/09/20 14:57:45| Store logging disabled
>>> 2012/09/20 14:57:45| Swap maxSize 0 + 262144 KB, estimated 20164 objects
>>> 2012/09/20 14:57:45| Target number of buckets: 1008
>>> 2012/09/20 14:57:45| Using 8192 Store buckets
>>> 2012/09/20 14:57:45| Max Mem  size: 262144 KB
>>> 2012/09/20 14:57:45| Max Swap size: 0 KB
>>> 2012/09/20 14:57:45| Using Least Load store dir selection
>>> 2012/09/20 14:57:45| Set Current Directory to /usr/local/squid-3.3/var/cache
>>> 2012/09/20 14:57:45| Loaded Icons.
>>> 2012/09/20 14:57:45| HTCP Disabled.
>>> 2012/09/20 14:57:45| /usr/local/squid-3.3/var/run/squid.pid: (13)
>>> Permission denied
>>> 2012/09/20 14:57:45| WARNING: Could not write pid file
>>> 2012/09/20 14:57:45| Squid plugin modules loaded: 0
>>> 2012/09/20 14:57:45| Adaptation support is on
>>> 2012/09/20 14:57:45| Accepting SSL bumped HTTP Socket connections at
>>> local=192.168.8.134:3128 remote=[::] FD 20 flags=9
>>> 2012/09/20 14:57:45| Accepting HTTP Socket connections at
>>> local=192.168.8.134:8080 remote=[::] FD 21 flags=9
>>> 2012/09/20 14:57:45| Accepting SSL bumped HTTPS Socket connections at
>>> local=192.168.8.134:3129 remote=[::] FD 22 flags=9
>>> 2012/09/20 14:57:46| storeLateRelease: released 0 objects
>>>
>>> (ssl_crtd): Cannot create ssl certificate or private key.
>>> 2012/09/20 14:58:23| WARNING: ssl_crtd #2 exited
>>> 2012/09/20 14:58:23| Too few ssl_crtd processes are running (need 1/5)
>>>
>>> 2012/09/20 14:58:23| Starting new helpers
>>> 2012/09/20 14:58:23| helperOpenServers: Starting 1/5 'ssl_crtd' processes
>>> 2012/09/20 14:58:23| client_side.cc(3478) sslCrtdHandleReply:
>>> "ssl_crtd" helper return  reply
>>> (ssl_crtd): Cannot create ssl certificate or private key.
>>>
>>> 2012/09/20 14:58:23| WARNING: ssl_crtd #1 exi

Re: [squid-users] problems with ssl_crtd

2012-09-24 Thread Linos 
On 24/09/12 12:52, Amos Jeffries wrote:
> On 24/09/2012 8:44 p.m., Linos wrote:
>> On 20/09/12 12:58, Ahmed Talha Khan wrote:
>>> Hey Guy, All
>>>
>>> I have started facing a very similar issue now.I have been using
>>> squid-3.HEAD-20120421-r12120 for about 5 months without any issues.
>>> Suddenly from yesterday ive started getting crahses in ssl_crtd
>>> process.
>>>
>>>
>>> In my case i am the only user but i observe that the behaviour is
>>> random. Sometimes it crashes and sometimes it works. Different https
>>> pages give the crash. Even non https pages have caused the crash.
>>>
>>>   These occur especially on google https pages like docs,mail,calender etc..
>>>
>>> The signing cert is also ok and has NOT expired.
>>>
>>>
>>> My squid conf looks like this:
>>> ***
>>> sslproxy_cert_error allow all
>>>
>>> sslcrtd_program /usr/local/squid-3.3/libexec/ssl_crtd -s
>>> /usr/local/squid-3.3/var/lib/ssl_db -M 4MB
>>> sslcrtd_children 5
>>>
>>> http_port 192.168.8.134:3128 ssl-bump generate-host-certificates=on
>>> dynamic_cert_mem_cache_size=4MB
>>> cert=/home/asif/squid/www.sample.com.pem
>>> key=/home/asif/squid/www.sample.com.pem
>>>
>>> http_port 192.168.8.134:8080
>>>
>>> https_port 192.168.8.134:3129 ssl-bump generate-host-certificates=on
>>> dynamic_cert_mem_cache_size=4MB
>>> cert=/home/asif/squid/www.sample.com.pem
>>> key=/home/asif/squid/www.sample.com.pem
>>> ***
>>>
>>> The ssl_db directory is initialized properly with correct permissions.
>>>
>>> ***
>>> [talha@localhost lib]$ pwd
>>> /usr/local/squid-3.3/var/lib
>>>
>>> [talha@localhost lib]$ ls -al
>>> total 24
>>> drwxrwxrwx 3 root   root  4096 Sep 20 15:31 .
>>> drwxrwxrwx 6 root   root  4096 Sep 20 15:05 ..
>>> drwxrwxrwx 3 nobody talha 4096 Sep 20 15:31 ssl_db
>>>
>>> The size file also has some values in it and cert generation also
>>> seems to work but suddenly it all crashes .
>>> **
>>>
>>>
>>>
>>> 2012/09/20 14:57:45| Starting Squid Cache version
>>> 3.HEAD-20120425-r12120 for x86_64-unknown-linux-gnu...
>>> 2012/09/20 14:57:45| Process ID 23826
>>> 2012/09/20 14:57:45| Process Roles: master worker
>>> 2012/09/20 14:57:45| With 1024 file descriptors available
>>> 2012/09/20 14:57:45| Initializing IP Cache...
>>> 2012/09/20 14:57:45| DNS Socket created at [::], FD 5
>>> 2012/09/20 14:57:45| DNS Socket created at 0.0.0.0, FD 6
>>> 2012/09/20 14:57:45| Adding nameserver 192.168.8.1 from /etc/resolv.conf
>>> 2012/09/20 14:57:45| Adding domain localdomain from /etc/resolv.conf
>>> 2012/09/20 14:57:45| helperOpenServers: Starting 5/5 'ssl_crtd' processes
>>> 2012/09/20 14:57:45| Logfile: opening log
>>> daemon:/usr/local/squid-3.3/var/logs/access.log
>>> 2012/09/20 14:57:45| Logfile Daemon: opening log
>>> /usr/local/squid-3.3/var/logs/access.log
>>> 2012/09/20 14:57:45| Logfile: opening log 
>>> /usr/local/squid-3.3/var/logs/icap-log
>>> 2012/09/20 14:57:45| WARNING: log parameters now start with a module
>>> name. Use 'stdio:/usr/local/squid-3.3/var/logs/icap-log'
>>>
>>>
>>> 2012/09/20 14:57:45| Store logging disabled
>>> 2012/09/20 14:57:45| Swap maxSize 0 + 262144 KB, estimated 20164 objects
>>> 2012/09/20 14:57:45| Target number of buckets: 1008
>>> 2012/09/20 14:57:45| Using 8192 Store buckets
>>> 2012/09/20 14:57:45| Max Mem  size: 262144 KB
>>> 2012/09/20 14:57:45| Max Swap size: 0 KB
>>> 2012/09/20 14:57:45| Using Least Load store dir selection
>>> 2012/09/20 14:57:45| Set Current Directory to /usr/local/squid-3.3/var/cache
>>> 2012/09/20 14:57:45| Loaded Icons.
>>> 2012/09/20 14:57:45| HTCP Disabled.
>>> 2012/09/20 14:57:45| /usr/local/squid-3.3/var/run/squid.pid: (13)
>>> Permission denied
>>> 2012/09/20 14:57:45| WARNING: Could not write pid file
>>> 2012/09/20 14:57:45| Squid plugin modules loaded: 0
>>> 2012/09/20 14:57:45| Adaptation support is on
>>> 2012/09/20 14:57:45| Accepting SSL bumped HTTP Socket connections at
>>> local=192.168.8.134:3128 remote=[::] FD 20 flags=9
>>> 2012/09/20 14:57:45| Accepting HTTP Socket connections at
>>> local=192.168.8.134:8080 remote=[::] FD 21 flags=9
>>> 2012/09/20 14:57:45| Accepting SSL bumped HTTPS Socket connections at
>>> local=192.168.8.134:3129 remote=[::] FD 22 flags=9
>>> 2012/09/20 14:57:46| storeLateRelease: released 0 objects
>>>
>>> (ssl_crtd): Cannot create ssl certificate or private key.
>>> 2012/09/20 14:58:23| WARNING: ssl_crtd #2 exited
>>> 2012/09/20 14:58:23| Too few ssl_crtd processes are running (need 1/5)
>>>
>>> 2012/09/20 14:58:23| Starting new helpers
>>> 2012/09/20 14:58:23| helperOpenServers: Starting 1/5 'ssl_crtd' processes
>>> 2012/09/20 14:58:23| client_side.cc(3478) sslCrtdHandleReply:
>>> "ssl_crtd" helper return  reply
>>> (ssl_crtd): Cannot create ssl certificate or private key.
>>>
>>> 2012/09/20 14:58:23| WARNING: ssl_crtd #1 exi

Re: [squid-users] problems with ssl_crtd

2012-09-24 Thread Amos Jeffries 

On 24/09/2012 8:44 p.m., Linos wrote:

On 20/09/12 12:58, Ahmed Talha Khan wrote:

Hey Guy, All

I have started facing a very similar issue now.I have been using
squid-3.HEAD-20120421-r12120 for about 5 months without any issues.
Suddenly from yesterday ive started getting crahses in ssl_crtd
process.


In my case i am the only user but i observe that the behaviour is
random. Sometimes it crashes and sometimes it works. Different https
pages give the crash. Even non https pages have caused the crash.

  These occur especially on google https pages like docs,mail,calender etc..

The signing cert is also ok and has NOT expired.


My squid conf looks like this:
***
sslproxy_cert_error allow all

sslcrtd_program /usr/local/squid-3.3/libexec/ssl_crtd -s
/usr/local/squid-3.3/var/lib/ssl_db -M 4MB
sslcrtd_children 5

http_port 192.168.8.134:3128 ssl-bump generate-host-certificates=on
dynamic_cert_mem_cache_size=4MB
cert=/home/asif/squid/www.sample.com.pem
key=/home/asif/squid/www.sample.com.pem

http_port 192.168.8.134:8080

https_port 192.168.8.134:3129 ssl-bump generate-host-certificates=on
dynamic_cert_mem_cache_size=4MB
cert=/home/asif/squid/www.sample.com.pem
key=/home/asif/squid/www.sample.com.pem
***

The ssl_db directory is initialized properly with correct permissions.

***
[talha@localhost lib]$ pwd
/usr/local/squid-3.3/var/lib

[talha@localhost lib]$ ls -al
total 24
drwxrwxrwx 3 root   root  4096 Sep 20 15:31 .
drwxrwxrwx 6 root   root  4096 Sep 20 15:05 ..
drwxrwxrwx 3 nobody talha 4096 Sep 20 15:31 ssl_db

The size file also has some values in it and cert generation also
seems to work but suddenly it all crashes .
**



2012/09/20 14:57:45| Starting Squid Cache version
3.HEAD-20120425-r12120 for x86_64-unknown-linux-gnu...
2012/09/20 14:57:45| Process ID 23826
2012/09/20 14:57:45| Process Roles: master worker
2012/09/20 14:57:45| With 1024 file descriptors available
2012/09/20 14:57:45| Initializing IP Cache...
2012/09/20 14:57:45| DNS Socket created at [::], FD 5
2012/09/20 14:57:45| DNS Socket created at 0.0.0.0, FD 6
2012/09/20 14:57:45| Adding nameserver 192.168.8.1 from /etc/resolv.conf
2012/09/20 14:57:45| Adding domain localdomain from /etc/resolv.conf
2012/09/20 14:57:45| helperOpenServers: Starting 5/5 'ssl_crtd' processes
2012/09/20 14:57:45| Logfile: opening log
daemon:/usr/local/squid-3.3/var/logs/access.log
2012/09/20 14:57:45| Logfile Daemon: opening log
/usr/local/squid-3.3/var/logs/access.log
2012/09/20 14:57:45| Logfile: opening log /usr/local/squid-3.3/var/logs/icap-log
2012/09/20 14:57:45| WARNING: log parameters now start with a module
name. Use 'stdio:/usr/local/squid-3.3/var/logs/icap-log'


2012/09/20 14:57:45| Store logging disabled
2012/09/20 14:57:45| Swap maxSize 0 + 262144 KB, estimated 20164 objects
2012/09/20 14:57:45| Target number of buckets: 1008
2012/09/20 14:57:45| Using 8192 Store buckets
2012/09/20 14:57:45| Max Mem  size: 262144 KB
2012/09/20 14:57:45| Max Swap size: 0 KB
2012/09/20 14:57:45| Using Least Load store dir selection
2012/09/20 14:57:45| Set Current Directory to /usr/local/squid-3.3/var/cache
2012/09/20 14:57:45| Loaded Icons.
2012/09/20 14:57:45| HTCP Disabled.
2012/09/20 14:57:45| /usr/local/squid-3.3/var/run/squid.pid: (13)
Permission denied
2012/09/20 14:57:45| WARNING: Could not write pid file
2012/09/20 14:57:45| Squid plugin modules loaded: 0
2012/09/20 14:57:45| Adaptation support is on
2012/09/20 14:57:45| Accepting SSL bumped HTTP Socket connections at
local=192.168.8.134:3128 remote=[::] FD 20 flags=9
2012/09/20 14:57:45| Accepting HTTP Socket connections at
local=192.168.8.134:8080 remote=[::] FD 21 flags=9
2012/09/20 14:57:45| Accepting SSL bumped HTTPS Socket connections at
local=192.168.8.134:3129 remote=[::] FD 22 flags=9
2012/09/20 14:57:46| storeLateRelease: released 0 objects

(ssl_crtd): Cannot create ssl certificate or private key.
2012/09/20 14:58:23| WARNING: ssl_crtd #2 exited
2012/09/20 14:58:23| Too few ssl_crtd processes are running (need 1/5)

2012/09/20 14:58:23| Starting new helpers
2012/09/20 14:58:23| helperOpenServers: Starting 1/5 'ssl_crtd' processes
2012/09/20 14:58:23| client_side.cc(3478) sslCrtdHandleReply:
"ssl_crtd" helper return  reply
(ssl_crtd): Cannot create ssl certificate or private key.

2012/09/20 14:58:23| WARNING: ssl_crtd #1 exited
2012/09/20 14:58:23| Too few ssl_crtd processes are running (need 1/5)
2012/09/20 14:58:23| storeDirWriteCleanLogs: Starting...
2012/09/20 14:58:23|   Finished.  Wrote 0 entries.
2012/09/20 14:58:23|   Took 0.00 seconds (  0.00 entries/sec).
FATAL: The ssl_crtd helpers are crashing too rapidly, need help!

Squid Cache (Version 3.HEAD-20120425-r12120): Terminated abnormally.
CPU Usage: 0.355 seconds = 0.289 user + 0.066 sys
Maximum Resident Size: 71104 KB
P

Re: [squid-users] problems with ssl_crtd

2012-09-24 Thread Linos 
On 20/09/12 12:58, Ahmed Talha Khan wrote:
> Hey Guy, All
> 
> I have started facing a very similar issue now.I have been using
> squid-3.HEAD-20120421-r12120 for about 5 months without any issues.
> Suddenly from yesterday ive started getting crahses in ssl_crtd
> process.
> 
> 
> In my case i am the only user but i observe that the behaviour is
> random. Sometimes it crashes and sometimes it works. Different https
> pages give the crash. Even non https pages have caused the crash.
> 
>  These occur especially on google https pages like docs,mail,calender etc..
> 
> The signing cert is also ok and has NOT expired.
> 
> 
> My squid conf looks like this:
> ***
> sslproxy_cert_error allow all
> 
> sslcrtd_program /usr/local/squid-3.3/libexec/ssl_crtd -s
> /usr/local/squid-3.3/var/lib/ssl_db -M 4MB
> sslcrtd_children 5
> 
> http_port 192.168.8.134:3128 ssl-bump generate-host-certificates=on
> dynamic_cert_mem_cache_size=4MB
> cert=/home/asif/squid/www.sample.com.pem
> key=/home/asif/squid/www.sample.com.pem
> 
> http_port 192.168.8.134:8080
> 
> https_port 192.168.8.134:3129 ssl-bump generate-host-certificates=on
> dynamic_cert_mem_cache_size=4MB
> cert=/home/asif/squid/www.sample.com.pem
> key=/home/asif/squid/www.sample.com.pem
> ***
> 
> The ssl_db directory is initialized properly with correct permissions.
> 
> ***
> [talha@localhost lib]$ pwd
> /usr/local/squid-3.3/var/lib
> 
> [talha@localhost lib]$ ls -al
> total 24
> drwxrwxrwx 3 root   root  4096 Sep 20 15:31 .
> drwxrwxrwx 6 root   root  4096 Sep 20 15:05 ..
> drwxrwxrwx 3 nobody talha 4096 Sep 20 15:31 ssl_db
> 
> The size file also has some values in it and cert generation also
> seems to work but suddenly it all crashes .
> **
> 
> 
> 
> 2012/09/20 14:57:45| Starting Squid Cache version
> 3.HEAD-20120425-r12120 for x86_64-unknown-linux-gnu...
> 2012/09/20 14:57:45| Process ID 23826
> 2012/09/20 14:57:45| Process Roles: master worker
> 2012/09/20 14:57:45| With 1024 file descriptors available
> 2012/09/20 14:57:45| Initializing IP Cache...
> 2012/09/20 14:57:45| DNS Socket created at [::], FD 5
> 2012/09/20 14:57:45| DNS Socket created at 0.0.0.0, FD 6
> 2012/09/20 14:57:45| Adding nameserver 192.168.8.1 from /etc/resolv.conf
> 2012/09/20 14:57:45| Adding domain localdomain from /etc/resolv.conf
> 2012/09/20 14:57:45| helperOpenServers: Starting 5/5 'ssl_crtd' processes
> 2012/09/20 14:57:45| Logfile: opening log
> daemon:/usr/local/squid-3.3/var/logs/access.log
> 2012/09/20 14:57:45| Logfile Daemon: opening log
> /usr/local/squid-3.3/var/logs/access.log
> 2012/09/20 14:57:45| Logfile: opening log 
> /usr/local/squid-3.3/var/logs/icap-log
> 2012/09/20 14:57:45| WARNING: log parameters now start with a module
> name. Use 'stdio:/usr/local/squid-3.3/var/logs/icap-log'
> 
> 
> 2012/09/20 14:57:45| Store logging disabled
> 2012/09/20 14:57:45| Swap maxSize 0 + 262144 KB, estimated 20164 objects
> 2012/09/20 14:57:45| Target number of buckets: 1008
> 2012/09/20 14:57:45| Using 8192 Store buckets
> 2012/09/20 14:57:45| Max Mem  size: 262144 KB
> 2012/09/20 14:57:45| Max Swap size: 0 KB
> 2012/09/20 14:57:45| Using Least Load store dir selection
> 2012/09/20 14:57:45| Set Current Directory to /usr/local/squid-3.3/var/cache
> 2012/09/20 14:57:45| Loaded Icons.
> 2012/09/20 14:57:45| HTCP Disabled.
> 2012/09/20 14:57:45| /usr/local/squid-3.3/var/run/squid.pid: (13)
> Permission denied
> 2012/09/20 14:57:45| WARNING: Could not write pid file
> 2012/09/20 14:57:45| Squid plugin modules loaded: 0
> 2012/09/20 14:57:45| Adaptation support is on
> 2012/09/20 14:57:45| Accepting SSL bumped HTTP Socket connections at
> local=192.168.8.134:3128 remote=[::] FD 20 flags=9
> 2012/09/20 14:57:45| Accepting HTTP Socket connections at
> local=192.168.8.134:8080 remote=[::] FD 21 flags=9
> 2012/09/20 14:57:45| Accepting SSL bumped HTTPS Socket connections at
> local=192.168.8.134:3129 remote=[::] FD 22 flags=9
> 2012/09/20 14:57:46| storeLateRelease: released 0 objects
> 
> (ssl_crtd): Cannot create ssl certificate or private key.
> 2012/09/20 14:58:23| WARNING: ssl_crtd #2 exited
> 2012/09/20 14:58:23| Too few ssl_crtd processes are running (need 1/5)
> 
> 2012/09/20 14:58:23| Starting new helpers
> 2012/09/20 14:58:23| helperOpenServers: Starting 1/5 'ssl_crtd' processes
> 2012/09/20 14:58:23| client_side.cc(3478) sslCrtdHandleReply:
> "ssl_crtd" helper return  reply
> (ssl_crtd): Cannot create ssl certificate or private key.
> 
> 2012/09/20 14:58:23| WARNING: ssl_crtd #1 exited
> 2012/09/20 14:58:23| Too few ssl_crtd processes are running (need 1/5)
> 2012/09/20 14:58:23| storeDirWriteCleanLogs: Starting...
> 2012/09/20 14:58:23|   Finished.  Wrote 0 entries.
> 2012/09/20 14:58:23|   Took 0.00 seconds (  0.00 entries/sec).
> FATAL: The ssl_crtd helpers

Re: [squid-users] problems with ssl_crtd

2012-09-21 Thread Linos 
On 21/09/12 09:20, Amos Jeffries wrote:
> Firstly, is this problem still occuring with a recent snapshot? we have done a
> lot of stabilization on squid-3 in the months working up towards 3.2.1 release
> and the SSL code has had two new features added to improve the bumping process
> and behaviours.
> 
> 
> Secondly, the issue as you found is not in Squid but in the helper. You should
> be able to add -d option to the helper command line to get a debug trace out 
> of
> it into cache.log. Set Squid to a normal (0 or 1) level to avoid any squid 
> debug
> confusing the helper traces.
> 
> In 3.2 helpers crashing is not usually a fatal event, you will simply see an
> annoying amount of that:
> "
> 
> 2012/09/20 14:58:23| WARNING: ssl_crtd #2 exited
> 2012/09/20 14:58:23| Too few ssl_crtd processes are running (need 1/5)
> 2012/09/20 14:58:23| Starting new helpers
> "
> 
> 
> In this case there is something in the cert database or system environment 
> which
> is triggering the crash and persisting across into newly started helpers,
> crashing them as well. This is the one case where Squid is still killed by
> helpers dying faster than they can be sent lookups, thus the
> 
> "FATAL: The ssl_crtd helpers are crashing too rapidly, need help!"
> 
> HTH
> Amos
> 

Tested squid-3.HEAD-20120921-r12321, squid crash itself very fast with this
version, i have no time to test the ssl problem:

squid3 -N
2012/09/21 11:09:49| SECURITY NOTICE: auto-converting deprecated "ssl_bump allow
" to "ssl_bump client-first " which is usually inferior to the newer
server-first bumping mode. Update your ssl_bump rules.
Abortado (`core' generado)

about the core file, no matter what i put in squid.conf, squid does not generate
it, i have this line right now:
coredump_dir /var/log/squid3

but i have tried use the squid cache_dir itself and does not work either, i have
executed it in gdb and get this backtrace.


#0  0x7579a445 in raise () from /lib/x86_64-linux-gnu/libc.so.6
#1  0x7579dbab in abort () from /lib/x86_64-linux-gnu/libc.so.6
#2  0x556cf63d in xassert (
msg=0x55906778 "!conn() || conn()->clientConnection == NULL ||
conn()->clientConnection->fd == aDescriptor", file=, line=103)
at debug.cc:565
#3  0x557c8985 in ACLFilledChecklist::fd (this=0x5691b418,
aDescriptor=11) at FilledChecklist.cc:103
#4  0x556f73bd in FwdState::initiateSSL (this=0x57b00268)
at forward.cc:831
#5  0x557fd204 in AsyncCall::make (this=0x577c9cf0)
at AsyncCall.cc:35
#6  0x55800227 in AsyncCallQueue::fireNext (this=)
at AsyncCallQueue.cc:52
#7  0x55800380 in AsyncCallQueue::fire (this=0x55d5aba0)
at AsyncCallQueue.cc:38
#8  0x556e8604 in EventLoop::runOnce (this=0x7fffe460)
at EventLoop.cc:130
#9  0x556e86d8 in EventLoop::run (this=0x7fffe460)
at EventLoop.cc:94
#10 0x55749249 in SquidMain (argc=,
argv=) at main.cc:1518
#11 0x55678536 in SquidMainSafe (argv=,
argc=) at main.cc:1240
#12 main (argc=, argv=) at main.cc:1232


Regards,
Miguel Angel.

Re: [squid-users] problems with ssl_crtd

2012-09-21 Thread Linos 
On 21/09/12 09:20, Amos Jeffries wrote:
> Firstly, is this problem still occuring with a recent snapshot? we have done a
> lot of stabilization on squid-3 in the months working up towards 3.2.1 release
> and the SSL code has had two new features added to improve the bumping process
> and behaviours.
> 
> 
> Secondly, the issue as you found is not in Squid but in the helper. You should
> be able to add -d option to the helper command line to get a debug trace out 
> of
> it into cache.log. Set Squid to a normal (0 or 1) level to avoid any squid 
> debug
> confusing the helper traces.
> 
> In 3.2 helpers crashing is not usually a fatal event, you will simply see an
> annoying amount of that:
> "
> 
> 2012/09/20 14:58:23| WARNING: ssl_crtd #2 exited
> 2012/09/20 14:58:23| Too few ssl_crtd processes are running (need 1/5)
> 2012/09/20 14:58:23| Starting new helpers
> "
> 
> 
> In this case there is something in the cert database or system environment 
> which
> is triggering the crash and persisting across into newly started helpers,
> crashing them as well. This is the one case where Squid is still killed by
> helpers dying faster than they can be sent lookups, thus the
> 
> "FATAL: The ssl_crtd helpers are crashing too rapidly, need help!"
> 
> HTH
> Amos
> 

I have not tried a recent snapshot but i am going to do right now.

I have added a -d option, now i have this line in squid.conf:
sslcrtd_program /usr/lib/squid3/ssl_crtd -d -s /var/spool/squid3/squid_ssl_db -M
16MB

Still i don't get nothing new in cache.log, this is the last crash:

(ssl_crtd): Cannot create ssl certificate or private key.
2012/09/21 10:33:10| WARNING: ssl_crtd #2 exited
2012/09/21 10:33:10| Too few ssl_crtd processes are running (need 1/10)
2012/09/21 10:33:10| Starting new helpers
2012/09/21 10:33:10| helperOpenServers: Starting 1/10 'ssl_crtd' processes
2012/09/21 10:33:10| client_side.cc(3477) sslCrtdHandleReply: "ssl_crtd" helper
return  reply
(ssl_crtd): Cannot create ssl certificate or private key.
2012/09/21 10:33:10| WARNING: ssl_crtd #1 exited
2012/09/21 10:33:10| Too few ssl_crtd processes are running (need 1/10)
2012/09/21 10:33:10| Closing HTTP port 0.0.0.0:3128
2012/09/21 10:33:10| Closing HTTP port [::]:3150
2012/09/21 10:33:10| storeDirWriteCleanLogs: Starting...
2012/09/21 10:33:10| 65536 entries written so far.
2012/09/21 10:33:10|   Finished.  Wrote 112080 entries.
2012/09/21 10:33:10|   Took 0.04 seconds (2691254.86 entries/sec).
FATAL: The ssl_crtd helpers are crashing too rapidly, need help!

Squid Cache (Version 3.2.1): Terminated abnormally.
(ssl_crtd): Cannot create ssl certificate or private key.
CPU Usage: 1.196 seconds = 0.720 user + 0.476 sys
Maximum Resident Size: 199824 KB
Page faults with physical i/o: 0
Memory usage for squid via mallinfo():
total space in arena:   34196 KB
Ordinary blocks:33966 KB 52 blks
Small blocks:   0 KB  1 blks
Holding blocks: 37268 KB  8 blks
Free Small blocks:  0 KB
Free Ordinary blocks: 229 KB
Total in use:   71234 KB 208%
Total free:   229 KB 1%


I have tried to attach to the five ssl_crtd processes but after the crash i get:

[Inferior 1 (process 465) exited normally]
[Inferior 1 (process 463) exited normally]
[Inferior 1 (process 464) exited normally]
[Inferior 1 (process 466) exited with code 01]
[Inferior 1 (process 467) exited with code 01]

so no backtrace, not in gdb neither in cache.log.

About the environment problem seems to be related with google domains, i don't
if i could trigger with other but not as easily for sure.

I am going to try the last snapshot in a while and post here my results.

Regards,
Miguel Angel.

Re: [squid-users] problems with ssl_crtd

2012-09-21 Thread Linos 
On 20/09/12 12:58, Ahmed Talha Khan wrote:
> Hey Guy, All
> 
> I have started facing a very similar issue now.I have been using
> squid-3.HEAD-20120421-r12120 for about 5 months without any issues.
> Suddenly from yesterday ive started getting crahses in ssl_crtd
> process.
> 
> 
> In my case i am the only user but i observe that the behaviour is
> random. Sometimes it crashes and sometimes it works. Different https
> pages give the crash. Even non https pages have caused the crash.
> 
>  These occur especially on google https pages like docs,mail,calender etc..
> 
> The signing cert is also ok and has NOT expired.
> 
> 

I can confirm my problem is not reproducible with https://www.apple.com (for
example), not as easily as with google domain almost.

Regards,
Miguel Angel.

Re: [squid-users] problems with ssl_crtd

2012-09-21 Thread Amos Jeffries 
Firstly, is this problem still occuring with a recent snapshot? we have 
done a lot of stabilization on squid-3 in the months working up towards 
3.2.1 release and the SSL code has had two new features added to improve 
the bumping process and behaviours.



Secondly, the issue as you found is not in Squid but in the helper. You 
should be able to add -d option to the helper command line to get a 
debug trace out of it into cache.log. Set Squid to a normal (0 or 1) 
level to avoid any squid debug confusing the helper traces.


In 3.2 helpers crashing is not usually a fatal event, you will simply 
see an annoying amount of that:

"

2012/09/20 14:58:23| WARNING: ssl_crtd #2 exited
2012/09/20 14:58:23| Too few ssl_crtd processes are running (need 1/5)
2012/09/20 14:58:23| Starting new helpers
"


In this case there is something in the cert database or system 
environment which is triggering the crash and persisting across into 
newly started helpers, crashing them as well. This is the one case where 
Squid is still killed by helpers dying faster than they can be sent 
lookups, thus the


"FATAL: The ssl_crtd helpers are crashing too rapidly, need help!"

HTH
Amos

Re: [squid-users] problems with ssl_crtd

2012-09-20 Thread Guy Helmer 

On Sep 20, 2012, at 4:52 AM, Linos  wrote:

> On 19/09/12 16:46, Guy Helmer wrote:
>>> 
>>> Thanks for reply.
>>> 
>>> i checked the squid_ssl_db/size because i found the empty file problem 
>>> searching
>>> for my own problem in the mailing list, it's ok in my host, the file have 
>>> the
>>> content "139264" right now.
>>> 
>>> I can't found the core file, do i need to do something for it to generate? 
>>> maybe
>>> a configure script option or squid.conf change to activate it?
>>> 
>>> Regards,
>>> Miguel Angel.
>> 
>> I have
>> 
>> coredump_dir /var/log/squid
>> 
>> to get coredumps in my /var/log/squid directory. Now that I think about it, 
>> I don't remember if this works for ssl_crtd though -- seems like I have had 
>> to start "gdb ssl_crtd" and then attach to one of the ssl_crtd processes, 
>> then generate HTTPS traffic to trigger the request to ssl_crtd and get a 
>> backtrace when ssl_crtd gets the segfault signal…
>> 
>> Guy
>> 
> 
> Hi,
>   i have been trying to debug with gdb attaching existing process, the strange
> it's that ssl_ctrd seems to exit normally in this test, here you have it 
> (sorry
> for the spanish locale, i will use english next time, the only file with 
> symbols
> it's ssl_crtd itself):
> 
> 
> GNU gdb (Ubuntu/Linaro 7.4-2012.04-0ubuntu2) 7.4-2012.04
> Copyright (C) 2012 Free Software Foundation, Inc.
> License GPLv3+: GNU GPL version 3 or later 
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
> and "show warranty" for details.
> This GDB was configured as "x86_64-linux-gnu".
> Para las instrucciones de informe de errores, vea:
> .
> (gdb) attach 10495
> Adjuntando a process 10495
> Leyendo símbolos desde /usr/lib/squid3/ssl_crtd...Leyendo símbolos desde
> /usr/lib/debug/usr/lib/squid3/ssl_crtd...hecho.
> hecho.
> Leyendo símbolos desde /lib/x86_64-linux-gnu/libcrypto.so.0.9.8...(no se
> encontraron símbolos de depuración)hecho.
> Símbolos cargados para /lib/x86_64-linux-gnu/libcrypto.so.0.9.8
> Leyendo símbolos desde /usr/lib/x86_64-linux-gnu/libstdc++.so.6...(no se
> encontraron símbolos de depuración)hecho.
> Símbolos cargados para /usr/lib/x86_64-linux-gnu/libstdc++.so.6
> Leyendo símbolos desde /lib/x86_64-linux-gnu/libgcc_s.so.1...(no se 
> encontraron
> símbolos de depuración)hecho.
> Símbolos cargados para /lib/x86_64-linux-gnu/libgcc_s.so.1
> Leyendo símbolos desde /lib/x86_64-linux-gnu/libc.so.6...(no se encontraron
> símbolos de depuración)hecho.
> Símbolos cargados para /lib/x86_64-linux-gnu/libc.so.6
> Leyendo símbolos desde /lib/x86_64-linux-gnu/libdl.so.2...(no se encontraron
> símbolos de depuración)hecho.
> Símbolos cargados para /lib/x86_64-linux-gnu/libdl.so.2
> Leyendo símbolos desde /lib/x86_64-linux-gnu/libz.so.1...(no se encontraron
> símbolos de depuración)hecho.
> Símbolos cargados para /lib/x86_64-linux-gnu/libz.so.1
> Leyendo símbolos desde /lib/x86_64-linux-gnu/libm.so.6...(no se encontraron
> símbolos de depuración)hecho.
> Símbolos cargados para /lib/x86_64-linux-gnu/libm.so.6
> Leyendo símbolos desde /lib64/ld-linux-x86-64.so.2...(no se encontraron 
> símbolos
> de depuración)hecho.
> Símbolos cargados para /lib64/ld-linux-x86-64.so.2
> 0x7f3ef414f0a0 in read () from /lib/x86_64-linux-gnu/libc.so.6
> (gdb) continue
> Continuando.
> [Inferior 1 (process 10495) exited normally]
> (gdb) bt
> No stack.

You may have attached to an ssl_crtd child process that successfully ran 
without a crash. If you can access some sites but not others, that could 
happen… 

> 
> I have tried attaching to squid3 process itself and i have received a signal 
> here:
> 
> GNU gdb (Ubuntu/Linaro 7.4-2012.04-0ubuntu2) 7.4-2012.04
> Copyright (C) 2012 Free Software Foundation, Inc.
> License GPLv3+: GNU GPL version 3 or later 
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
> and "show warranty" for details.
> This GDB was configured as "x86_64-linux-gnu".
> Para las instrucciones de informe de errores, vea:
> .
> (gdb) attach 10732
> Adjuntando a process 10732
> Leyendo símbolos desde /usr/sbin/squid3...coLeyendo símbolos desde
> /usr/lib/debug/usr/sbin/squid3...ntinue
> hecho.
> hecho.
> Leyendo símbolos desde /lib/x86_64-linux-gnu/libpthread.so.0...(no se
> encontraron símbolos de depuración)hecho.
> [Depuración de hilo usando libthread_db enabled]
> Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
> Símbolos cargados para /lib/x86_64-linux-gnu/libpthread.so.0
> Leyendo símbolos desde /usr/lib/x86_64-linux-gnu/libxml2.so.2...(no se
> encontraron símbolos de depuración)hecho.
> Símbolos cargados para /usr/lib/x86_64-li

Re: [squid-users] problems with ssl_crtd

2012-09-20 Thread Linos 
On 20/09/12 12:58, Ahmed Talha Khan wrote:
> Hey Guy, All
> 
> I have started facing a very similar issue now.I have been using
> squid-3.HEAD-20120421-r12120 for about 5 months without any issues.
> Suddenly from yesterday ive started getting crahses in ssl_crtd
> process.
> 
> 
> In my case i am the only user but i observe that the behaviour is
> random. Sometimes it crashes and sometimes it works. Different https
> pages give the crash. Even non https pages have caused the crash.
> 
>  These occur especially on google https pages like docs,mail,calender etc..
> 
> The signing cert is also ok and has NOT expired.
> 
> 
> My squid conf looks like this:
> ***
> sslproxy_cert_error allow all
> 
> sslcrtd_program /usr/local/squid-3.3/libexec/ssl_crtd -s
> /usr/local/squid-3.3/var/lib/ssl_db -M 4MB
> sslcrtd_children 5
> 
> http_port 192.168.8.134:3128 ssl-bump generate-host-certificates=on
> dynamic_cert_mem_cache_size=4MB
> cert=/home/asif/squid/www.sample.com.pem
> key=/home/asif/squid/www.sample.com.pem
> 
> http_port 192.168.8.134:8080
> 
> https_port 192.168.8.134:3129 ssl-bump generate-host-certificates=on
> dynamic_cert_mem_cache_size=4MB
> cert=/home/asif/squid/www.sample.com.pem
> key=/home/asif/squid/www.sample.com.pem
> ***
> 
> The ssl_db directory is initialized properly with correct permissions.
> 
> ***
> [talha@localhost lib]$ pwd
> /usr/local/squid-3.3/var/lib
> 
> [talha@localhost lib]$ ls -al
> total 24
> drwxrwxrwx 3 root   root  4096 Sep 20 15:31 .
> drwxrwxrwx 6 root   root  4096 Sep 20 15:05 ..
> drwxrwxrwx 3 nobody talha 4096 Sep 20 15:31 ssl_db
> 
> The size file also has some values in it and cert generation also
> seems to work but suddenly it all crashes .
> **
> 
> 
> 
> 2012/09/20 14:57:45| Starting Squid Cache version
> 3.HEAD-20120425-r12120 for x86_64-unknown-linux-gnu...
> 2012/09/20 14:57:45| Process ID 23826
> 2012/09/20 14:57:45| Process Roles: master worker
> 2012/09/20 14:57:45| With 1024 file descriptors available
> 2012/09/20 14:57:45| Initializing IP Cache...
> 2012/09/20 14:57:45| DNS Socket created at [::], FD 5
> 2012/09/20 14:57:45| DNS Socket created at 0.0.0.0, FD 6
> 2012/09/20 14:57:45| Adding nameserver 192.168.8.1 from /etc/resolv.conf
> 2012/09/20 14:57:45| Adding domain localdomain from /etc/resolv.conf
> 2012/09/20 14:57:45| helperOpenServers: Starting 5/5 'ssl_crtd' processes
> 2012/09/20 14:57:45| Logfile: opening log
> daemon:/usr/local/squid-3.3/var/logs/access.log
> 2012/09/20 14:57:45| Logfile Daemon: opening log
> /usr/local/squid-3.3/var/logs/access.log
> 2012/09/20 14:57:45| Logfile: opening log 
> /usr/local/squid-3.3/var/logs/icap-log
> 2012/09/20 14:57:45| WARNING: log parameters now start with a module
> name. Use 'stdio:/usr/local/squid-3.3/var/logs/icap-log'
> 
> 
> 2012/09/20 14:57:45| Store logging disabled
> 2012/09/20 14:57:45| Swap maxSize 0 + 262144 KB, estimated 20164 objects
> 2012/09/20 14:57:45| Target number of buckets: 1008
> 2012/09/20 14:57:45| Using 8192 Store buckets
> 2012/09/20 14:57:45| Max Mem  size: 262144 KB
> 2012/09/20 14:57:45| Max Swap size: 0 KB
> 2012/09/20 14:57:45| Using Least Load store dir selection
> 2012/09/20 14:57:45| Set Current Directory to /usr/local/squid-3.3/var/cache
> 2012/09/20 14:57:45| Loaded Icons.
> 2012/09/20 14:57:45| HTCP Disabled.
> 2012/09/20 14:57:45| /usr/local/squid-3.3/var/run/squid.pid: (13)
> Permission denied
> 2012/09/20 14:57:45| WARNING: Could not write pid file
> 2012/09/20 14:57:45| Squid plugin modules loaded: 0
> 2012/09/20 14:57:45| Adaptation support is on
> 2012/09/20 14:57:45| Accepting SSL bumped HTTP Socket connections at
> local=192.168.8.134:3128 remote=[::] FD 20 flags=9
> 2012/09/20 14:57:45| Accepting HTTP Socket connections at
> local=192.168.8.134:8080 remote=[::] FD 21 flags=9
> 2012/09/20 14:57:45| Accepting SSL bumped HTTPS Socket connections at
> local=192.168.8.134:3129 remote=[::] FD 22 flags=9
> 2012/09/20 14:57:46| storeLateRelease: released 0 objects
> 
> (ssl_crtd): Cannot create ssl certificate or private key.
> 2012/09/20 14:58:23| WARNING: ssl_crtd #2 exited
> 2012/09/20 14:58:23| Too few ssl_crtd processes are running (need 1/5)
> 
> 2012/09/20 14:58:23| Starting new helpers
> 2012/09/20 14:58:23| helperOpenServers: Starting 1/5 'ssl_crtd' processes
> 2012/09/20 14:58:23| client_side.cc(3478) sslCrtdHandleReply:
> "ssl_crtd" helper return  reply
> (ssl_crtd): Cannot create ssl certificate or private key.
> 
> 2012/09/20 14:58:23| WARNING: ssl_crtd #1 exited
> 2012/09/20 14:58:23| Too few ssl_crtd processes are running (need 1/5)
> 2012/09/20 14:58:23| storeDirWriteCleanLogs: Starting...
> 2012/09/20 14:58:23|   Finished.  Wrote 0 entries.
> 2012/09/20 14:58:23|   Took 0.00 seconds (  0.00 entries/sec).
> FATAL: The ssl_crtd helpers

Re: [squid-users] problems with ssl_crtd

2012-09-20 Thread Ahmed Talha Khan 
Hey Guy, All

I have started facing a very similar issue now.I have been using
squid-3.HEAD-20120421-r12120 for about 5 months without any issues.
Suddenly from yesterday ive started getting crahses in ssl_crtd
process.


In my case i am the only user but i observe that the behaviour is
random. Sometimes it crashes and sometimes it works. Different https
pages give the crash. Even non https pages have caused the crash.

 These occur especially on google https pages like docs,mail,calender etc..

The signing cert is also ok and has NOT expired.


My squid conf looks like this:
***
sslproxy_cert_error allow all

sslcrtd_program /usr/local/squid-3.3/libexec/ssl_crtd -s
/usr/local/squid-3.3/var/lib/ssl_db -M 4MB
sslcrtd_children 5

http_port 192.168.8.134:3128 ssl-bump generate-host-certificates=on
dynamic_cert_mem_cache_size=4MB
cert=/home/asif/squid/www.sample.com.pem
key=/home/asif/squid/www.sample.com.pem

http_port 192.168.8.134:8080

https_port 192.168.8.134:3129 ssl-bump generate-host-certificates=on
dynamic_cert_mem_cache_size=4MB
cert=/home/asif/squid/www.sample.com.pem
key=/home/asif/squid/www.sample.com.pem
***

The ssl_db directory is initialized properly with correct permissions.

***
[talha@localhost lib]$ pwd
/usr/local/squid-3.3/var/lib

[talha@localhost lib]$ ls -al
total 24
drwxrwxrwx 3 root   root  4096 Sep 20 15:31 .
drwxrwxrwx 6 root   root  4096 Sep 20 15:05 ..
drwxrwxrwx 3 nobody talha 4096 Sep 20 15:31 ssl_db

The size file also has some values in it and cert generation also
seems to work but suddenly it all crashes .
**



2012/09/20 14:57:45| Starting Squid Cache version
3.HEAD-20120425-r12120 for x86_64-unknown-linux-gnu...
2012/09/20 14:57:45| Process ID 23826
2012/09/20 14:57:45| Process Roles: master worker
2012/09/20 14:57:45| With 1024 file descriptors available
2012/09/20 14:57:45| Initializing IP Cache...
2012/09/20 14:57:45| DNS Socket created at [::], FD 5
2012/09/20 14:57:45| DNS Socket created at 0.0.0.0, FD 6
2012/09/20 14:57:45| Adding nameserver 192.168.8.1 from /etc/resolv.conf
2012/09/20 14:57:45| Adding domain localdomain from /etc/resolv.conf
2012/09/20 14:57:45| helperOpenServers: Starting 5/5 'ssl_crtd' processes
2012/09/20 14:57:45| Logfile: opening log
daemon:/usr/local/squid-3.3/var/logs/access.log
2012/09/20 14:57:45| Logfile Daemon: opening log
/usr/local/squid-3.3/var/logs/access.log
2012/09/20 14:57:45| Logfile: opening log /usr/local/squid-3.3/var/logs/icap-log
2012/09/20 14:57:45| WARNING: log parameters now start with a module
name. Use 'stdio:/usr/local/squid-3.3/var/logs/icap-log'


2012/09/20 14:57:45| Store logging disabled
2012/09/20 14:57:45| Swap maxSize 0 + 262144 KB, estimated 20164 objects
2012/09/20 14:57:45| Target number of buckets: 1008
2012/09/20 14:57:45| Using 8192 Store buckets
2012/09/20 14:57:45| Max Mem  size: 262144 KB
2012/09/20 14:57:45| Max Swap size: 0 KB
2012/09/20 14:57:45| Using Least Load store dir selection
2012/09/20 14:57:45| Set Current Directory to /usr/local/squid-3.3/var/cache
2012/09/20 14:57:45| Loaded Icons.
2012/09/20 14:57:45| HTCP Disabled.
2012/09/20 14:57:45| /usr/local/squid-3.3/var/run/squid.pid: (13)
Permission denied
2012/09/20 14:57:45| WARNING: Could not write pid file
2012/09/20 14:57:45| Squid plugin modules loaded: 0
2012/09/20 14:57:45| Adaptation support is on
2012/09/20 14:57:45| Accepting SSL bumped HTTP Socket connections at
local=192.168.8.134:3128 remote=[::] FD 20 flags=9
2012/09/20 14:57:45| Accepting HTTP Socket connections at
local=192.168.8.134:8080 remote=[::] FD 21 flags=9
2012/09/20 14:57:45| Accepting SSL bumped HTTPS Socket connections at
local=192.168.8.134:3129 remote=[::] FD 22 flags=9
2012/09/20 14:57:46| storeLateRelease: released 0 objects

(ssl_crtd): Cannot create ssl certificate or private key.
2012/09/20 14:58:23| WARNING: ssl_crtd #2 exited
2012/09/20 14:58:23| Too few ssl_crtd processes are running (need 1/5)

2012/09/20 14:58:23| Starting new helpers
2012/09/20 14:58:23| helperOpenServers: Starting 1/5 'ssl_crtd' processes
2012/09/20 14:58:23| client_side.cc(3478) sslCrtdHandleReply:
"ssl_crtd" helper return  reply
(ssl_crtd): Cannot create ssl certificate or private key.

2012/09/20 14:58:23| WARNING: ssl_crtd #1 exited
2012/09/20 14:58:23| Too few ssl_crtd processes are running (need 1/5)
2012/09/20 14:58:23| storeDirWriteCleanLogs: Starting...
2012/09/20 14:58:23|   Finished.  Wrote 0 entries.
2012/09/20 14:58:23|   Took 0.00 seconds (  0.00 entries/sec).
FATAL: The ssl_crtd helpers are crashing too rapidly, need help!

Squid Cache (Version 3.HEAD-20120425-r12120): Terminated abnormally.
CPU Usage: 0.355 seconds = 0.289 user + 0.066 sys
Maximum Resident Size: 71104 KB
Page faults with physical i/o: 0
Memory usage for squid via mallinfo():
total spac

Re: [squid-users] problems with ssl_crtd

2012-09-20 Thread Linos 
On 19/09/12 16:46, Guy Helmer wrote:
>>
>> Thanks for reply.
>>
>> i checked the squid_ssl_db/size because i found the empty file problem 
>> searching
>> for my own problem in the mailing list, it's ok in my host, the file have the
>> content "139264" right now.
>>
>> I can't found the core file, do i need to do something for it to generate? 
>> maybe
>> a configure script option or squid.conf change to activate it?
>>
>> Regards,
>> Miguel Angel.
> 
> I have
> 
> coredump_dir /var/log/squid
> 
> to get coredumps in my /var/log/squid directory. Now that I think about it, I 
> don't remember if this works for ssl_crtd though -- seems like I have had to 
> start "gdb ssl_crtd" and then attach to one of the ssl_crtd processes, then 
> generate HTTPS traffic to trigger the request to ssl_crtd and get a backtrace 
> when ssl_crtd gets the segfault signal…
> 
> Guy
> 

Hi,
   i have been trying to debug with gdb attaching existing process, the strange
it's that ssl_ctrd seems to exit normally in this test, here you have it (sorry
for the spanish locale, i will use english next time, the only file with symbols
it's ssl_crtd itself):


GNU gdb (Ubuntu/Linaro 7.4-2012.04-0ubuntu2) 7.4-2012.04
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later 
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Para las instrucciones de informe de errores, vea:
.
(gdb) attach 10495
Adjuntando a process 10495
Leyendo símbolos desde /usr/lib/squid3/ssl_crtd...Leyendo símbolos desde
/usr/lib/debug/usr/lib/squid3/ssl_crtd...hecho.
hecho.
Leyendo símbolos desde /lib/x86_64-linux-gnu/libcrypto.so.0.9.8...(no se
encontraron símbolos de depuración)hecho.
Símbolos cargados para /lib/x86_64-linux-gnu/libcrypto.so.0.9.8
Leyendo símbolos desde /usr/lib/x86_64-linux-gnu/libstdc++.so.6...(no se
encontraron símbolos de depuración)hecho.
Símbolos cargados para /usr/lib/x86_64-linux-gnu/libstdc++.so.6
Leyendo símbolos desde /lib/x86_64-linux-gnu/libgcc_s.so.1...(no se encontraron
símbolos de depuración)hecho.
Símbolos cargados para /lib/x86_64-linux-gnu/libgcc_s.so.1
Leyendo símbolos desde /lib/x86_64-linux-gnu/libc.so.6...(no se encontraron
símbolos de depuración)hecho.
Símbolos cargados para /lib/x86_64-linux-gnu/libc.so.6
Leyendo símbolos desde /lib/x86_64-linux-gnu/libdl.so.2...(no se encontraron
símbolos de depuración)hecho.
Símbolos cargados para /lib/x86_64-linux-gnu/libdl.so.2
Leyendo símbolos desde /lib/x86_64-linux-gnu/libz.so.1...(no se encontraron
símbolos de depuración)hecho.
Símbolos cargados para /lib/x86_64-linux-gnu/libz.so.1
Leyendo símbolos desde /lib/x86_64-linux-gnu/libm.so.6...(no se encontraron
símbolos de depuración)hecho.
Símbolos cargados para /lib/x86_64-linux-gnu/libm.so.6
Leyendo símbolos desde /lib64/ld-linux-x86-64.so.2...(no se encontraron símbolos
de depuración)hecho.
Símbolos cargados para /lib64/ld-linux-x86-64.so.2
0x7f3ef414f0a0 in read () from /lib/x86_64-linux-gnu/libc.so.6
(gdb) continue
Continuando.
[Inferior 1 (process 10495) exited normally]
(gdb) bt
No stack.



I have tried attaching to squid3 process itself and i have received a signal 
here:

GNU gdb (Ubuntu/Linaro 7.4-2012.04-0ubuntu2) 7.4-2012.04
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later 
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Para las instrucciones de informe de errores, vea:
.
(gdb) attach 10732
Adjuntando a process 10732
Leyendo símbolos desde /usr/sbin/squid3...coLeyendo símbolos desde
/usr/lib/debug/usr/sbin/squid3...ntinue
hecho.
hecho.
Leyendo símbolos desde /lib/x86_64-linux-gnu/libpthread.so.0...(no se
encontraron símbolos de depuración)hecho.
[Depuración de hilo usando libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Símbolos cargados para /lib/x86_64-linux-gnu/libpthread.so.0
Leyendo símbolos desde /usr/lib/x86_64-linux-gnu/libxml2.so.2...(no se
encontraron símbolos de depuración)hecho.
Símbolos cargados para /usr/lib/x86_64-linux-gnu/libxml2.so.2
Leyendo símbolos desde /lib/x86_64-linux-gnu/libexpat.so.1...(no se encontraron
símbolos de depuración)hecho.
Símbolos cargados para /lib/x86_64-linux-gnu/libexpat.so.1
Leyendo símbolos desde /lib/x86_64-linux-gnu/libssl.so.0.9.8...(no se
encontraron símbolos de depuración)hecho.
Símbolos cargados para /lib

Re: [squid-users] problems with ssl_crtd

2012-09-19 Thread Linos 
On 19/09/12 17:26, Eliezer Croitoru wrote:
> On 9/19/2012 1:44 PM, Linos wrote:
>> Hi,
>> i have been using Squid squid-3.2.0.17-20120527-r11561 in an Ubuntu 
>> Server
>> 12.04 some time with ssl-bump without problems for a year, the ca cert 
>> expired
>> some days ago and with the new ca cert i installed squid 3.2.1 stable.
>>
>> Now the proxy exists every time 10 or more users use https at the same time,
>> it's pretty strange, i have tried to downgrade to the old squid version but i
>> can't get the proxy to be stable no matter if using new or old version, i 
>> have
>> tried to recreate other cert just in case, same problem, i recreated too
>> squid_ssl_db and cache_dir, no matter what i do it keeps crashing, the cache 
>> log
>> read as this:
>>
> 
>>
>> I am using this ssl-bump line in squid.conf:
>> http_port 3150 ssl-bump generate-host-certificates=on
>> dynamic_cert_mem_cache_size=16MB cert=/etc/squid3/ssl_cert/myCA.pem
>>
>> I generated this myCA.pem using the instructions here
>> http://wiki.squid-cache.org/Features/DynamicSslCert
> 
> do you still have the old pem file?
> If it's expired ok but it should be still running but creating defective
> certificates.
I have the old pem, yes, but squid it's working fine with the new until more
than 5~6 people visit at the same time a https site, don't seems to be a problem
with a non-working certificate, i will test with the old one anyway.

> 
> did you changed ownership for the directory and files?
I have checked the ownership and files many times, and recreated the directories
some times too.

> did you tried to run the command from shell to see if it works?
it works because being launch by squid works too for some time.

> 
> Eliezer
> 

Miguel Angel.

Re: [squid-users] problems with ssl_crtd

2012-09-19 Thread Linos 
On 19/09/12 16:46, Guy Helmer wrote:
> 
> On Sep 19, 2012, at 9:03 AM, Linos  wrote:
> 
>> On 19/09/12 15:30, Guy Helmer wrote:
>>> On Sep 19, 2012, at 5:44 AM, Linos  wrote:
>>>
 Hi,
i have been using Squid squid-3.2.0.17-20120527-r11561 in an Ubuntu 
 Server
 12.04 some time with ssl-bump without problems for a year, the ca cert 
 expired
 some days ago and with the new ca cert i installed squid 3.2.1 stable.

 Now the proxy exists every time 10 or more users use https at the same 
 time,
 it's pretty strange, i have tried to downgrade to the old squid version 
 but i
 can't get the proxy to be stable no matter if using new or old version, i 
 have
 tried to recreate other cert just in case, same problem, i recreated too
 squid_ssl_db and cache_dir, no matter what i do it keeps crashing, the 
 cache log
 read as this:


 --
 2012/09/19 11:58:00| Starting Squid Cache version 3.2.1 for 
 x86_64-pc-linux-gnu...
 2012/09/19 11:58:00| Process ID 30077
 2012/09/19 11:58:00| Process Roles: master worker
 2012/09/19 11:58:00| With 65535 file descriptors available
 2012/09/19 11:58:00| Initializing IP Cache...
 2012/09/19 11:58:00| DNS Socket created at [::], FD 4
 2012/09/19 11:58:00| DNS Socket created at 0.0.0.0, FD 5
 2012/09/19 11:58:00| Adding nameserver 80.58.61.250 from squid.conf
 2012/09/19 11:58:00| Adding nameserver 8.8.8.8 from squid.conf
 2012/09/19 11:58:00| helperOpenServers: Starting 5/10 'ssl_crtd' processes
 2012/09/19 11:58:00| helperOpenServers: Starting 5/20 
 'request_body_max_size.sh'
 processes
 2012/09/19 11:58:00| Logfile: opening log daemon:/var/log/squid3/access.log
 2012/09/19 11:58:00| Logfile Daemon: opening log /var/log/squid3/access.log
 2012/09/19 11:58:00| Unlinkd pipe opened on FD 31
 2012/09/19 11:58:00| Local cache digest enabled; rebuild/rewrite every 
 3600/3600 sec
 2012/09/19 11:58:00| Store logging disabled
 2012/09/19 11:58:00| Swap maxSize 1536 + 262144 KB, estimated 312442 
 objects
 2012/09/19 11:58:00| Target number of buckets: 15622
 2012/09/19 11:58:00| Using 16384 Store buckets
 2012/09/19 11:58:00| Max Mem  size: 262144 KB
 2012/09/19 11:58:00| Max Swap size: 1536 KB
 2012/09/19 11:58:00| Rebuilding storage in /mnt/squid/squid3 (clean log)
 2012/09/19 11:58:00| Using Least Load store dir selection
 2012/09/19 11:58:00| Set Current Directory to /mnt/squid/squid3
 2012/09/19 11:58:00| Loaded Icons.
 2012/09/19 11:58:00| HTCP Disabled.
 2012/09/19 11:58:00| Squid plugin modules loaded: 0
 2012/09/19 11:58:00| Adaptation support is off.
 2012/09/19 11:58:00| Accepting NAT intercepted HTTP Socket connections at
 local=0.0.0.0:3128 remote=[::] FD 36 flags=41
 2012/09/19 11:58:00| Accepting SSL bumped HTTP Socket connections at
 local=[::]:3150 remote=[::] FD 37 flags=9
 2012/09/19 11:58:00| Store rebuilding is 16.55% complete
 2012/09/19 11:58:00| Done reading /mnt/squid/squid3 swaplog (24167 entries)
 2012/09/19 11:58:00| Finished rebuilding storage from disk.
 2012/09/19 11:58:00| 24167 Entries scanned
 2012/09/19 11:58:00| 0 Invalid entries.
 2012/09/19 11:58:00| 0 With invalid flags.
 2012/09/19 11:58:00| 24167 Objects loaded.
 2012/09/19 11:58:00| 0 Objects expired.
 2012/09/19 11:58:00| 0 Objects cancelled.
 2012/09/19 11:58:00| 0 Duplicate URLs purged.
 2012/09/19 11:58:00| 0 Swapfile clashes avoided.
 2012/09/19 11:58:00|   Took 0.12 seconds (204025.29 objects/sec).
 2012/09/19 11:58:00| Beginning Validation Procedure
 2012/09/19 11:58:00|   Completed Validation Procedure
 2012/09/19 11:58:00|   Validated 24167 Entries
 2012/09/19 11:58:00|   store_swap_size = 732468.00 KB
 2012/09/19 11:58:01| storeLateRelease: released 0 objects
 (ssl_crtd): Cannot create ssl certificate or private key.
 2012/09/19 12:03:20| WARNING: ssl_crtd #1 exited
 2012/09/19 12:03:20| Too few ssl_crtd processes are running (need 1/10)
 2012/09/19 12:03:20| Starting new helpers
 2012/09/19 12:03:20| helperOpenServers: Starting 1/10 'ssl_crtd' processes
 2012/09/19 12:03:20| client_side.cc(3477) sslCrtdHandleReply: "ssl_crtd" 
 helper
 return  reply
 (ssl_crtd): Cannot create ssl certificate or private key.
 2012/09/19 12:03:20| WARNING: ssl_crtd #2 exited
 2012/09/19 12:03:20| Too few ssl_crtd processes are running (need 1/10)
 2012/09/19 12:03:20| Closing HTTP port 0.0.0.0:3128
 2012/09/19 12:03:20| Closing HTTP port [::]:3150
 2012/09/19 12:03:20| storeDirWriteCleanLogs: Starting...
 2012/09/19 12:03:20|   Finished.  Wrote 24195 entries.
 2012/09/19 12:03:20|   Took 0.02 seconds (1321120.4

Re: [squid-users] problems with ssl_crtd

2012-09-19 Thread Eliezer Croitoru 

On 9/19/2012 1:44 PM, Linos wrote:

Hi,
i have been using Squid squid-3.2.0.17-20120527-r11561 in an Ubuntu 
Server
12.04 some time with ssl-bump without problems for a year, the ca cert expired
some days ago and with the new ca cert i installed squid 3.2.1 stable.

Now the proxy exists every time 10 or more users use https at the same time,
it's pretty strange, i have tried to downgrade to the old squid version but i
can't get the proxy to be stable no matter if using new or old version, i have
tried to recreate other cert just in case, same problem, i recreated too
squid_ssl_db and cache_dir, no matter what i do it keeps crashing, the cache log
read as this:





I am using this ssl-bump line in squid.conf:
http_port 3150 ssl-bump generate-host-certificates=on
dynamic_cert_mem_cache_size=16MB cert=/etc/squid3/ssl_cert/myCA.pem

I generated this myCA.pem using the instructions here
http://wiki.squid-cache.org/Features/DynamicSslCert


do you still have the old pem file?
If it's expired ok but it should be still running but creating defective 
certificates.


did you changed ownership for the directory and files?
did you tried to run the command from shell to see if it works?

Eliezer



I don't know what more to do, could i do something to get a more clear error? i
have tried to use "debug_options ALL,9" but i only get much more noise (noise
for me at least). What could i do?

Regards,
Miguel Angel.




--
Eliezer Croitoru
https://www1.ngtech.co.il
IT consulting for Nonprofit organizations
eliezer  ngtech.co.il

Re: [squid-users] problems with ssl_crtd

2012-09-19 Thread Guy Helmer 

On Sep 19, 2012, at 9:03 AM, Linos  wrote:

> On 19/09/12 15:30, Guy Helmer wrote:
>> On Sep 19, 2012, at 5:44 AM, Linos  wrote:
>> 
>>> Hi,
>>> i have been using Squid squid-3.2.0.17-20120527-r11561 in an Ubuntu 
>>> Server
>>> 12.04 some time with ssl-bump without problems for a year, the ca cert 
>>> expired
>>> some days ago and with the new ca cert i installed squid 3.2.1 stable.
>>> 
>>> Now the proxy exists every time 10 or more users use https at the same time,
>>> it's pretty strange, i have tried to downgrade to the old squid version but 
>>> i
>>> can't get the proxy to be stable no matter if using new or old version, i 
>>> have
>>> tried to recreate other cert just in case, same problem, i recreated too
>>> squid_ssl_db and cache_dir, no matter what i do it keeps crashing, the 
>>> cache log
>>> read as this:
>>> 
>>> 
>>> --
>>> 2012/09/19 11:58:00| Starting Squid Cache version 3.2.1 for 
>>> x86_64-pc-linux-gnu...
>>> 2012/09/19 11:58:00| Process ID 30077
>>> 2012/09/19 11:58:00| Process Roles: master worker
>>> 2012/09/19 11:58:00| With 65535 file descriptors available
>>> 2012/09/19 11:58:00| Initializing IP Cache...
>>> 2012/09/19 11:58:00| DNS Socket created at [::], FD 4
>>> 2012/09/19 11:58:00| DNS Socket created at 0.0.0.0, FD 5
>>> 2012/09/19 11:58:00| Adding nameserver 80.58.61.250 from squid.conf
>>> 2012/09/19 11:58:00| Adding nameserver 8.8.8.8 from squid.conf
>>> 2012/09/19 11:58:00| helperOpenServers: Starting 5/10 'ssl_crtd' processes
>>> 2012/09/19 11:58:00| helperOpenServers: Starting 5/20 
>>> 'request_body_max_size.sh'
>>> processes
>>> 2012/09/19 11:58:00| Logfile: opening log daemon:/var/log/squid3/access.log
>>> 2012/09/19 11:58:00| Logfile Daemon: opening log /var/log/squid3/access.log
>>> 2012/09/19 11:58:00| Unlinkd pipe opened on FD 31
>>> 2012/09/19 11:58:00| Local cache digest enabled; rebuild/rewrite every 
>>> 3600/3600 sec
>>> 2012/09/19 11:58:00| Store logging disabled
>>> 2012/09/19 11:58:00| Swap maxSize 1536 + 262144 KB, estimated 312442 
>>> objects
>>> 2012/09/19 11:58:00| Target number of buckets: 15622
>>> 2012/09/19 11:58:00| Using 16384 Store buckets
>>> 2012/09/19 11:58:00| Max Mem  size: 262144 KB
>>> 2012/09/19 11:58:00| Max Swap size: 1536 KB
>>> 2012/09/19 11:58:00| Rebuilding storage in /mnt/squid/squid3 (clean log)
>>> 2012/09/19 11:58:00| Using Least Load store dir selection
>>> 2012/09/19 11:58:00| Set Current Directory to /mnt/squid/squid3
>>> 2012/09/19 11:58:00| Loaded Icons.
>>> 2012/09/19 11:58:00| HTCP Disabled.
>>> 2012/09/19 11:58:00| Squid plugin modules loaded: 0
>>> 2012/09/19 11:58:00| Adaptation support is off.
>>> 2012/09/19 11:58:00| Accepting NAT intercepted HTTP Socket connections at
>>> local=0.0.0.0:3128 remote=[::] FD 36 flags=41
>>> 2012/09/19 11:58:00| Accepting SSL bumped HTTP Socket connections at
>>> local=[::]:3150 remote=[::] FD 37 flags=9
>>> 2012/09/19 11:58:00| Store rebuilding is 16.55% complete
>>> 2012/09/19 11:58:00| Done reading /mnt/squid/squid3 swaplog (24167 entries)
>>> 2012/09/19 11:58:00| Finished rebuilding storage from disk.
>>> 2012/09/19 11:58:00| 24167 Entries scanned
>>> 2012/09/19 11:58:00| 0 Invalid entries.
>>> 2012/09/19 11:58:00| 0 With invalid flags.
>>> 2012/09/19 11:58:00| 24167 Objects loaded.
>>> 2012/09/19 11:58:00| 0 Objects expired.
>>> 2012/09/19 11:58:00| 0 Objects cancelled.
>>> 2012/09/19 11:58:00| 0 Duplicate URLs purged.
>>> 2012/09/19 11:58:00| 0 Swapfile clashes avoided.
>>> 2012/09/19 11:58:00|   Took 0.12 seconds (204025.29 objects/sec).
>>> 2012/09/19 11:58:00| Beginning Validation Procedure
>>> 2012/09/19 11:58:00|   Completed Validation Procedure
>>> 2012/09/19 11:58:00|   Validated 24167 Entries
>>> 2012/09/19 11:58:00|   store_swap_size = 732468.00 KB
>>> 2012/09/19 11:58:01| storeLateRelease: released 0 objects
>>> (ssl_crtd): Cannot create ssl certificate or private key.
>>> 2012/09/19 12:03:20| WARNING: ssl_crtd #1 exited
>>> 2012/09/19 12:03:20| Too few ssl_crtd processes are running (need 1/10)
>>> 2012/09/19 12:03:20| Starting new helpers
>>> 2012/09/19 12:03:20| helperOpenServers: Starting 1/10 'ssl_crtd' processes
>>> 2012/09/19 12:03:20| client_side.cc(3477) sslCrtdHandleReply: "ssl_crtd" 
>>> helper
>>> return  reply
>>> (ssl_crtd): Cannot create ssl certificate or private key.
>>> 2012/09/19 12:03:20| WARNING: ssl_crtd #2 exited
>>> 2012/09/19 12:03:20| Too few ssl_crtd processes are running (need 1/10)
>>> 2012/09/19 12:03:20| Closing HTTP port 0.0.0.0:3128
>>> 2012/09/19 12:03:20| Closing HTTP port [::]:3150
>>> 2012/09/19 12:03:20| storeDirWriteCleanLogs: Starting...
>>> 2012/09/19 12:03:20|   Finished.  Wrote 24195 entries.
>>> 2012/09/19 12:03:20|   Took 0.02 seconds (1321120.45 entries/sec).
>>> FATAL: The ssl_crtd helpers are crashing too rapidly, need help!
>>> 
>>> Squid Cache (Version 3.2.1): Terminated ab

Re: [squid-users] problems with ssl_crtd

2012-09-19 Thread Linos 
On 19/09/12 15:30, Guy Helmer wrote:
> On Sep 19, 2012, at 5:44 AM, Linos  wrote:
> 
>> Hi,
>>  i have been using Squid squid-3.2.0.17-20120527-r11561 in an Ubuntu 
>> Server
>> 12.04 some time with ssl-bump without problems for a year, the ca cert 
>> expired
>> some days ago and with the new ca cert i installed squid 3.2.1 stable.
>>
>> Now the proxy exists every time 10 or more users use https at the same time,
>> it's pretty strange, i have tried to downgrade to the old squid version but i
>> can't get the proxy to be stable no matter if using new or old version, i 
>> have
>> tried to recreate other cert just in case, same problem, i recreated too
>> squid_ssl_db and cache_dir, no matter what i do it keeps crashing, the cache 
>> log
>> read as this:
>>
>>
>> --
>> 2012/09/19 11:58:00| Starting Squid Cache version 3.2.1 for 
>> x86_64-pc-linux-gnu...
>> 2012/09/19 11:58:00| Process ID 30077
>> 2012/09/19 11:58:00| Process Roles: master worker
>> 2012/09/19 11:58:00| With 65535 file descriptors available
>> 2012/09/19 11:58:00| Initializing IP Cache...
>> 2012/09/19 11:58:00| DNS Socket created at [::], FD 4
>> 2012/09/19 11:58:00| DNS Socket created at 0.0.0.0, FD 5
>> 2012/09/19 11:58:00| Adding nameserver 80.58.61.250 from squid.conf
>> 2012/09/19 11:58:00| Adding nameserver 8.8.8.8 from squid.conf
>> 2012/09/19 11:58:00| helperOpenServers: Starting 5/10 'ssl_crtd' processes
>> 2012/09/19 11:58:00| helperOpenServers: Starting 5/20 
>> 'request_body_max_size.sh'
>> processes
>> 2012/09/19 11:58:00| Logfile: opening log daemon:/var/log/squid3/access.log
>> 2012/09/19 11:58:00| Logfile Daemon: opening log /var/log/squid3/access.log
>> 2012/09/19 11:58:00| Unlinkd pipe opened on FD 31
>> 2012/09/19 11:58:00| Local cache digest enabled; rebuild/rewrite every 
>> 3600/3600 sec
>> 2012/09/19 11:58:00| Store logging disabled
>> 2012/09/19 11:58:00| Swap maxSize 1536 + 262144 KB, estimated 312442 
>> objects
>> 2012/09/19 11:58:00| Target number of buckets: 15622
>> 2012/09/19 11:58:00| Using 16384 Store buckets
>> 2012/09/19 11:58:00| Max Mem  size: 262144 KB
>> 2012/09/19 11:58:00| Max Swap size: 1536 KB
>> 2012/09/19 11:58:00| Rebuilding storage in /mnt/squid/squid3 (clean log)
>> 2012/09/19 11:58:00| Using Least Load store dir selection
>> 2012/09/19 11:58:00| Set Current Directory to /mnt/squid/squid3
>> 2012/09/19 11:58:00| Loaded Icons.
>> 2012/09/19 11:58:00| HTCP Disabled.
>> 2012/09/19 11:58:00| Squid plugin modules loaded: 0
>> 2012/09/19 11:58:00| Adaptation support is off.
>> 2012/09/19 11:58:00| Accepting NAT intercepted HTTP Socket connections at
>> local=0.0.0.0:3128 remote=[::] FD 36 flags=41
>> 2012/09/19 11:58:00| Accepting SSL bumped HTTP Socket connections at
>> local=[::]:3150 remote=[::] FD 37 flags=9
>> 2012/09/19 11:58:00| Store rebuilding is 16.55% complete
>> 2012/09/19 11:58:00| Done reading /mnt/squid/squid3 swaplog (24167 entries)
>> 2012/09/19 11:58:00| Finished rebuilding storage from disk.
>> 2012/09/19 11:58:00| 24167 Entries scanned
>> 2012/09/19 11:58:00| 0 Invalid entries.
>> 2012/09/19 11:58:00| 0 With invalid flags.
>> 2012/09/19 11:58:00| 24167 Objects loaded.
>> 2012/09/19 11:58:00| 0 Objects expired.
>> 2012/09/19 11:58:00| 0 Objects cancelled.
>> 2012/09/19 11:58:00| 0 Duplicate URLs purged.
>> 2012/09/19 11:58:00| 0 Swapfile clashes avoided.
>> 2012/09/19 11:58:00|   Took 0.12 seconds (204025.29 objects/sec).
>> 2012/09/19 11:58:00| Beginning Validation Procedure
>> 2012/09/19 11:58:00|   Completed Validation Procedure
>> 2012/09/19 11:58:00|   Validated 24167 Entries
>> 2012/09/19 11:58:00|   store_swap_size = 732468.00 KB
>> 2012/09/19 11:58:01| storeLateRelease: released 0 objects
>> (ssl_crtd): Cannot create ssl certificate or private key.
>> 2012/09/19 12:03:20| WARNING: ssl_crtd #1 exited
>> 2012/09/19 12:03:20| Too few ssl_crtd processes are running (need 1/10)
>> 2012/09/19 12:03:20| Starting new helpers
>> 2012/09/19 12:03:20| helperOpenServers: Starting 1/10 'ssl_crtd' processes
>> 2012/09/19 12:03:20| client_side.cc(3477) sslCrtdHandleReply: "ssl_crtd" 
>> helper
>> return  reply
>> (ssl_crtd): Cannot create ssl certificate or private key.
>> 2012/09/19 12:03:20| WARNING: ssl_crtd #2 exited
>> 2012/09/19 12:03:20| Too few ssl_crtd processes are running (need 1/10)
>> 2012/09/19 12:03:20| Closing HTTP port 0.0.0.0:3128
>> 2012/09/19 12:03:20| Closing HTTP port [::]:3150
>> 2012/09/19 12:03:20| storeDirWriteCleanLogs: Starting...
>> 2012/09/19 12:03:20|   Finished.  Wrote 24195 entries.
>> 2012/09/19 12:03:20|   Took 0.02 seconds (1321120.45 entries/sec).
>> FATAL: The ssl_crtd helpers are crashing too rapidly, need help!
>>
>> Squid Cache (Version 3.2.1): Terminated abnormally.
>> CPU Usage: 1.896 seconds = 0.740 user + 1.156 sys
>> Maximum Resident Size: 144640 KB
>> Page faults with physical i/o: 0
>> Memory usa

Re: [squid-users] problems with ssl_crtd

2012-09-19 Thread Guy Helmer 
On Sep 19, 2012, at 5:44 AM, Linos  wrote:

> Hi,
>   i have been using Squid squid-3.2.0.17-20120527-r11561 in an Ubuntu 
> Server
> 12.04 some time with ssl-bump without problems for a year, the ca cert expired
> some days ago and with the new ca cert i installed squid 3.2.1 stable.
> 
> Now the proxy exists every time 10 or more users use https at the same time,
> it's pretty strange, i have tried to downgrade to the old squid version but i
> can't get the proxy to be stable no matter if using new or old version, i have
> tried to recreate other cert just in case, same problem, i recreated too
> squid_ssl_db and cache_dir, no matter what i do it keeps crashing, the cache 
> log
> read as this:
> 
> 
> --
> 2012/09/19 11:58:00| Starting Squid Cache version 3.2.1 for 
> x86_64-pc-linux-gnu...
> 2012/09/19 11:58:00| Process ID 30077
> 2012/09/19 11:58:00| Process Roles: master worker
> 2012/09/19 11:58:00| With 65535 file descriptors available
> 2012/09/19 11:58:00| Initializing IP Cache...
> 2012/09/19 11:58:00| DNS Socket created at [::], FD 4
> 2012/09/19 11:58:00| DNS Socket created at 0.0.0.0, FD 5
> 2012/09/19 11:58:00| Adding nameserver 80.58.61.250 from squid.conf
> 2012/09/19 11:58:00| Adding nameserver 8.8.8.8 from squid.conf
> 2012/09/19 11:58:00| helperOpenServers: Starting 5/10 'ssl_crtd' processes
> 2012/09/19 11:58:00| helperOpenServers: Starting 5/20 
> 'request_body_max_size.sh'
> processes
> 2012/09/19 11:58:00| Logfile: opening log daemon:/var/log/squid3/access.log
> 2012/09/19 11:58:00| Logfile Daemon: opening log /var/log/squid3/access.log
> 2012/09/19 11:58:00| Unlinkd pipe opened on FD 31
> 2012/09/19 11:58:00| Local cache digest enabled; rebuild/rewrite every 
> 3600/3600 sec
> 2012/09/19 11:58:00| Store logging disabled
> 2012/09/19 11:58:00| Swap maxSize 1536 + 262144 KB, estimated 312442 
> objects
> 2012/09/19 11:58:00| Target number of buckets: 15622
> 2012/09/19 11:58:00| Using 16384 Store buckets
> 2012/09/19 11:58:00| Max Mem  size: 262144 KB
> 2012/09/19 11:58:00| Max Swap size: 1536 KB
> 2012/09/19 11:58:00| Rebuilding storage in /mnt/squid/squid3 (clean log)
> 2012/09/19 11:58:00| Using Least Load store dir selection
> 2012/09/19 11:58:00| Set Current Directory to /mnt/squid/squid3
> 2012/09/19 11:58:00| Loaded Icons.
> 2012/09/19 11:58:00| HTCP Disabled.
> 2012/09/19 11:58:00| Squid plugin modules loaded: 0
> 2012/09/19 11:58:00| Adaptation support is off.
> 2012/09/19 11:58:00| Accepting NAT intercepted HTTP Socket connections at
> local=0.0.0.0:3128 remote=[::] FD 36 flags=41
> 2012/09/19 11:58:00| Accepting SSL bumped HTTP Socket connections at
> local=[::]:3150 remote=[::] FD 37 flags=9
> 2012/09/19 11:58:00| Store rebuilding is 16.55% complete
> 2012/09/19 11:58:00| Done reading /mnt/squid/squid3 swaplog (24167 entries)
> 2012/09/19 11:58:00| Finished rebuilding storage from disk.
> 2012/09/19 11:58:00| 24167 Entries scanned
> 2012/09/19 11:58:00| 0 Invalid entries.
> 2012/09/19 11:58:00| 0 With invalid flags.
> 2012/09/19 11:58:00| 24167 Objects loaded.
> 2012/09/19 11:58:00| 0 Objects expired.
> 2012/09/19 11:58:00| 0 Objects cancelled.
> 2012/09/19 11:58:00| 0 Duplicate URLs purged.
> 2012/09/19 11:58:00| 0 Swapfile clashes avoided.
> 2012/09/19 11:58:00|   Took 0.12 seconds (204025.29 objects/sec).
> 2012/09/19 11:58:00| Beginning Validation Procedure
> 2012/09/19 11:58:00|   Completed Validation Procedure
> 2012/09/19 11:58:00|   Validated 24167 Entries
> 2012/09/19 11:58:00|   store_swap_size = 732468.00 KB
> 2012/09/19 11:58:01| storeLateRelease: released 0 objects
> (ssl_crtd): Cannot create ssl certificate or private key.
> 2012/09/19 12:03:20| WARNING: ssl_crtd #1 exited
> 2012/09/19 12:03:20| Too few ssl_crtd processes are running (need 1/10)
> 2012/09/19 12:03:20| Starting new helpers
> 2012/09/19 12:03:20| helperOpenServers: Starting 1/10 'ssl_crtd' processes
> 2012/09/19 12:03:20| client_side.cc(3477) sslCrtdHandleReply: "ssl_crtd" 
> helper
> return  reply
> (ssl_crtd): Cannot create ssl certificate or private key.
> 2012/09/19 12:03:20| WARNING: ssl_crtd #2 exited
> 2012/09/19 12:03:20| Too few ssl_crtd processes are running (need 1/10)
> 2012/09/19 12:03:20| Closing HTTP port 0.0.0.0:3128
> 2012/09/19 12:03:20| Closing HTTP port [::]:3150
> 2012/09/19 12:03:20| storeDirWriteCleanLogs: Starting...
> 2012/09/19 12:03:20|   Finished.  Wrote 24195 entries.
> 2012/09/19 12:03:20|   Took 0.02 seconds (1321120.45 entries/sec).
> FATAL: The ssl_crtd helpers are crashing too rapidly, need help!
> 
> Squid Cache (Version 3.2.1): Terminated abnormally.
> CPU Usage: 1.896 seconds = 0.740 user + 1.156 sys
> Maximum Resident Size: 144640 KB
> Page faults with physical i/o: 0
> Memory usage for squid via mallinfo():
>total space in arena:   18900 KB
>Ordinary blocks:18674 KB 54 blks
>Sma