Rainer Weikusat <rweiku...@mobileactivedefense.com> writes: [...]
> It is possible to hit the 'fd limit' > bug (with a single client) by running squid with a tight file descriptor > limit (eg, 64) and trying hard enough. In order to make for easier > debugging, I changed the TcpAcceptor/ AcceptLimiter code to act as if > only a single file descriptor was available for client connections There's actually a 2nd way to hit this easily but I didn't want to mention that until I had a fix for that in my tree[*]: Configure a port for 'server first' SSL interception and make a direct connection to that. This will cause the proxy to connect to itself in order to peek at the server certificate [until out of memory, goto start of the sentence]. [*] That's based on maintaining a hashed database of the local addresses of all outgoing connections and rejecting incoming connections from any of these addresses. This may not be the smarted way to deal with this situation but it works. But it's written in C as I generally use C for all additions I have to make to 'our squid'.