Ralf.Hildebrandt wrote to *Bud Miljkovic* <bud_miljko...@trimble.com>:
> # Intercept transparent HTTPS traffic > https_port 3129 intercept ssl-bump cert=/etc/squid/ssl_cert/myCA.pem > generate-host-certificates=on dynamic_cert_mem_cache_size=4MB > ssl_bump splice all > sslcrtd_program /usr/libexec/ssl_crtd -s /var/lib/ssl_db -M 4MB ^ I think the portion above is relevant for this error > 2023/09/29 15:02:52| helperOpenServers: Starting 5/32 'ssl_crtd' processes ... > 2023/09/29 15:02:52| Accepting NAT intercepted SSL bumped HTTPS Socket connections at local=[::]:3129 remote=[::] FD 29 flags=41 > 2023/09/29 15:02:52| WARNING: ssl_crtd #Hlpr1 exited > 2023/09/29 15:02:52| Too few ssl_crtd processes are running (need 1/32) > 2023/09/29 15:02:52| Closing HTTP port [::]:3128 > 2023/09/29 15:02:52| Closing HTTPS port [::]:3129 > FATAL: The ssl_crtd helpers are crashing too rapidly, need help! I assume the "sslcrtd_program" (set to "/usr/libexec/ssl_crtd -s /var/lib/ssl_db -M 4MB") is indeed not starting up (or crashing immediately after). * What does "dmesg" report? *>>> **Could not get anything relevant!* * What happens if you invoke "/usr/libexec/ssl_crtd -s /var/lib/ssl_db -M 4MB" by hand (as the squid user, I guess) *>>> *(1) Executing manually: r2:/# /usr/libexec/ssl_crtd -s /var/lib/ssl_db -M 4MB /usr/libexec/ssl_crtd: Uninitialized SSL certificate database directory: /var/lib/ssl_db. To initialize, run "ssl_crtd -c -s /var/lib/ssl_db". *Where:* r2:/# ls -l /usr/libexec/ssl_crtd -rwxr-xr-x 1 root root 63884 Sep 27 23:06 /usr/libexec/ssl_crtd *I do not quite get "To initialize, run "ssl_crtd -c -s /var/lib/ssl_db":?* *I am executing all this manually as the root user.* *When I do:* r2:/# cd /usr/libexec/ r2:/usr/libexec# ls -l ssl_crtd -rwxr-xr-x 1 root root 63884 Sep 27 23:06 ssl_crtd *However, when I try to run this:* r2:/usr/libexec# ssl_crtd -c -s /var/lib/ssl_db -sh: ssl_crtd: command not found *>>>* *?!* *I.e. ssl_crtd is not executable from its directory and it is owned by the root* *This is very confusing to me?!* *Also, with another level of debugging it can be seen that:* ``` ........ 2023/09/30 14:16:31.899| Initializing https_port [::]:3129 SSL context 2023/09/30 14:16:31.899| Using certificate in /etc/squid/ssl_cert/myCA.pem 2023/09/30 14:16:31.905| 83,5| 25/src/ssl/support.cc(1962) readSslX509CertificatesChain: Certificate is self-signed, will not be chained 2023/09/30 14:16:31.962| 83,5| 25/src/ssl/support.cc(1628) contextMethod: Using SSLv2/SSLv3. 2023/09/30 14:16:31.964| 83,9| 25/src/ssl/support.cc(903) configureSslContext: Setting RSA key generation callback. 2023/09/30 14:16:31.965| 83,9| 25/src/ssl/support.cc(916) configureSslContext: Setting CA certificate locations. 2023/09/30 14:16:31.966| 83,9| 25/src/ssl/support.cc(965) configureSslContext: Not requiring any client certificates 2023/09/30 14:16:31.967| 21,3| src/tools.cc(543) leave_suid: leave_suid: PID 3917 called 2023/09/30 14:16:31.968| 21,3| src/tools.cc(565) leave_suid: leave_suid: PID 3917 giving up root, becoming 'squid' <<<< *CHANGE OF USER NAME to SQUID* 2023/09/30 14:16:31.970| 0,9| src/debug.cc(408) parseOptions: command-line -X overrides: ALL,1 2023/09/30 14:16:31.983| Current Directory is / 2023/09/30 14:16:31.985| Starting Squid Cache version 3.5.25 for arm-poky-linux-gnueabi... 2023/09/30 14:16:31.985| Service Name: squid 2023/09/30 14:16:31.985| Process ID 3917 2023/09/30 14:16:31.985| Process Roles: master worker 2023/09/30 14:16:31.985| With 1024 file descriptors available 2023/09/30 14:16:31.985| Initializing IP Cache... 2023/09/30 14:16:31.993| DNS Socket created at [::], FD 8 2023/09/30 14:16:31.994| DNS Socket created at 0.0.0.0, FD 9 2023/09/30 14:16:31.995| Adding nameserver 127.0.0.1 from /etc/resolv.conf 2023/09/30 14:16:31.997| helperOpenServers: Starting 5/32 'ssl_crtd' processes 2023/09/30 14:16:32.175| Logfile: opening log daemon:/var/log/squid/access.log 2023/09/30 14:16:32.176| Logfile Daemon: opening log /var/log/squid/access.log 2023/09/30 14:16:32.457| Unlinkd pipe opened on FD 26 2023/09/30 14:16:32.470| Store logging disabled 2023/09/30 14:16:32.471| Swap maxSize 102400 + 262144 KB, estimated 28041 objects 2023/09/30 14:16:32.471| Target number of buckets: 1402 2023/09/30 14:16:32.471| Using 8192 Store buckets 2023/09/30 14:16:32.471| Max Mem size: 262144 KB 2023/09/30 14:16:32.471| Max Swap size: 102400 KB 2023/09/30 14:16:32.477| Rebuilding storage in /var/volatile/log/squid/logs (no log) 2023/09/30 14:16:32.478| Using Least Load store dir selection 2023/09/30 14:16:32.480| Current Directory is / 2023/09/30 14:16:33.121| Finished loading MIME types and icons. 2023/09/30 14:16:33.126| HTCP Disabled. 2023/09/30 14:16:33.131| Squid plugin modules loaded: 0 2023/09/30 14:16:33.132| Adaptation support is off. 2023/09/30 14:16:33.136| Accepting HTTP Socket connections at local=[::]:3128 remote=[::] FD 28 flags=9 2023/09/30 14:16:33.138| Accepting NAT intercepted SSL bumped HTTPS Socket connections at local=[::]:3129 remote=[::] FD 29 flags=41 2023/09/30 14:16:33.197| WARNING: ssl_crtd #Hlpr1 exited 2023/09/30 14:16:33.197| Too few ssl_crtd processes are running (need 1/32) 2023/09/30 14:16:33.197| Closing HTTP port [::]:3128 2023/09/30 14:16:33.201| Closing HTTPS port [::]:3129 FATAL: The ssl_crtd helpers are crashing too rapidly, need help! *Can you shed some light on all this?* *Buda* 11-17 Birmingham Drive, Christchurch, Canterbury, 8024 New Zealand +64 3 963-5550 Direct +64 21 419-024 Mobile www.trimble.com -- Budimir Miljković BSc E | He Senior Development Engineer Civil Construction Field Systems Trimble 11-17 Birmingham Drive, Christchurch, Canterbury, 8024 New Zealand +64 3 963-5550 Direct +64 21 419-024 Mobile www.trimble.com This email may contain confidential information that is intended only for the listed recipient(s) of this email. Any unauthorized review, use, disclosure or distribution is prohibited. If you believe you have received this email in error, please immediately delete this email and any attachments, and inform me via reply email.
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users
