Le lundi 10 octobre 2011 à 15:41 +1300, Amos Jeffries a écrit :
> On Mon, 10 Oct 2011 00:23:38 +0200, David Touzeau wrote:
> > Le lundi 26 septembre 2011 à 10:38 +0200, David Touzeau a écrit :
> >> Le vendredi 23 septembre 2011 à 13:17 +0200, David Touzeau a écrit :
> >> > Le vendredi 23 septembre 2011 à 11:45 +1200, Amos Jeffries a écrit
> >> :
> >> > > On 23/09/11 11:13, Amos Jeffries wrote:
> >> > > > On 23/09/11 02:21, david touzeau wrote:
> >> > > >> Le jeudi 22 septembre 2011 à 15:28 +0200, Helmut Hullen a
> >> écrit :
> >> > > >>> Hallo, david,
> >> > > >>>
> >> > > >>> Du meintest am 22.09.11:
> >> > > >>>
> >> > > >>>
> >> > > >>>> Dear i receive this error in cache.log just after compiling
> >> the
> >> > > >>>> 3.2.0.12 version
> >> > > >>>
> >> > > >>>
> >> > > >>>
> >> > > >>>> ErrorDetailManager.cc(222) parse: WARNING! invalid error
> >> detail name:
> >> > > >>>> P?.?P?.?09_V_ERR_DOMAIN_MISMATCH
> >> > > >>>> 2011/09/22 15:15:23 kid1| errorpage.cc(352) loadFromFile:
> >> parse
> >> > > >>>> error while reading template
> >> > > >>>> file: /usr/share/squid3/errors/templates/error-details.txt
> >> > > >>>
> >> > > >>> Maybe I've seen the same error, with "squid-3.2.0.10".
> >> Compiling squid
> >> > > >>> without "enable-ssl" cured that problem (but that's no real
> >> solution).
> >> > > >>>
> >> > > >>> Viele Gruesse!
> >> > > >>> Helmut
> >> > > >>>
> >> > > >> tried with 3.2.0.12-20110921-r11341 without success...
> >> > > >>
> >> > > >>
> >> > > >> 2011/09/22 16:20:31 kid1| Adding domain touzeau.com
> >> > > >> from /etc/resolv.conf
> >> > > >> 2011/09/22 16:20:31 kid1| Adding nameserver 192.168.1.105
> >> > > >> from /etc/resolv.conf
> >> > > >> 2011/09/22 16:20:31 kid1| Adding nameserver 192.168.1.1
> >> > > >> from /etc/resolv.conf
> >> > > >> 2011/09/22 16:20:31 kid1| ErrorDetailManager.cc(222) parse:
> >> WARNING!
> >> > > >> invalid error detail name: (���(���09_V_ERR_DOMAIN_MISMATCH
> >> > > >> 2011/09/22 16:20:31 kid1| errorpage.cc(352) loadFromFile:
> >> parse error
> >> > > >> while reading template
> >> > > >> file: /usr/share/squid3/errors/templates/error-details.txt
> >> > > >> FATAL: failed to find or read error text file.
> >> > > >> Squid Cache (Version 3.2.0.12-20110921-r11341): Terminated
> >> abnormally.
> >> > > >> CPU Usage: 0.008 seconds = 0.004 user + 0.004 sys
> >> > > >> Maximum Resident Size: 22640 KB
> >> > > >> Page faults with physical i/o: 4
> >> > > >>
> >> > > >
> >> > > > We have two bugs here.
> >> > > > One where the newest SSL messages sub-tag "ERROR" is being
> >> incorrectly
> >> > > > translated. This can be worked around by copying the file from
> >> > > > errors/templates/error-details.txt over top of its alternate
> >> in all the
> >> > > > other languages.
> >> > >
> >> > > A workaround has been added to do this step in 3.2 and langpack
> >> for the
> >> > > next round of daily updates (squid-3.2 r11343 and later).
> >> > >
> >> > > Although, note the major Rock store changes went in at r11342.
> >> So fair
> >> > > warning on that snapshot.
> >> > >
> >> > > Amos
> >> >
> >> > Thanks amos,
> >> >
> >> > r11343 did not resolv the issue...
> >> >
> >> > 2011/09/23 13:16:02 kid3| Starting Squid Cache version
> >> > 3.2.0.12-20110923-r11343 for i686-pc-linux-gnu...
> >> > 2011/09/23 13:16:02 kid3| Process ID 1548
> >> > 2011/09/23 13:16:02 kid3| Process Roles: coordinator
> >> > 2011/09/23 13:16:02 kid3| With 1024 file descriptors available
> >> > 2011/09/23 13:16:02 kid3| Initializing IP Cache...
> >> > 2011/09/23 13:16:02 kid3| DNS Socket created at [::], FD 8
> >> > 2011/09/23 13:16:02 kid3| DNS Socket created at 0.0.0.0, FD 9
> >> > 2011/09/23 13:16:02 kid3| Adding domain touzeau.com
> >> > from /etc/resolv.conf
> >> > 2011/09/23 13:16:02 kid3| Adding domain touzeau.com
> >> > from /etc/resolv.conf
> >> > 2011/09/23 13:16:02 kid3| Adding nameserver 192.168.1.105
> >> > from /etc/resolv.conf
> >> > 2011/09/23 13:16:02 kid3| Adding nameserver 192.168.1.1
> >> > from /etc/resolv.conf
> >> > 2011/09/23 13:16:02 kid3| ErrorDetailManager.cc(222) parse:
> >> WARNING!
> >> > invalid error detail name: ($��($��09_V_ERR_DOMAIN_MISMATCH
> >> > 2011/09/23 13:16:02 kid3| errorpage.cc(352) loadFromFile: parse
> >> error
> >> > while reading template
> >> > file: /usr/share/squid3/errors/templates/error-details.txt
> >> >
> <snip>
> >
> > 3.2.0.12-20111008-r11360 did not resolve the issue...
> > <snip>
> > processes
> > 2011/10/10 00:21:50 kid1| ErrorDetailManager.cc(222) parse: WARNING!
> > invalid error detail name: PT��PT��09_V_ERR_DOMAIN_MISMATCH
> > 2011/10/10 00:21:50 kid1| errorpage.cc(354) loadFromFile: parse
> > error
> > while reading template
> > file: /usr/share/squid3/errors/templates/error-details.txt
>
> Can you check that the upgrade installation actually changes those
> files?
> I'm suspicious that the copy may leave the mangled version in place.
>
> I also find it a bit weird that the first two bytes of the text "X5" is
> what you see being mangled. The problem r11343 and r11360 fix is a
> sub-string "_ERROR_" being wrongly affected.
>
> Amos
>
Dear Amos
There is the same issue with 3.2.0.13-20111022-r11381.
I have created a php function that rebuild the file in order to fix this
2 bytes problem without any success.
011/10/22 18:20:47 kid1| DNS Socket created at 0.0.0.0, FD 9
2011/10/22 18:20:47 kid1| Adding nameserver 192.168.1.105
from /etc/resolv.conf
2011/10/22 18:20:47 kid1| Adding nameserver 192.168.1.1
from /etc/resolv.conf
2011/10/22 18:20:47 kid1| Adding domain touzeau.com
from /etc/resolv.conf
2011/10/22 18:20:47 kid1| Adding domain touzeau.com
from /etc/resolv.conf
2011/10/22 18:20:47 kid1| ErrorDetailManager.cc(222) parse: WARNING!
invalid error detail name: H�.�H�.�09_V_ERR_DOMAIN_MISMATCH
2011/10/22 18:20:47 kid1| errorpage.cc(354) loadFromFile: parse error
while reading template
file: /usr/share/squid3/errors/templates/error-details.txt
FATAL: failed to find or read error text file.
Squid Cache (Version 3.2.0.13-20111022-r11381): Terminated abnormally.
CPU Usage: 0.008 seconds = 0.000 user + 0.008 sys
here it is the php function :
function error_txt(){
$f[]="#rebuilded error template by script";
$f[]="name: SQUID_X509_V_ERR_DOMAIN_MISMATCH";
$f[]="detail: \"%ssl_error_descr: %ssl_subject\"";
$f[]="descr: \"Certificate does not match domainname\"";
$f[]="";
$f[]="name: X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT";
$f[]="detail: \"SSL Certficate error: certificate issuer (CA) not known:
%ssl_ca_name\"";
$f[]="descr: \"Unable to get issuer certificate\"";
$f[]="";
$f[]="name: X509_V_ERR_UNABLE_TO_GET_CRL";
$f[]="detail: \"%ssl_error_descr: %ssl_subject\"";
$f[]="descr: \"Unable to get certificate CRL\"";
$f[]="";
$f[]="name: X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE";
$f[]="detail: \"%ssl_error_descr: %ssl_subject\"";
$f[]="descr: \"Unable to decrypt certificate's signature\"";
$f[]="";
$f[]="name: X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE";
$f[]="detail: \"%ssl_error_descr: %ssl_subject\"";
$f[]="descr: \"Unable to decrypt CRL's signature\"";
$f[]="";
$f[]="name: X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY";
$f[]="detail: \"Unable to decode issuer (CA) public key: %ssl_ca_name
\"";
$f[]="descr: \"Unable to decode issuer public key\"";
$f[]="";
$f[]="name: X509_V_ERR_CERT_SIGNATURE_FAILURE";
$f[]="detail: \"%ssl_error_descr: %ssl_subject\"";
$f[]="descr: \"Certificate signature failure\"";
$f[]="";
$f[]="name: X509_V_ERR_CRL_SIGNATURE_FAILURE";
$f[]="detail: \"%ssl_error_descr: %ssl_subject\"";
$f[]="descr: \"CRL signature failure\"";
$f[]="";
$f[]="name: X509_V_ERR_CERT_NOT_YET_VALID";
$f[]="detail: \"SSL Certficate is not valid before: %ssl_notbefore\"";
$f[]="descr: \"Certificate is not yet valid\"";
$f[]="";
$f[]="name: X509_V_ERR_CERT_HAS_EXPIRED";
$f[]="detail: \"SSL Certificate expired on: %ssl_notafter\"";
$f[]="descr: \"Certificate has expired\"";
$f[]="";
$f[]="name: X509_V_ERR_CRL_NOT_YET_VALID";
$f[]="detail: \"%ssl_error_descr: %ssl_subject\"";
$f[]="descr: \"CRL is not yet valid\"";
$f[]="";
$f[]="name: X509_V_ERR_CRL_HAS_EXPIRED";
$f[]="detail: \"%ssl_error_descr: %ssl_subject\"";
$f[]="descr: \"CRL has expired\"";
$f[]="";
$f[]="name: X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD";
$f[]="detail: \"SSL Certificate has invalid start date (the 'not before'
field): %ssl_subject\"";
$f[]="descr: \"Format error in certificate's notBefore field\"";
$f[]="";
$f[]="name: X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD";
$f[]="detail: \"SSL Certificate has invalid expiration date (the 'not
after' field): %ssl_subject\"";
$f[]="descr: \"Format error in certificate's notAfter field\"";
$f[]="";
$f[]="name: X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD";
$f[]="detail: \"%ssl_error_descr: %ssl_subject\"";
$f[]="descr: \"Format error in CRL's lastUpdate field\"";
$f[]="";
$f[]="name: X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD";
$f[]="detail: \"%ssl_error_descr: %ssl_subject\"";
$f[]="descr: \"Format error in CRL's nextUpdate field\"";
$f[]="";
$f[]="name: X509_V_ERR_OUT_OF_MEM";
$f[]="detail: \"%ssl_error_descr\"";
$f[]="descr: \"Out of memory\"";
$f[]="";
$f[]="name: X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT";
$f[]="detail: \"Self-signed SSL Certificate: %ssl_subject\"";
$f[]="descr: \"Self signed certificate\"";
$f[]="";
$f[]="name: X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN";
$f[]="detail: \"Self-signed SSL Certificate in chain: %ssl_subject\"";
$f[]="descr: \"Self signed certificate in certificate chain\"";
$f[]="";
$f[]="name: X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY";
$f[]="detail: \"SSL Certficate error: certificate issuer (CA) not known:
%ssl_ca_name\"";
$f[]="descr: \"Unable to get local issuer certificate\"";
$f[]="";
$f[]="name: X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE";
$f[]="detail: \"%ssl_error_descr: %ssl_subject\"";
$f[]="descr: \"Unable to verify the first certificate\"";
$f[]="";
$f[]="name: X509_V_ERR_CERT_CHAIN_TOO_LONG";
$f[]="detail: \"%ssl_error_descr: %ssl_subject\"";
$f[]="descr: \"Certificate chain too long\"";
$f[]="";
$f[]="name: X509_V_ERR_CERT_REVOKED";
$f[]="detail: \"%ssl_error_descr: %ssl_subject\"";
$f[]="descr: \"Certificate revoked\"";
$f[]="";
$f[]="name: X509_V_ERR_INVALID_CA";
$f[]="detail: \"%ssl_error_descr: %ssl_ca_name\"";
$f[]="descr: \"Invalid CA certificate\"";
$f[]="";
$f[]="name: X509_V_ERR_PATH_LENGTH_EXCEEDED";
$f[]="detail: \"%ssl_error_descr: %ssl_subject\"";
$f[]="descr: \"Path length constraint exceeded\"";
$f[]="";
$f[]="name: X509_V_ERR_INVALID_PURPOSE";
$f[]="detail: \"%ssl_error_descr: %ssl_subject\"";
$f[]="descr: \"Unsupported certificate purpose\"";
$f[]="";
$f[]="name: X509_V_ERR_CERT_UNTRUSTED";
$f[]="detail: \"%ssl_error_descr: %ssl_subject\"";
$f[]="descr: \"Certificate not trusted\"";
$f[]="";
$f[]="name: X509_V_ERR_CERT_REJECTED";
$f[]="detail: \"%ssl_error_descr: %ssl_subject\"";
$f[]="descr: \"Certificate rejected\"";
$f[]="";
$f[]="name: X509_V_ERR_SUBJECT_ISSUER_MISMATCH";
$f[]="detail: \"%ssl_error_descr: %ssl_ca_name\"";
$f[]="descr: \"Subject issuer mismatch\"";
$f[]="";
$f[]="name: X509_V_ERR_AKID_SKID_MISMATCH";
$f[]="detail: \"%ssl_error_descr: %ssl_subject\"";
$f[]="descr: \"Authority and subject key identifier mismatch\"";
$f[]="";
$f[]="name: X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH";
$f[]="detail: \"%ssl_error_descr: %ssl_ca_name\"";
$f[]="descr: \"Authority and issuer serial number mismatch\"";
$f[]="";
$f[]="name: X509_V_ERR_KEYUSAGE_NO_CERTSIGN";
$f[]="detail: \"%ssl_error_descr: %ssl_subject\"";
$f[]="descr: \"Key usage does not include certificate signing\"";
$f[]="";
$f[]="name: X509_V_ERR_APPLICATION_VERIFICATION";
$f[]="detail: \"%ssl_error_descr: %ssl_subject\"";
$f[]="descr: \"Application verification failure\";\n";
@file_put_contents("/usr/share/squid3/errors/templates/error-details.txt", @implode("\n", $f));
}
