On 20/09/12 12:58, Ahmed Talha Khan wrote: > Hey Guy, All > > I have started facing a very similar issue now.I have been using > squid-3.HEAD-20120421-r12120 for about 5 months without any issues. > Suddenly from yesterday ive started getting crahses in ssl_crtd > process. > > > In my case i am the only user but i observe that the behaviour is > random. Sometimes it crashes and sometimes it works. Different https > pages give the crash. Even non https pages have caused the crash. > > These occur especially on google https pages like docs,mail,calender etc.. > > The signing cert is also ok and has NOT expired. > > > My squid conf looks like this: > ******************************************************* > sslproxy_cert_error allow all > > sslcrtd_program /usr/local/squid-3.3/libexec/ssl_crtd -s > /usr/local/squid-3.3/var/lib/ssl_db -M 4MB > sslcrtd_children 5 > > http_port 192.168.8.134:3128 ssl-bump generate-host-certificates=on > dynamic_cert_mem_cache_size=4MB > cert=/home/asif/squid/www.sample.com.pem > key=/home/asif/squid/www.sample.com.pem > > http_port 192.168.8.134:8080 > > https_port 192.168.8.134:3129 ssl-bump generate-host-certificates=on > dynamic_cert_mem_cache_size=4MB > cert=/home/asif/squid/www.sample.com.pem > key=/home/asif/squid/www.sample.com.pem > ******************************************************* > > The ssl_db directory is initialized properly with correct permissions. > > *********************************************************** > [talha@localhost lib]$ pwd > /usr/local/squid-3.3/var/lib > > [talha@localhost lib]$ ls -al > total 24 > drwxrwxrwx 3 root root 4096 Sep 20 15:31 . > drwxrwxrwx 6 root root 4096 Sep 20 15:05 .. > drwxrwxrwx 3 nobody talha 4096 Sep 20 15:31 ssl_db > > The size file also has some values in it and cert generation also > seems to work but suddenly it all crashes . > ************************************************************** > > > > 2012/09/20 14:57:45| Starting Squid Cache version > 3.HEAD-20120425-r12120 for x86_64-unknown-linux-gnu... > 2012/09/20 14:57:45| Process ID 23826 > 2012/09/20 14:57:45| Process Roles: master worker > 2012/09/20 14:57:45| With 1024 file descriptors available > 2012/09/20 14:57:45| Initializing IP Cache... > 2012/09/20 14:57:45| DNS Socket created at [::], FD 5 > 2012/09/20 14:57:45| DNS Socket created at 0.0.0.0, FD 6 > 2012/09/20 14:57:45| Adding nameserver 192.168.8.1 from /etc/resolv.conf > 2012/09/20 14:57:45| Adding domain localdomain from /etc/resolv.conf > 2012/09/20 14:57:45| helperOpenServers: Starting 5/5 'ssl_crtd' processes > 2012/09/20 14:57:45| Logfile: opening log > daemon:/usr/local/squid-3.3/var/logs/access.log > 2012/09/20 14:57:45| Logfile Daemon: opening log > /usr/local/squid-3.3/var/logs/access.log > 2012/09/20 14:57:45| Logfile: opening log /usr/local/squid-3.3/var/logs/icap-log > 2012/09/20 14:57:45| WARNING: log parameters now start with a module > name. Use 'stdio:/usr/local/squid-3.3/var/logs/icap-log' > > > 2012/09/20 14:57:45| Store logging disabled > 2012/09/20 14:57:45| Swap maxSize 0 + 262144 KB, estimated 20164 objects > 2012/09/20 14:57:45| Target number of buckets: 1008 > 2012/09/20 14:57:45| Using 8192 Store buckets > 2012/09/20 14:57:45| Max Mem size: 262144 KB > 2012/09/20 14:57:45| Max Swap size: 0 KB > 2012/09/20 14:57:45| Using Least Load store dir selection > 2012/09/20 14:57:45| Set Current Directory to /usr/local/squid-3.3/var/cache > 2012/09/20 14:57:45| Loaded Icons. > 2012/09/20 14:57:45| HTCP Disabled. > 2012/09/20 14:57:45| /usr/local/squid-3.3/var/run/squid.pid: (13) > Permission denied > 2012/09/20 14:57:45| WARNING: Could not write pid file > 2012/09/20 14:57:45| Squid plugin modules loaded: 0 > 2012/09/20 14:57:45| Adaptation support is on > 2012/09/20 14:57:45| Accepting SSL bumped HTTP Socket connections at > local=192.168.8.134:3128 remote=[::] FD 20 flags=9 > 2012/09/20 14:57:45| Accepting HTTP Socket connections at > local=192.168.8.134:8080 remote=[::] FD 21 flags=9 > 2012/09/20 14:57:45| Accepting SSL bumped HTTPS Socket connections at > local=192.168.8.134:3129 remote=[::] FD 22 flags=9 > 2012/09/20 14:57:46| storeLateRelease: released 0 objects > > (ssl_crtd): Cannot create ssl certificate or private key. > 2012/09/20 14:58:23| WARNING: ssl_crtd #2 exited > 2012/09/20 14:58:23| Too few ssl_crtd processes are running (need 1/5) > > 2012/09/20 14:58:23| Starting new helpers > 2012/09/20 14:58:23| helperOpenServers: Starting 1/5 'ssl_crtd' processes > 2012/09/20 14:58:23| client_side.cc(3478) sslCrtdHandleReply: > "ssl_crtd" helper return <NULL> reply > (ssl_crtd): Cannot create ssl certificate or private key. > > 2012/09/20 14:58:23| WARNING: ssl_crtd #1 exited > 2012/09/20 14:58:23| Too few ssl_crtd processes are running (need 1/5) > 2012/09/20 14:58:23| storeDirWriteCleanLogs: Starting... > 2012/09/20 14:58:23| Finished. Wrote 0 entries. > 2012/09/20 14:58:23| Took 0.00 seconds ( 0.00 entries/sec). > FATAL: The ssl_crtd helpers are crashing too rapidly, need help! > > Squid Cache (Version 3.HEAD-20120425-r12120): Terminated abnormally. > CPU Usage: 0.355 seconds = 0.289 user + 0.066 sys > Maximum Resident Size: 71104 KB > Page faults with physical i/o: 0 > Memory usage for squid via mallinfo(): > total space in arena: 11924 KB > Ordinary blocks: 11818 KB 49 blks > Small blocks: 0 KB 0 blks > Holding blocks: 664 KB 2 blks > Free Small blocks: 0 KB > Free Ordinary blocks: 105 KB > Maybe i would have added that the pages i am testing to crash squid are google ones, https://www.google.com and an google apps one. i did not tried with other ssl sites to say the truth because this are the ones my users load. Regards, Miguel Angel.
