On 05/24/2013 02:25 AM, Dieter Bloms wrote: > Hi Alex, > > On Thu, May 23, Alex Rousskov wrote: > >>> I use squid 3.3.5 with the ssl-bump feature. >>> My private key is crypted and I want to enter the password at start time. >>> >>> Since 3.3.5 squid wants to execute a program even I haven't configured >>> sslpassword_program and start squid with the -N option. >>> >>> --snip-- >>> idvhttpsproxy01:~ # squid -f /etc/squid/squid.conf -NY >>> sh: (null): command not found >>> FATAL: No valid signing SSL certificate configured for http_port MYIP:8080 >>> Squid Cache (Version 3.3.5): Terminated abnormally. >>> CPU Usage: 0.004 seconds = 0.000 user + 0.004 sys >>> Maximum Resident Size: 21248 KB >>> Page faults with physical i/o: 0 >>> --snip-- >>> >>> when I set sslpassword_program to a program which print the password on >>> stdout squid starts, but I want to enter the password during start of >>> squid. >>> >>> Is this a bug ? >> >> >> Yes, I think it is. Please check whether the attached patch works when >> you start Squid with -N and _without_ sslpassword_program. >> >> The patch may or may not work when you start Squid without -N and with >> sslpassword_program. The outcome depends on whether snprintf() crashes >> when given a NULL pointer and on whether your sslpassword_program needs >> to know the name of the key file Squid is trying to load (that name will >> not be passed to your sslpassword_program). If you can test this >> scenario, please do. >> >> Please let us know what your tests show. > > I applied this patch against squid-3.3.5-20130521-r12565 and it works as > expected. > Many thanks for this patch ! > Will this patch be included in the next release ? It will be in v3.4 (at least). Alex.
