Search squid archive

ssl_crtd exited, How to debug

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

    ssl_crtd crash and restart squid often appears in old my
squid3.2.3, after upgrade to 3.2.13. This situation continues, twice a
day or so, but will not lead to restart.

    In my squid3.2.13 cache log, double ssl_crtd exited everytime:
(ssl_crtd): Cannot create ssl certificate or private key.
2013/08/26 09:16:17 kid1| WARNING: ssl_crtd #2 exited
2013/08/26 09:16:17 kid1| Too few ssl_crtd processes are running (need 3/32)
2013/08/26 09:16:17 kid1| Starting new helpers
2013/08/26 09:16:17 kid1| helperOpenServers: Starting 3/32 'ssl_crtd' processes
(ssl_crtd): Cannot create ssl certificate or private key.
2013/08/26 09:16:18 kid1| "ssl_crtd" helper return <NULL> reply
2013/08/26 09:16:18 kid1| WARNING: ssl_crtd #1 exited
2013/08/26 09:16:18 kid1| Too few ssl_crtd processes are running (need 3/32)
2013/08/26 09:16:18 kid1| Starting new helpers
2013/08/26 09:16:18 kid1| helperOpenServers: Starting 3/32 'ssl_crtd' processes
2013/08/26 09:16:18 kid1| "ssl_crtd" helper return <NULL> reply

My Conf:

http_port 3128 ssl-bump generate-host-certificates=on
dynamic_cert_mem_cache_size=4MB cert=/usr/local/squid/etc/cert.pem
key=/usr/local/squid/etc/key.pem

ssl_bump deny localhost
#some site I don't want to ssl_bump
ssl_bump deny brokenssldst
ssl_bump deny denysslbumpsite
ssl_bump allow all

#some site with broken certificate, but I need to ssl_bump
sslproxy_cert_error allow brokensslsite
sslproxy_cert_error deny all

sslcrtd_program /usr/local/squid/libexec/ssl_crtd -s
/usr/local/squid/var/ssldb -M 4MB -b 4096
sslcrtd_children 32 startup=5 idle=3

#running another simple squid on localhost for local and another squid.
cache_peer server1.***.*** parent 3129 0 no-query no-digest no-netdb-exchange

# I allow ssl bumped connections through parrent proxy through modify
forward.cc for myself. Because I think local to local is safe.
nonhierarchical_direct off
prefer_direct off
#if those site I don't want to ssl_bump, must directly out.
always_direct allow brokensslsite
never_direct allow all

    I don't know why ssl_crtd exited, and how to set up debug level? I
can't find any ssl_crtd debug level document. Related to allow ssl
bumped connections through parrent proxy?

-- 
Regards,
John Xue
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux