Search squid archive

Re: sslbump working with 3.4.9 but not in intercept mode?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Here are the outputs:

$ egrep '^(https?_port|ssl)' /etc/squid3/squid.conf

http_port 3128

---------------------------------------------------------------------------------------------------
$ /usr/sbin/squid3 -N

WARNING: Cannot write log file: /var/log/squid3/cache.log
/var/log/squid3/cache.log: Permission denied
         messages will be sent to 'stderr'.
WARNING: Cannot write log file: /var/log/squid3/cache.log
/var/log/squid3/cache.log: Permission denied
         messages will be sent to 'stderr'.
2014/11/10 13:30:29| WARNING: Closing open FD    2
2014/11/10 13:30:29| Starting Squid Cache version 3.3.8 for i686-pc-linux-gnu...
2014/11/10 13:30:29| Process ID 24524
2014/11/10 13:30:29| Process Roles: master worker
2014/11/10 13:30:29| With 65536 file descriptors available
2014/11/10 13:30:29| Initializing IP Cache...
2014/11/10 13:30:29| DNS Socket created at [::], FD 4
2014/11/10 13:30:29| DNS Socket created at 0.0.0.0, FD 5
2014/11/10 13:30:29| Adding nameserver 127.0.1.1 from /etc/resolv.conf
2014/11/10 13:30:29| Adding domain mynet from /etc/resolv.conf
2014/11/10 13:30:29| '/usr/share/squid3/errors/templates/ERR_ACCESS_DENIED': (2) No such file or directory
2014/11/10 13:30:29| WARNING: failed to find or read error text file ERR_ACCESS_DENIED
2014/11/10 13:30:29| '/usr/share/squid3/errors/templates/ERR_CACHE_ACCESS_DENIED': (2) No such file or directory
2014/11/10 13:30:29| WARNING: failed to find or read error text file ERR_CACHE_ACCESS_DENIED
2014/11/10 13:30:29| '/usr/share/squid3/errors/templates/ERR_CACHE_MGR_ACCESS_DENIED': (2) No such file or directory
2014/11/10 13:30:29| WARNING: failed to find or read error text file ERR_CACHE_MGR_ACCESS_DENIED
2014/11/10 13:30:29| '/usr/share/squid3/errors/templates/ERR_FORWARDING_DENIED': (2) No such file or directory
2014/11/10 13:30:29| WARNING: failed to find or read error text file ERR_FORWARDING_DENIED
2014/11/10 13:30:29| '/usr/share/squid3/errors/templates/ERR_NO_RELAY': (2) No such file or directory
2014/11/10 13:30:29| WARNING: failed to find or read error text file ERR_NO_RELAY
2014/11/10 13:30:29| '/usr/share/squid3/errors/templates/ERR_CANNOT_FORWARD': (2) No such file or directory
2014/11/10 13:30:29| WARNING: failed to find or read error text file ERR_CANNOT_FORWARD
2014/11/10 13:30:29| '/usr/share/squid3/errors/templates/ERR_READ_TIMEOUT': (2) No such file or directory
2014/11/10 13:30:29| WARNING: failed to find or read error text file ERR_READ_TIMEOUT
2014/11/10 13:30:29| '/usr/share/squid3/errors/templates/ERR_LIFETIME_EXP': (2) No such file or directory
2014/11/10 13:30:29| WARNING: failed to find or read error text file ERR_LIFETIME_EXP
2014/11/10 13:30:29| '/usr/share/squid3/errors/templates/ERR_READ_ERROR': (2) No such file or directory
2014/11/10 13:30:29| WARNING: failed to find or read error text file ERR_READ_ERROR
2014/11/10 13:30:29| '/usr/share/squid3/errors/templates/ERR_WRITE_ERROR': (2) No such file or directory
2014/11/10 13:30:29| WARNING: failed to find or read error text file ERR_WRITE_ERROR
2014/11/10 13:30:29| '/usr/share/squid3/errors/templates/ERR_CONNECT_FAIL': (2) No such file or directory
2014/11/10 13:30:29| WARNING: failed to find or read error text file ERR_CONNECT_FAIL
2014/11/10 13:30:29| '/usr/share/squid3/errors/templates/ERR_SECURE_CONNECT_FAIL': (2) No such file or directory
2014/11/10 13:30:29| WARNING: failed to find or read error text file ERR_SECURE_CONNECT_FAIL
2014/11/10 13:30:29| '/usr/share/squid3/errors/templates/ERR_SOCKET_FAILURE': (2) No such file or directory
2014/11/10 13:30:29| WARNING: failed to find or read error text file ERR_SOCKET_FAILURE
2014/11/10 13:30:29| '/usr/share/squid3/errors/templates/ERR_DNS_FAIL': (2) No such file or directory
2014/11/10 13:30:29| WARNING: failed to find or read error text file ERR_DNS_FAIL
2014/11/10 13:30:29| '/usr/share/squid3/errors/templates/ERR_URN_RESOLVE': (2) No such file or directory
2014/11/10 13:30:29| WARNING: failed to find or read error text file ERR_URN_RESOLVE
2014/11/10 13:30:29| '/usr/share/squid3/errors/templates/ERR_ONLY_IF_CACHED_MISS': (2) No such file or directory
2014/11/10 13:30:29| WARNING: failed to find or read error text file ERR_ONLY_IF_CACHED_MISS
2014/11/10 13:30:29| '/usr/share/squid3/errors/templates/ERR_TOO_BIG': (2) No such file or directory
2014/11/10 13:30:29| WARNING: failed to find or read error text file ERR_TOO_BIG
2014/11/10 13:30:29| '/usr/share/squid3/errors/templates/ERR_INVALID_RESP': (2) No such file or directory
2014/11/10 13:30:29| WARNING: failed to find or read error text file ERR_INVALID_RESP
2014/11/10 13:30:29| '/usr/share/squid3/errors/templates/ERR_UNSUP_HTTPVERSION': (2) No such file or directory
2014/11/10 13:30:29| WARNING: failed to find or read error text file ERR_UNSUP_HTTPVERSION
2014/11/10 13:30:29| '/usr/share/squid3/errors/templates/ERR_INVALID_REQ': (2) No such file or directory
2014/11/10 13:30:29| WARNING: failed to find or read error text file ERR_INVALID_REQ
2014/11/10 13:30:29| '/usr/share/squid3/errors/templates/ERR_UNSUP_REQ': (2) No such file or directory
2014/11/10 13:30:29| WARNING: failed to find or read error text file ERR_UNSUP_REQ
2014/11/10 13:30:29| '/usr/share/squid3/errors/templates/ERR_INVALID_URL': (2) No such file or directory
2014/11/10 13:30:29| WARNING: failed to find or read error text file ERR_INVALID_URL
2014/11/10 13:30:29| '/usr/share/squid3/errors/templates/ERR_ZERO_SIZE_OBJECT': (2) No such file or directory
2014/11/10 13:30:29| WARNING: failed to find or read error text file ERR_ZERO_SIZE_OBJECT
2014/11/10 13:30:29| '/usr/share/squid3/errors/templates/ERR_PRECONDITION_FAILED': (2) No such file or directory
2014/11/10 13:30:29| WARNING: failed to find or read error text file ERR_PRECONDITION_FAILED
2014/11/10 13:30:29| '/usr/share/squid3/errors/templates/ERR_CONFLICT_HOST': (2) No such file or directory
2014/11/10 13:30:29| WARNING: failed to find or read error text file ERR_CONFLICT_HOST
2014/11/10 13:30:29| '/usr/share/squid3/errors/templates/ERR_FTP_DISABLED': (2) No such file or directory
2014/11/10 13:30:29| WARNING: failed to find or read error text file ERR_FTP_DISABLED
2014/11/10 13:30:29| '/usr/share/squid3/errors/templates/ERR_FTP_UNAVAILABLE': (2) No such file or directory
2014/11/10 13:30:29| WARNING: failed to find or read error text file ERR_FTP_UNAVAILABLE
2014/11/10 13:30:29| '/usr/share/squid3/errors/templates/ERR_FTP_FAILURE': (2) No such file or directory
2014/11/10 13:30:29| WARNING: failed to find or read error text file ERR_FTP_FAILURE
2014/11/10 13:30:29| '/usr/share/squid3/errors/templates/ERR_FTP_PUT_ERROR': (2) No such file or directory
2014/11/10 13:30:29| WARNING: failed to find or read error text file ERR_FTP_PUT_ERROR
2014/11/10 13:30:29| '/usr/share/squid3/errors/templates/ERR_FTP_NOT_FOUND': (2) No such file or directory
2014/11/10 13:30:29| WARNING: failed to find or read error text file ERR_FTP_NOT_FOUND
2014/11/10 13:30:29| '/usr/share/squid3/errors/templates/ERR_FTP_FORBIDDEN': (2) No such file or directory
2014/11/10 13:30:29| WARNING: failed to find or read error text file ERR_FTP_FORBIDDEN
2014/11/10 13:30:29| '/usr/share/squid3/errors/templates/ERR_FTP_PUT_CREATED': (2) No such file or directory
2014/11/10 13:30:29| WARNING: failed to find or read error text file ERR_FTP_PUT_CREATED
2014/11/10 13:30:29| '/usr/share/squid3/errors/templates/ERR_FTP_PUT_MODIFIED': (2) No such file or directory
2014/11/10 13:30:29| WARNING: failed to find or read error text file ERR_FTP_PUT_MODIFIED
2014/11/10 13:30:29| '/usr/share/squid3/errors/templates/ERR_ESI': (2) No such file or directory
2014/11/10 13:30:29| WARNING: failed to find or read error text file ERR_ESI
2014/11/10 13:30:29| '/usr/share/squid3/errors/templates/ERR_ICAP_FAILURE': (2) No such file or directory
2014/11/10 13:30:29| WARNING: failed to find or read error text file ERR_ICAP_FAILURE
2014/11/10 13:30:29| '/usr/share/squid3/errors/templates/ERR_GATEWAY_FAILURE': (2) No such file or directory
2014/11/10 13:30:29| WARNING: failed to find or read error text file ERR_GATEWAY_FAILURE
2014/11/10 13:30:29| '/usr/share/squid3/errors/templates/ERR_DIR_LISTING': (2) No such file or directory
2014/11/10 13:30:29| WARNING: failed to find or read error text file ERR_DIR_LISTING
2014/11/10 13:30:29| '/usr/share/squid3/errors/templates/ERR_SHUTTING_DOWN': (2) No such file or directory
2014/11/10 13:30:29| WARNING: failed to find or read error text file ERR_SHUTTING_DOWN
2014/11/10 13:30:29| Logfile: opening log daemon:/var/log/squid3/access.log
2014/11/10 13:30:29| Logfile Daemon: opening log /var/log/squid3/access.log
2014/11/10 13:30:29| WARNING: no_suid: setuid(0): (1) Operation not permitted
2014/11/10 13:30:29| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec
2014/11/10 13:30:29| Store logging disabled
2014/11/10 13:30:29| Swap maxSize 0 + 262144 KB, estimated 20164 objects
2014/11/10 13:30:29| Target number of buckets: 1008
2014/11/10 13:30:29| Using 8192 Store buckets
2014/11/10 13:30:29| Max Mem  size: 262144 KB
2014/11/10 13:30:29| Max Swap size: 0 KB
2014/11/10 13:30:29| Using Least Load store dir selection
2014/11/10 13:30:29| chdir: /var/spool/squid3: (2) No such file or directory
2014/11/10 13:30:29| Current Directory is /home/myhome
fopen: Permission denied
2014/11/10 13:30:29| Loaded Icons.
2014/11/10 13:30:29| commBind: Cannot bind socket FD 8 to [::]:3128: (98) Address already in use
2014/11/10 13:30:29| HTCP Disabled.
2014/11/10 13:30:29| WARNING: no_suid: setuid(0): (1) Operation not permitted
2014/11/10 13:30:29| Pinger socket opened on FD 10
2014/11/10 13:30:29| /var/run/squid3.pid: (13) Permission denied
2014/11/10 13:30:29| WARNING: Could not write pid file
2014/11/10 13:30:29| Squid plugin modules loaded: 0
2014/11/10 13:30:29| Adaptation support is off.
2014/11/10 13:30:29| Closing HTTP port [::]:3128
2014/11/10 13:30:29| storeDirWriteCleanLogs: Starting...
2014/11/10 13:30:29|   Finished.  Wrote 0 entries.
2014/11/10 13:30:29|   Took 0.00 seconds (  0.00 entries/sec).
FATAL: Unable to open HTTP Socket
Squid Cache (Version 3.3.8): Terminated abnormally.
CPU Usage: 0.052 seconds = 0.048 user + 0.004 sys
Maximum Resident Size: 105920 KB
Page faults with physical i/o: 0
Memory usage for squid via mallinfo():
    total space in arena:   15512 KB
    Ordinary blocks:        15407 KB      4 blks
    Small blocks:               0 KB      1 blks
    Holding blocks:         27420 KB      8 blks
    Free Small blocks:          0 KB
    Free Ordinary blocks:     104 KB
    Total in use:           42827 KB 276%
    Total free:               104 KB 1%
2014/11/10 13:30:29| Closing Pinger socket on FD 10
myhome@firstcom:~$ 2014/11/10 13:30:29| pinger: Initialising ICMP pinger ...
2014/11/10 13:30:29| pinger: ICMP socket opened.
2014/11/10 13:30:29| pinger: ICMPv6 socket opened
2014/11/10 13:30:29| Pinger exiting.

---------------------------------------------------------------------------------------------------


On Mon, Nov 10, 2014 at 1:26 PM, Jason Haar <Jason_Haar@xxxxxxxxxxx> wrote:
On 10/11/14 23:43, Eliezer Croitoru wrote:
> Can you send all ssl_bump related settings?
> There are some missing parts in the settings.

How's this?

# egrep '^(https?_port|ssl)' /etc/squid/squid.conf
http_port 3128
http_port 3126 ssl-bump cert=/etc/squid/squid-CA.cert
capath=/etc/ssl/certs/ generate-host-certificates=on
dynamic_cert_mem_cache_size=256MB options=ALL
http_port 3129 intercept
https_port 3127 intercept ssl-bump cert=/etc/squid/squid-CA.cert
capath=/etc/ssl/certs/ generate-host-certificates=on
dynamic_cert_mem_cache_size=256MB options=ALL
sslcrtd_program /usr/lib64/squid/ssl_crtd -s /var/lib/ssl_db -M 4MB
sslcrtd_children 32 startup=5 idle=1
ssl_bump server-first all


This is a CentOS-6 64bit server with 8G RAM and two Ethernet cards - one
internal and one external. iptables is used to redirect outbound tcp
port 80/443 (on internal network) onto squid port 3129/3127
respectively. I've removed the two ACLs I had and they haven't caused
any change, so they are not related to the problem

access.log does not show any entries (the crash occurs before they can
write I guess) and the cache.log  shows the following whenever I "telnet
1.2.3.4 443" (I've appended the cache.log from the start, through the
crash to the next start)

2014/11/11 00:14:02 kid1| Starting Squid Cache version 3.4.9 for
x86_64-redhat-linux-gnu...
2014/11/11 00:14:02 kid1| Process ID 25288
2014/11/11 00:14:02 kid1| Process Roles: worker
2014/11/11 00:14:02 kid1| With 16384 file descriptors available
2014/11/11 00:14:02 kid1| Initializing IP Cache...
2014/11/11 00:14:02 kid1| DNS Socket created at 0.0.0.0, FD 7
2014/11/11 00:14:02 kid1| Adding domain xx.org from /etc/resolv.conf
2014/11/11 00:14:02 kid1| Adding nameserver 127.0.0.1 from /etc/resolv.conf
2014/11/11 00:14:02 kid1| helperOpenServers: Starting 5/32 'ssl_crtd'
processes
2014/11/11 00:14:02 kid1| helperOpenServers: Starting 5/20 'squidguard'
processes
2014/11/11 00:14:02 kid1| Logfile: opening log
daemon:/var/log/squid/access.log
2014/11/11 00:14:02 kid1| Logfile Daemon: opening log
/var/log/squid/access.log
2014/11/11 00:14:02 kid1| Unlinkd pipe opened on FD 33
2014/11/11 00:14:02 kid1| Local cache digest enabled; rebuild/rewrite
every 3600/3600 sec
2014/11/11 00:14:02 kid1| Store logging disabled
2014/11/11 00:14:02 kid1| Swap maxSize 1024000 + 524288 KB, estimated
119099 objects
2014/11/11 00:14:02 kid1| Target number of buckets: 5954
2014/11/11 00:14:02 kid1| Using 8192 Store buckets
2014/11/11 00:14:02 kid1| Max Mem  size: 524288 KB
2014/11/11 00:14:02 kid1| Max Swap size: 1024000 KB
2014/11/11 00:14:02 kid1| Rebuilding storage in /var/spool/squid (clean log)
2014/11/11 00:14:02 kid1| Using Least Load store dir selection
2014/11/11 00:14:02 kid1| Set Current Directory to /var/spool/squid
2014/11/11 00:14:02 kid1| Finished loading MIME types and icons.
2014/11/11 00:14:02 kid1| HTCP Disabled.
2014/11/11 00:14:02 kid1| Squid plugin modules loaded: 0
2014/11/11 00:14:02 kid1| Adaptation support is off.
2014/11/11 00:14:02 kid1| Accepting HTTP Socket connections at
local=0.0.0.0:3128 remote=[::] FD 36 flags=9
2014/11/11 00:14:02 kid1| Accepting SSL bumped HTTP Socket connections
at local=0.0.0.0:3126 remote=[::] FD 37 flags=9
2014/11/11 00:14:02 kid1| Accepting NAT intercepted HTTP Socket
connections at local=0.0.0.0:3129 remote=[::] FD 38 flags=41
2014/11/11 00:14:02 kid1| Accepting NAT intercepted SSL bumped HTTPS
Socket connections at local=0.0.0.0:3127 remote=[::] FD 39 flags=41
2014/11/11 00:14:02 kid1| Store rebuilding is 42.19% complete
2014/11/11 00:14:02 kid1| Done reading /var/spool/squid swaplog (9479
entries)
2014/11/11 00:14:02 kid1| Finished rebuilding storage from disk.
2014/11/11 00:14:02 kid1|      9479 Entries scanned
2014/11/11 00:14:02 kid1|         0 Invalid entries.
2014/11/11 00:14:02 kid1|         0 With invalid flags.
2014/11/11 00:14:02 kid1|      9479 Objects loaded.
2014/11/11 00:14:02 kid1|         0 Objects expired.
2014/11/11 00:14:02 kid1|         0 Objects cancelled.
2014/11/11 00:14:02 kid1|         0 Duplicate URLs purged.
2014/11/11 00:14:02 kid1|         0 Swapfile clashes avoided.
2014/11/11 00:14:02 kid1|   Took 0.06 seconds (147560.63 objects/sec).
2014/11/11 00:14:02 kid1| Beginning Validation Procedure
2014/11/11 00:14:02 kid1|   Completed Validation Procedure
2014/11/11 00:14:02 kid1|   Validated 9479 Entries
2014/11/11 00:14:02 kid1|   store_swap_size = 920980.00 KB
2014/11/11 00:14:03 kid1| storeLateRelease: released 0 objects
2014/11/11 00:14:09 kid1| Closing HTTP port 0.0.0.0:3128
2014/11/11 00:14:09 kid1| Closing HTTP port 0.0.0.0:3126
2014/11/11 00:14:09 kid1| Closing HTTP port 0.0.0.0:3129
2014/11/11 00:14:09 kid1| Closing HTTPS port 0.0.0.0:3127
FATAL: xstrdup: tried to dup a NULL pointer!

Squid Cache (Version 3.4.9): Terminated abnormally.
CPU Usage: 0.077 seconds = 0.054 user + 0.023 sys
Maximum Resident Size: 70912 KB
Page faults with physical i/o: 0
Memory usage for squid via mallinfo():
    total space in arena:    9328 KB
    Ordinary blocks:         9228 KB      5 blks
    Small blocks:               0 KB      1 blks
    Holding blocks:         10068 KB      6 blks
    Free Small blocks:          0 KB
    Free Ordinary blocks:      99 KB
    Total in use:           19296 KB 207%
    Total free:                99 KB 1%
2014/11/11 00:14:09 kid1| storeDirWriteCleanLogs: Starting...
2014/11/11 00:14:09 kid1|   Finished.  Wrote 9479 entries.
2014/11/11 00:14:09 kid1|   Took 0.04 seconds (240455.59 entries/sec).
2014/11/11 00:14:12 kid1| Set Current Directory to /var/spool/squid
2014/11/11 00:14:12 kid1| Starting Squid Cache version 3.4.9 for
x86_64-redhat-linux-gnu...

--
Cheers

Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1


_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux