Hi
I'd like to know if I understand Squid documentation properly.
I have following http_port and sslbump configuration:
http_port 127.0.0.1:3128 ssl-bump generate-host-certificates=off
cert=/var/spool/squid/ssl_cert/squid_ca.pem
ssl_bump server-first all
From documentation:
generate-host-certificates[=<on|off>]
Dynamically create SSL server certificates for the destination hosts of
bumped CONNECT requests. When enabled, the cert and key options are used
to sign generated certificates. Otherwise generated certificate will be
selfsigned.
I guess, that means, if generate-host-certificates=off, there is no need
for sslcrtd_program. Do I understand this correctly?
Unfortunately, Squid exits with fatal error when trying to start without
sslcrtd_program configuration option.
2015/05/18 11:10:40 kid1| Accepting SSL bumped HTTP Socket connections
at local=127.0.0.1:3128 remote=[::] FD 27 flags=9
2015/05/18 11:10:40 kid1| Done reading /var/spool/squid swaplog (0 entries)
2015/05/18 11:10:40 kid1| Store rebuilding is 0.00% complete
2015/05/18 11:10:40 kid1| Finished rebuilding storage from disk.
2015/05/18 11:10:40 kid1| 0 Entries scanned
2015/05/18 11:10:40 kid1| 0 Invalid entries.
2015/05/18 11:10:40 kid1| 0 With invalid flags.
2015/05/18 11:10:40 kid1| 0 Objects loaded.
2015/05/18 11:10:40 kid1| 0 Objects expired.
2015/05/18 11:10:40 kid1| 0 Objects cancelled.
2015/05/18 11:10:40 kid1| 0 Duplicate URLs purged.
2015/05/18 11:10:40 kid1| 0 Swapfile clashes avoided.
2015/05/18 11:10:40 kid1| Took 0.01 seconds ( 0.00 objects/sec).
2015/05/18 11:10:40 kid1| Beginning Validation Procedure
2015/05/18 11:10:40 kid1| Completed Validation Procedure
2015/05/18 11:10:40 kid1| Validated 0 Entries
2015/05/18 11:10:40 kid1| store_swap_size = 0.00 KB
2015/05/18 11:10:40 kid1| WARNING: ssl_crtd #Hlpr0 exited
2015/05/18 11:10:40 kid1| Too few ssl_crtd processes are running (need 1/32)
2015/05/18 11:10:40 kid1| Closing HTTP port 127.0.0.1:3128
2015/05/18 11:10:40 kid1| storeDirWriteCleanLogs: Starting...
2015/05/18 11:10:40 kid1| Finished. Wrote 0 entries.
2015/05/18 11:10:40 kid1| Took 0.00 seconds ( 0.00 entries/sec).
FATAL: The ssl_crtd helpers are crashing too rapidly, need help!
Why does it still need sslcrtd_program? Note that error message WARNING:
ssl_crtd #Hlpr0 exited is misleading, because currently, all sslcrtd
related configuration options are commented out and none of the ssl_crtd
processes are started.
Best regards,
Veiko
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users