Search squid archive

Squid 3.4.10 and sslcrtd

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi

I'd like to know if I understand Squid documentation properly.
I have following http_port and sslbump configuration:

http_port 127.0.0.1:3128 ssl-bump generate-host-certificates=off cert=/var/spool/squid/ssl_cert/squid_ca.pem
ssl_bump server-first all

From documentation:
generate-host-certificates[=<on|off>]
Dynamically create SSL server certificates for the destination hosts of bumped CONNECT requests. When enabled, the cert and key options are used to sign generated certificates. Otherwise generated certificate will be selfsigned.

I guess, that means, if generate-host-certificates=off, there is no need for sslcrtd_program. Do I understand this correctly?

Unfortunately, Squid exits with fatal error when trying to start without sslcrtd_program configuration option.

2015/05/18 11:10:40 kid1| Accepting SSL bumped HTTP Socket connections at local=127.0.0.1:3128 remote=[::] FD 27 flags=9
2015/05/18 11:10:40 kid1| Done reading /var/spool/squid swaplog (0 entries)
2015/05/18 11:10:40 kid1| Store rebuilding is 0.00% complete
2015/05/18 11:10:40 kid1| Finished rebuilding storage from disk.
2015/05/18 11:10:40 kid1|         0 Entries scanned
2015/05/18 11:10:40 kid1|         0 Invalid entries.
2015/05/18 11:10:40 kid1|         0 With invalid flags.
2015/05/18 11:10:40 kid1|         0 Objects loaded.
2015/05/18 11:10:40 kid1|         0 Objects expired.
2015/05/18 11:10:40 kid1|         0 Objects cancelled.
2015/05/18 11:10:40 kid1|         0 Duplicate URLs purged.
2015/05/18 11:10:40 kid1|         0 Swapfile clashes avoided.
2015/05/18 11:10:40 kid1|   Took 0.01 seconds (  0.00 objects/sec).
2015/05/18 11:10:40 kid1| Beginning Validation Procedure
2015/05/18 11:10:40 kid1|   Completed Validation Procedure
2015/05/18 11:10:40 kid1|   Validated 0 Entries
2015/05/18 11:10:40 kid1|   store_swap_size = 0.00 KB
2015/05/18 11:10:40 kid1| WARNING: ssl_crtd #Hlpr0 exited
2015/05/18 11:10:40 kid1| Too few ssl_crtd processes are running (need 1/32)
2015/05/18 11:10:40 kid1| Closing HTTP port 127.0.0.1:3128
2015/05/18 11:10:40 kid1| storeDirWriteCleanLogs: Starting...
2015/05/18 11:10:40 kid1|   Finished.  Wrote 0 entries.
2015/05/18 11:10:40 kid1|   Took 0.00 seconds (  0.00 entries/sec).
FATAL: The ssl_crtd helpers are crashing too rapidly, need help!

Why does it still need sslcrtd_program? Note that error message WARNING: ssl_crtd #Hlpr0 exited is misleading, because currently, all sslcrtd related configuration options are commented out and none of the ssl_crtd processes are started.

Best regards,
Veiko
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users





[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux