Search squid archive

Re: assertion failed: store.cc "EBIT_TEST(flags, ENTRY_ABORTED)"

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 04/06/17 19:27, alexander lunev wrote:

Hello everyone!
I have two almost identical cache servers, both FreeBSD 10.3, both running latest squid-3.2.25 from ports in transparent mode, one runs OK and another is throwing this error: 

Do you mean 3.5.25?  (3.2 series ended at 3.2.14)




2017/06/04 10:19:08 kid1| storeLateRelease: released 0 objects
2017/06/04 10:19:19 kid1| assertion failed: store.cc:1086: "EBIT_TEST(flags, ENTRY_ABORTED)"
If you can obtain an updated stack/back-trace from that assertion it would be a help in identifying how it is happening. <http://wiki.squid-cache.org/SquidFaq/BugReporting> has info on how to report this type of bug, and how to obtain traces from production proxies with minimal service impact if you need it. 




After this squid is exiting.

Beside some default configuration config contains:

http_port 127.0.0.1:3127
http_port  127.0.0.1:3128 intercept
https_port 127.0.0.1:3129 intercept ssl-bump options=ALL:NO_SSLv3:NO_SSLv2 connection-auth=off generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/usr/local/etc/squid/squid.pem key=/usr/local/etc/squid/squid.key
sslcrtd_program /usr/local/libexec/squid/ssl_crtd -s /usr/local/etc/squid/ssl_db -M 4MB 
sslcrtd_children 35

cache deny all
url_rewrite_program /usr/local/bin/squidGuard -c /usr/local/etc/squid/squidGuard.conf 


# Leave coredumps in the first cache dir
coredump_dir /var/squid/cache
#ssl_bump client-first all

always_direct allow all
You can/should remove that above line. It is unnecessary for bumping since 3.1 series. 



acl step1 at_step SslBump1
acl ssldomains ssl::server_name "/usr/local/etc/squid/ssldomains.txt"
ssl_bump peek step1
ssl_bump bump ssldomains
ssl_bump splice all

sslproxy_cert_error allow all
sslproxy_flags DONT_VERIFY_PEER
You should definitely remove both the above lines. They are hiding many potential TLS/SSL problems from *you* (not your users). The errors which may appear are real security problems with potentially major impacts on your users. They should usually be solved in ways other than simply hiding ones head in the sand. 




Why is this and how it can be fixed?
Something being cached is not being aborted when it was supposed to have been. More details are needed, please follow the instructions above. 

Amos

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux