squid mitm

Niels Hofmans <hello@xxxxxxxxxxx> · Thu, 19 Nov 2020 12:45:28 +0100

Hello Amos,
I am using the latest squid release on alpine, which is 4.13-r0.
After using the exact command openssl req -new -newkey rsa:2048 -sha256 -days 365 -nodes -x509 -extensions v3_ca -keyout ca.pem  -out ca.pem I still receive this error.

Since it’s a debug cert, I gisted it here: https://gist.githubusercontent.com/hazcod/530ae4ad467d8ed3de6621ba04dddc79/raw/fe62ab6b71f888dd890aded2d61c7c798747a665/ca.pem

strace excerpt:

proxy_1       | [00] brk(0x55e41021f000)                     = 0x55e41021f000
proxy_1       | [00] read(3, "", 1024)                       = 0
proxy_1       | [00] close(3)                                = 0
proxy_1       | [00] brk(0x55e410220000)                     = 0x55e410220000
proxy_1       | [00] getuid()                                = 0
proxy_1       | [00] geteuid()                               = 0
proxy_1       | [00] getgid()                                = 0
proxy_1       | [00] getegid()                               = 0
proxy_1       | [00] open("/ca.pem", O_RDONLY)               = -1 EACCES (Permission denied)
proxy_1       | [00] open("/ca.pem", O_RDONLY)               = -1 EACCES (Permission denied)
proxy_1       | [00] geteuid()                               = 0
proxy_1       | [00] rt_sigprocmask(SIG_BLOCK, ~[RTMIN RT_1 RT_2], [], 8) = 0
proxy_1       | [00] rt_sigprocmask(SIG_BLOCK, ~[], NULL, 8) = 0
proxy_1       | [00] setgid(1000)                            = 0
proxy_1       | [00] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
proxy_1       | [00] socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC, 0) = 3
proxy_1       | [00] connect(3, {sa_family=AF_UNIX, sun_path="/var/run/nscd/socket"}, 24) = -1 ENOENT (No such file or directory)
proxy_1       | [00] close(3)                                = 0
proxy_1       | [00] open("/etc/group", O_RDONLY|O_CLOEXEC)  = 3
proxy_1       | [00] fcntl(3, F_SETFD, FD_CLOEXEC)           = 0
proxy_1       | [00] fcntl(3, F_SETFD, FD_CLOEXEC)           = 0
proxy_1       | [00] read(3, "root:x:0:root\napp:x:1000:\ndnscac"..., 1024) = 88
proxy_1       | [00] read(3, "", 1024)                       = 0
proxy_1       | [00] close(3)                                = 0
proxy_1       | [00] setgroups(1, [1000])                    = 0
proxy_1       | [00] rt_sigprocmask(SIG_BLOCK, ~[RTMIN RT_1 RT_2], [], 8) = 0
proxy_1       | [00] rt_sigprocmask(SIG_BLOCK, ~[], NULL, 8) = 0
proxy_1       | [00] setresuid(1000, 1000, 0)                = 0
proxy_1       | [00] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
proxy_1       | [00] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=0}, NULL) = 0
proxy_1       | [00] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=0}, {effective=0, permitted=1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_NET_BIND_SERVICE|1<<CAP_SYS_PTRACE, inheritable=1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_NET_BIND_SERVICE|1<<CAP_SYS_PTRACE}) = 0
proxy_1       | [00] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=0}, {effective=1<<CAP_NET_BIND_SERVICE, permitted=1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_NET_BIND_SERVICE|1<<CAP_SYS_PTRACE, inheritable=1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_NET_BIND_SERVICE|1<<CAP_SYS_PTRACE}) = 0
proxy_1       | [00] prctl(PR_SET_DUMPABLE, SUID_DUMP_USER)  = 0
proxy_1       | [00] writev(2, [{iov_base="2020/11/19 11:44:20| ", iov_len=21}, {iov_base="FATAL: No valid signing certific"..., iov_len=73}], 22020/11/19 11:44:20| FATAL: No valid signing certificate configured for HTTP_port 0.0.0.0:3128) = 94
proxy_1       | [00] writev(2, [{iov_base="\n", iov_len=1}, {iov_base=NULL, iov_len=0}], 2
proxy_1       | [00] ) = 1
proxy_1       | [00] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 3
proxy_1       | [00] connect(3, {sa_family=AF_UNIX, sun_path="/dev/log"}, 12) = -1 ENOENT (No such file or directory)
proxy_1       | [00] sendto(3, "<9>Nov 19 11:44:20 : FATAL: No v"..., 95, 0, NULL, 0) = -1 ENOTCONN (Socket not connected)
proxy_1       | [00] connect(3, {sa_family=AF_UNIX, sun_path="/dev/log"}, 12) = -1 ENOENT (No such file or directory)
proxy_1       | [00] writev(2, [{iov_base="2020/11/19 11:44:20| Squid Cache"..., iov_len=72}, {iov_base=NULL, iov_len=0}], 22020/11/19 11:44:20| Squid Cache (Version 4.13): Terminated abnormally.
proxy_1       | [00] ) = 72
proxy_1       | [00] getrusage(RUSAGE_SELF, {ru_utime={tv_sec=0, tv_usec=76197}, ru_stime={tv_sec=0, tv_usec=100984}, ...}) = 0
proxy_1       | [00] writev(2, [{iov_base="CPU Usage: 0.177 seconds = 0.076"..., iov_len=50}, {iov_base=NULL, iov_len=0}], 2CPU Usage: 0.177 seconds = 0.076 user + 0.101 sys
proxy_1       | [00] ) = 50
proxy_1       | [00] writev(2, [{iov_base="Maximum Resident Size: 42304 KB\n", iov_len=32}, {iov_base=NULL, iov_len=0}], 2Maximum Resident Size: 42304 KB
proxy_1       | [00] ) = 32
proxy_1       | [00] writev(2, [{iov_base="Page faults with physical i/o: 0"..., iov_len=33}, {iov_base=NULL, iov_len=0}], 2Page faults with physical i/o: 0
proxy_1       | [00] ) = 33
proxy_1       | [00] rt_sigprocmask(SIG_BLOCK, ~[RTMIN RT_1 RT_2], [], 8) = 0
proxy_1       | [00] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
proxy_1       | [00] rt_sigprocmask(SIG_BLOCK, ~[RTMIN RT_1 RT_2], [], 8) = 0
proxy_1       | [00] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
proxy_1       | [00] rt_sigprocmask(SIG_BLOCK, ~[RTMIN RT_1 RT_2], [], 8) = 0
proxy_1       | [00] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
proxy_1       | [00] rt_sigprocmask(SIG_BLOCK, ~[RTMIN RT_1 RT_2], [], 8) = 0
proxy_1       | [00] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
proxy_1       | [00] exit_group(1)                           = ?
proxy_1       | [00] +++ exited with 1 +++
proxy_1       | [00] (error exit: exit status 1)

-- 
Met vriendelijke groeten,
Niels Hofmans

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users