ssl_crtd crash and restart squid often appears in old my
squid3.2.3, after upgrade to 3.2.13. This situation continues, twice a
day or so, but will not lead to restart.
In my squid3.2.13 cache log, double ssl_crtd exited everytime:
(ssl_crtd): Cannot create ssl certificate or private key.
2013/08/26 09:16:17 kid1| WARNING: ssl_crtd #2 exited
2013/08/26 09:16:17 kid1| Too few ssl_crtd processes are running (need 3/32)
2013/08/26 09:16:17 kid1| Starting new helpers
2013/08/26 09:16:17 kid1| helperOpenServers: Starting 3/32 'ssl_crtd' processes
(ssl_crtd): Cannot create ssl certificate or private key.
2013/08/26 09:16:18 kid1| "ssl_crtd" helper return <NULL> reply
2013/08/26 09:16:18 kid1| WARNING: ssl_crtd #1 exited
2013/08/26 09:16:18 kid1| Too few ssl_crtd processes are running (need 3/32)
2013/08/26 09:16:18 kid1| Starting new helpers
2013/08/26 09:16:18 kid1| helperOpenServers: Starting 3/32 'ssl_crtd' processes
2013/08/26 09:16:18 kid1| "ssl_crtd" helper return <NULL> reply
My Conf:
http_port 3128 ssl-bump generate-host-certificates=on
dynamic_cert_mem_cache_size=4MB cert=/usr/local/squid/etc/cert.pem
key=/usr/local/squid/etc/key.pem
ssl_bump deny localhost
#some site I don't want to ssl_bump
ssl_bump deny brokenssldst
ssl_bump deny denysslbumpsite
ssl_bump allow all
#some site with broken certificate, but I need to ssl_bump
sslproxy_cert_error allow brokensslsite
sslproxy_cert_error deny all
sslcrtd_program /usr/local/squid/libexec/ssl_crtd -s
/usr/local/squid/var/ssldb -M 4MB -b 4096
sslcrtd_children 32 startup=5 idle=3
#running another simple squid on localhost for local and another squid.
cache_peer server1.***.*** parent 3129 0 no-query no-digest no-netdb-exchange
# I allow ssl bumped connections through parrent proxy through modify
forward.cc for myself. Because I think local to local is safe.
nonhierarchical_direct off
prefer_direct off
#if those site I don't want to ssl_bump, must directly out.
always_direct allow brokensslsite
never_direct allow all
I don't know why ssl_crtd exited, and how to set up debug level? I
can't find any ssl_crtd debug level document. Related to allow ssl
bumped connections through parrent proxy?
-- Regards, John XueReceived on Mon Aug 26 2013 - 02:41:57 MDT
This archive was generated by hypermail 2.2.0 : Mon Aug 26 2013 - 12:00:14 MDT