ssl_crtd helpers are crashing too rapidly in squid Announcing the arrival of Valued Associate...
Putting Ant-Man on house arrest
tabularx column has extra padding at right?
What's the difference between using dependency injection with a container and using a service locator?
/bin/ls sorts differently than just ls
Can I ask an author to send me his ebook?
"Destructive force" carried by a B-52?
Why do C and C++ allow the expression (int) + 4*5?
Can this water damage be explained by lack of gutters and grading issues?
Why aren't these two solutions equivalent? Combinatorics problem
Does Prince Arnaud cause someone holding the Princess to lose?
Proving inequality for positive definite matrix
lm and glm function in R
Should man-made satellites feature an intelligent inverted "cow catcher"?
Is my guitar’s action too high?
Determine the generator of an ideal of ring of integers
Assertions In A Mock Callout Test
Why doesn't the university give past final exams' answers?
Why does my GNOME settings mention "Moto C Plus"?
Is it OK if I do not take the receipt in Germany?
What is the evidence that custom checks in Northern Ireland are going to result in violence?
Short story about an alien named Ushtu(?) coming from a future Earth, when ours was destroyed by a nuclear explosion
When speaking, how do you change your mind mid-sentence?
Can I take recommendation from someone I met at a conference?
How to create a command for the "strange m" symbol in latex?
ssl_crtd helpers are crashing too rapidly in squid
Announcing the arrival of Valued Associate #679: Cesar Manara
Planned maintenance scheduled April 23, 2019 at 23:30 UTC (7:30pm US/Eastern)
Come Celebrate our 10 Year Anniversary!Squid and SSL Reverse ProxySquid: The request or reply is too largehttps proxying with squid and local CA produced site certificatesCan Squid3 access PHP Helperssquid slow initial webpage loadingSquid upgrade HTTP to HTTPSsquid ssl bump sslv3 enforce to allow old sitesSquid, WCCP and Transparent HTTPSMissing ssl_crtd folder with Squid 3.5.2 / CentOSSquid authentication helpers
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box;
}
I am using the sslBump and Dynamic SSL Certificate Generation features of squid, below is my configuration for the sslBump
sslcrtd_program /usr/lib64/squid/ssl_crtd -s /usr/local/squid/var/lib/ssl_db -M 4MB
sslcrtd_children 5
sslproxy_cert_error allow all
always_direct allow all
ssl_bump client-first all
sslproxy_cert_error allow all
sslproxy_flags DONT_VERIFY_PEER
http_port 3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl/myCA.pem
I am facing below error when i start the squid.
squid -d 23
2014/08/29 16:55:59 kid1| Set Current Directory to /var/cache/squid
2014/08/29 16:55:59 kid1| Starting Squid Cache version 3.4.4.2 for x86_64-redhat-linux-gnu...
2014/08/29 16:55:59 kid1| Process ID 32150
2014/08/29 16:55:59 kid1| Process Roles: worker
2014/08/29 16:55:59 kid1| With 1024 file descriptors available
2014/08/29 16:55:59 kid1| Initializing IP Cache...
2014/08/29 16:55:59 kid1| DNS Socket created at [::], FD 7
2014/08/29 16:55:59 kid1| DNS Socket created at 0.0.0.0, FD 8
2014/08/29 16:55:59 kid1| Adding domain elitecore.co.in from /etc/resolv.conf
2014/08/29 16:55:59 kid1| Adding domain elitecore.co.in from /etc/resolv.conf
2014/08/29 16:55:59 kid1| Adding nameserver 203.88.135.194 from /etc/resolv.conf
2014/08/29 16:55:59 kid1| Adding nameserver 4.2.2.2 from /etc/resolv.conf
2014/08/29 16:55:59 kid1| helperOpenServers: Starting 5/5 'ssl_crtd' processes
2014/08/29 16:55:59.339 kid1| ErrorDetailManager.cc(254) parse: Remain size: 72 Content: name: X509_V_ERR_AKID_SKID_MISMATCH
detail: "%ssl_error_descr: %ssl_subj
2014/08/29 16:55:59.341 kid1| ErrorDetailManager.cc(254) parse: Remain size: 125 Content: name: X509_V_ERR_APPLICATION_VERIFICATION
detail: "%ssl_error_descr: %ssl_subject"
descr: "Application verification failure"
2014/08/29 16:55:59.341 kid1| ErrorDetailManager.cc(254) parse: Remain size: 0 Content:
2014/08/29 16:55:59.341 kid1| Logfile: opening log daemon:/var/log/squid/access.log
2014/08/29 16:55:59.341 kid1| Logfile Daemon: opening log /var/log/squid/access.log
2014/08/29 16:55:59.341 kid1| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec
2014/08/29 16:55:59.341 kid1| Store logging disabled
2014/08/29 16:55:59.341 kid1| Swap maxSize 0 + 262144 KB, estimated 20164 objects
2014/08/29 16:55:59.341 kid1| Target number of buckets: 1008
2014/08/29 16:55:59.341 kid1| Using 8192 Store buckets
2014/08/29 16:55:59.341 kid1| Max Mem size: 262144 KB
2014/08/29 16:55:59.341 kid1| Max Swap size: 0 KB
2014/08/29 16:55:59.341 kid1| Using Least Load store dir selection
2014/08/29 16:55:59.341 kid1| Set Current Directory to /var/cache/squid
k kill2014/08/29 16:55:59.341 kid1| Finished loading MIME types and icons.
2014/08/29 16:55:59.427 kid1| AsyncCall.cc(18) AsyncCall: The AsyncCall clientListenerConnectionOpened constructed, this=0x7ff9b784a900 [call18]
2014/08/29 16:55:59.427 kid1| AsyncCall.cc(85) ScheduleCall: StartListening.cc(56) will call clientListenerConnectionOpened(local=[::]:3128 remote=[::] FD 21 flags=9, err=0, HTTP Socket port=0x7ff9b727c528) [call18]
2014/08/29 16:55:59.427 kid1| HTCP Disabled.
2014/08/29 16:55:59.427 kid1| Squid plugin modules loaded: 0
2014/08/29 16:55:59.427 kid1| Adaptation support is off.
2014/08/29 16:55:59.428 kid1| AsyncCallQueue.cc(51) fireNext: entering clientListenerConnectionOpened(local=[::]:3128 remote=[::] FD 21 flags=9, err=0, HTTP Socket port=0x7ff9b727c528)
2014/08/29 16:55:59.428 kid1| AsyncCall.cc(30) make: make call clientListenerConnectionOpened [call18]
2014/08/29 16:55:59.428 kid1| Accepting SSL bumped HTTP Socket connections at local=[::]:3128 remote=[::] FD 21 flags=9
2014/08/29 16:55:59.429 kid1| AsyncCallQueue.cc(53) fireNext: leaving clientListenerConnectionOpened(local=[::]:3128 remote=[::] FD 21 flags=9, err=0, HTTP Socket port=0x7ff9b727c528)
2014/08/29 16:55:59.429 kid1| WARNING: ssl_crtd #Hlpr0 exited
2014/08/29 16:55:59.429 kid1| Too few ssl_crtd processes are running (need 1/5)
2014/08/29 16:55:59.429 kid1| Closing HTTP port [::]:3128
2014/08/29 16:55:59.429 kid1| storeDirWriteCleanLogs: Starting...
2014/08/29 16:55:59.429 kid1| Finished. Wrote 0 entries.
2014/08/29 16:55:59.429 kid1| Took 0.00 seconds ( 0.00 entries/sec).
FATAL: The ssl_crtd helpers are crashing too rapidly, need help!
2014/08/29 16:55:59.429 kid1| helper.cc(625) helperShutdown: helperShutdown: ssl_crtd #Hlpr0 is CLOSING.
2014/08/29 16:55:59.429 kid1| helper.cc(625) helperShutdown: helperShutdown: ssl_crtd #Hlpr0 is CLOSING.
2014/08/29 16:55:59.429 kid1| helper.cc(625) helperShutdown: helperShutdown: ssl_crtd #Hlpr0 is CLOSING.
2014/08/29 16:55:59.429 kid1| helper.cc(625) helperShutdown: helperShutdown: ssl_crtd #Hlpr0 is CLOSING.
Is there is any configuration change or work around to resolved this error? Tested with RHEL 6.4 and Fedora 18 with squid 3.2.3, 3.4.4, 3.3.1
ssl ssl-certificate squid
asked Aug 29 '14 at 6:21
krupalkrupal
6615
bumped to the homepage by Community♦ 9 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
add a comment |
I am using the sslBump and Dynamic SSL Certificate Generation features of squid, below is my configuration for the sslBump
sslcrtd_program /usr/lib64/squid/ssl_crtd -s /usr/local/squid/var/lib/ssl_db -M 4MB
sslcrtd_children 5
sslproxy_cert_error allow all
always_direct allow all
ssl_bump client-first all
sslproxy_cert_error allow all
sslproxy_flags DONT_VERIFY_PEER
http_port 3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl/myCA.pem
I am facing below error when i start the squid.
squid -d 23
2014/08/29 16:55:59 kid1| Set Current Directory to /var/cache/squid
2014/08/29 16:55:59 kid1| Starting Squid Cache version 3.4.4.2 for x86_64-redhat-linux-gnu...
2014/08/29 16:55:59 kid1| Process ID 32150
2014/08/29 16:55:59 kid1| Process Roles: worker
2014/08/29 16:55:59 kid1| With 1024 file descriptors available
2014/08/29 16:55:59 kid1| Initializing IP Cache...
2014/08/29 16:55:59 kid1| DNS Socket created at [::], FD 7
2014/08/29 16:55:59 kid1| DNS Socket created at 0.0.0.0, FD 8
2014/08/29 16:55:59 kid1| Adding domain elitecore.co.in from /etc/resolv.conf
2014/08/29 16:55:59 kid1| Adding domain elitecore.co.in from /etc/resolv.conf
2014/08/29 16:55:59 kid1| Adding nameserver 203.88.135.194 from /etc/resolv.conf
2014/08/29 16:55:59 kid1| Adding nameserver 4.2.2.2 from /etc/resolv.conf
2014/08/29 16:55:59 kid1| helperOpenServers: Starting 5/5 'ssl_crtd' processes
2014/08/29 16:55:59.339 kid1| ErrorDetailManager.cc(254) parse: Remain size: 72 Content: name: X509_V_ERR_AKID_SKID_MISMATCH
detail: "%ssl_error_descr: %ssl_subj
2014/08/29 16:55:59.341 kid1| ErrorDetailManager.cc(254) parse: Remain size: 125 Content: name: X509_V_ERR_APPLICATION_VERIFICATION
detail: "%ssl_error_descr: %ssl_subject"
descr: "Application verification failure"
2014/08/29 16:55:59.341 kid1| ErrorDetailManager.cc(254) parse: Remain size: 0 Content:
2014/08/29 16:55:59.341 kid1| Logfile: opening log daemon:/var/log/squid/access.log
2014/08/29 16:55:59.341 kid1| Logfile Daemon: opening log /var/log/squid/access.log
2014/08/29 16:55:59.341 kid1| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec
2014/08/29 16:55:59.341 kid1| Store logging disabled
2014/08/29 16:55:59.341 kid1| Swap maxSize 0 + 262144 KB, estimated 20164 objects
2014/08/29 16:55:59.341 kid1| Target number of buckets: 1008
2014/08/29 16:55:59.341 kid1| Using 8192 Store buckets
2014/08/29 16:55:59.341 kid1| Max Mem size: 262144 KB
2014/08/29 16:55:59.341 kid1| Max Swap size: 0 KB
2014/08/29 16:55:59.341 kid1| Using Least Load store dir selection
2014/08/29 16:55:59.341 kid1| Set Current Directory to /var/cache/squid
k kill2014/08/29 16:55:59.341 kid1| Finished loading MIME types and icons.
2014/08/29 16:55:59.427 kid1| AsyncCall.cc(18) AsyncCall: The AsyncCall clientListenerConnectionOpened constructed, this=0x7ff9b784a900 [call18]
2014/08/29 16:55:59.427 kid1| AsyncCall.cc(85) ScheduleCall: StartListening.cc(56) will call clientListenerConnectionOpened(local=[::]:3128 remote=[::] FD 21 flags=9, err=0, HTTP Socket port=0x7ff9b727c528) [call18]
2014/08/29 16:55:59.427 kid1| HTCP Disabled.
2014/08/29 16:55:59.427 kid1| Squid plugin modules loaded: 0
2014/08/29 16:55:59.427 kid1| Adaptation support is off.
2014/08/29 16:55:59.428 kid1| AsyncCallQueue.cc(51) fireNext: entering clientListenerConnectionOpened(local=[::]:3128 remote=[::] FD 21 flags=9, err=0, HTTP Socket port=0x7ff9b727c528)
2014/08/29 16:55:59.428 kid1| AsyncCall.cc(30) make: make call clientListenerConnectionOpened [call18]
2014/08/29 16:55:59.428 kid1| Accepting SSL bumped HTTP Socket connections at local=[::]:3128 remote=[::] FD 21 flags=9
2014/08/29 16:55:59.429 kid1| AsyncCallQueue.cc(53) fireNext: leaving clientListenerConnectionOpened(local=[::]:3128 remote=[::] FD 21 flags=9, err=0, HTTP Socket port=0x7ff9b727c528)
2014/08/29 16:55:59.429 kid1| WARNING: ssl_crtd #Hlpr0 exited
2014/08/29 16:55:59.429 kid1| Too few ssl_crtd processes are running (need 1/5)
2014/08/29 16:55:59.429 kid1| Closing HTTP port [::]:3128
2014/08/29 16:55:59.429 kid1| storeDirWriteCleanLogs: Starting...
2014/08/29 16:55:59.429 kid1| Finished. Wrote 0 entries.
2014/08/29 16:55:59.429 kid1| Took 0.00 seconds ( 0.00 entries/sec).
FATAL: The ssl_crtd helpers are crashing too rapidly, need help!
2014/08/29 16:55:59.429 kid1| helper.cc(625) helperShutdown: helperShutdown: ssl_crtd #Hlpr0 is CLOSING.
2014/08/29 16:55:59.429 kid1| helper.cc(625) helperShutdown: helperShutdown: ssl_crtd #Hlpr0 is CLOSING.
2014/08/29 16:55:59.429 kid1| helper.cc(625) helperShutdown: helperShutdown: ssl_crtd #Hlpr0 is CLOSING.
2014/08/29 16:55:59.429 kid1| helper.cc(625) helperShutdown: helperShutdown: ssl_crtd #Hlpr0 is CLOSING.
Is there is any configuration change or work around to resolved this error? Tested with RHEL 6.4 and Fedora 18 with squid 3.2.3, 3.4.4, 3.3.1
ssl ssl-certificate squid
asked Aug 29 '14 at 6:21
krupalkrupal
6615
bumped to the homepage by Community♦ 9 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
try also posting on squid-users mailing lists. they are very responsive. squid-cache.org/Support/mailing-lists.html
– Costin Gușă
Sep 8 '14 at 22:47
add a comment |
I am using the sslBump and Dynamic SSL Certificate Generation features of squid, below is my configuration for the sslBump
sslcrtd_program /usr/lib64/squid/ssl_crtd -s /usr/local/squid/var/lib/ssl_db -M 4MB
sslcrtd_children 5
sslproxy_cert_error allow all
always_direct allow all
ssl_bump client-first all
sslproxy_cert_error allow all
sslproxy_flags DONT_VERIFY_PEER
http_port 3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl/myCA.pem
I am facing below error when i start the squid.
squid -d 23
2014/08/29 16:55:59 kid1| Set Current Directory to /var/cache/squid
2014/08/29 16:55:59 kid1| Starting Squid Cache version 3.4.4.2 for x86_64-redhat-linux-gnu...
2014/08/29 16:55:59 kid1| Process ID 32150
2014/08/29 16:55:59 kid1| Process Roles: worker
2014/08/29 16:55:59 kid1| With 1024 file descriptors available
2014/08/29 16:55:59 kid1| Initializing IP Cache...
2014/08/29 16:55:59 kid1| DNS Socket created at [::], FD 7
2014/08/29 16:55:59 kid1| DNS Socket created at 0.0.0.0, FD 8
2014/08/29 16:55:59 kid1| Adding domain elitecore.co.in from /etc/resolv.conf
2014/08/29 16:55:59 kid1| Adding domain elitecore.co.in from /etc/resolv.conf
2014/08/29 16:55:59 kid1| Adding nameserver 203.88.135.194 from /etc/resolv.conf
2014/08/29 16:55:59 kid1| Adding nameserver 4.2.2.2 from /etc/resolv.conf
2014/08/29 16:55:59 kid1| helperOpenServers: Starting 5/5 'ssl_crtd' processes
2014/08/29 16:55:59.339 kid1| ErrorDetailManager.cc(254) parse: Remain size: 72 Content: name: X509_V_ERR_AKID_SKID_MISMATCH
detail: "%ssl_error_descr: %ssl_subj
2014/08/29 16:55:59.341 kid1| ErrorDetailManager.cc(254) parse: Remain size: 125 Content: name: X509_V_ERR_APPLICATION_VERIFICATION
detail: "%ssl_error_descr: %ssl_subject"
descr: "Application verification failure"
2014/08/29 16:55:59.341 kid1| ErrorDetailManager.cc(254) parse: Remain size: 0 Content:
2014/08/29 16:55:59.341 kid1| Logfile: opening log daemon:/var/log/squid/access.log
2014/08/29 16:55:59.341 kid1| Logfile Daemon: opening log /var/log/squid/access.log
2014/08/29 16:55:59.341 kid1| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec
2014/08/29 16:55:59.341 kid1| Store logging disabled
2014/08/29 16:55:59.341 kid1| Swap maxSize 0 + 262144 KB, estimated 20164 objects
2014/08/29 16:55:59.341 kid1| Target number of buckets: 1008
2014/08/29 16:55:59.341 kid1| Using 8192 Store buckets
2014/08/29 16:55:59.341 kid1| Max Mem size: 262144 KB
2014/08/29 16:55:59.341 kid1| Max Swap size: 0 KB
2014/08/29 16:55:59.341 kid1| Using Least Load store dir selection
2014/08/29 16:55:59.341 kid1| Set Current Directory to /var/cache/squid
k kill2014/08/29 16:55:59.341 kid1| Finished loading MIME types and icons.
2014/08/29 16:55:59.427 kid1| AsyncCall.cc(18) AsyncCall: The AsyncCall clientListenerConnectionOpened constructed, this=0x7ff9b784a900 [call18]
2014/08/29 16:55:59.427 kid1| AsyncCall.cc(85) ScheduleCall: StartListening.cc(56) will call clientListenerConnectionOpened(local=[::]:3128 remote=[::] FD 21 flags=9, err=0, HTTP Socket port=0x7ff9b727c528) [call18]
2014/08/29 16:55:59.427 kid1| HTCP Disabled.
2014/08/29 16:55:59.427 kid1| Squid plugin modules loaded: 0
2014/08/29 16:55:59.427 kid1| Adaptation support is off.
2014/08/29 16:55:59.428 kid1| AsyncCallQueue.cc(51) fireNext: entering clientListenerConnectionOpened(local=[::]:3128 remote=[::] FD 21 flags=9, err=0, HTTP Socket port=0x7ff9b727c528)
2014/08/29 16:55:59.428 kid1| AsyncCall.cc(30) make: make call clientListenerConnectionOpened [call18]
2014/08/29 16:55:59.428 kid1| Accepting SSL bumped HTTP Socket connections at local=[::]:3128 remote=[::] FD 21 flags=9
2014/08/29 16:55:59.429 kid1| AsyncCallQueue.cc(53) fireNext: leaving clientListenerConnectionOpened(local=[::]:3128 remote=[::] FD 21 flags=9, err=0, HTTP Socket port=0x7ff9b727c528)
2014/08/29 16:55:59.429 kid1| WARNING: ssl_crtd #Hlpr0 exited
2014/08/29 16:55:59.429 kid1| Too few ssl_crtd processes are running (need 1/5)
2014/08/29 16:55:59.429 kid1| Closing HTTP port [::]:3128
2014/08/29 16:55:59.429 kid1| storeDirWriteCleanLogs: Starting...
2014/08/29 16:55:59.429 kid1| Finished. Wrote 0 entries.
2014/08/29 16:55:59.429 kid1| Took 0.00 seconds ( 0.00 entries/sec).
FATAL: The ssl_crtd helpers are crashing too rapidly, need help!
2014/08/29 16:55:59.429 kid1| helper.cc(625) helperShutdown: helperShutdown: ssl_crtd #Hlpr0 is CLOSING.
2014/08/29 16:55:59.429 kid1| helper.cc(625) helperShutdown: helperShutdown: ssl_crtd #Hlpr0 is CLOSING.
2014/08/29 16:55:59.429 kid1| helper.cc(625) helperShutdown: helperShutdown: ssl_crtd #Hlpr0 is CLOSING.
2014/08/29 16:55:59.429 kid1| helper.cc(625) helperShutdown: helperShutdown: ssl_crtd #Hlpr0 is CLOSING.
Is there is any configuration change or work around to resolved this error? Tested with RHEL 6.4 and Fedora 18 with squid 3.2.3, 3.4.4, 3.3.1
ssl ssl-certificate squid
asked Aug 29 '14 at 6:21
krupalkrupal
6615
I am using the sslBump and Dynamic SSL Certificate Generation features of squid, below is my configuration for the sslBump
sslcrtd_program /usr/lib64/squid/ssl_crtd -s /usr/local/squid/var/lib/ssl_db -M 4MB
sslcrtd_children 5
sslproxy_cert_error allow all
always_direct allow all
ssl_bump client-first all
sslproxy_cert_error allow all
sslproxy_flags DONT_VERIFY_PEER
http_port 3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl/myCA.pem
I am facing below error when i start the squid.
squid -d 23
2014/08/29 16:55:59 kid1| Set Current Directory to /var/cache/squid
2014/08/29 16:55:59 kid1| Starting Squid Cache version 3.4.4.2 for x86_64-redhat-linux-gnu...
2014/08/29 16:55:59 kid1| Process ID 32150
2014/08/29 16:55:59 kid1| Process Roles: worker
2014/08/29 16:55:59 kid1| With 1024 file descriptors available
2014/08/29 16:55:59 kid1| Initializing IP Cache...
2014/08/29 16:55:59 kid1| DNS Socket created at [::], FD 7
2014/08/29 16:55:59 kid1| DNS Socket created at 0.0.0.0, FD 8
2014/08/29 16:55:59 kid1| Adding domain elitecore.co.in from /etc/resolv.conf
2014/08/29 16:55:59 kid1| Adding domain elitecore.co.in from /etc/resolv.conf
2014/08/29 16:55:59 kid1| Adding nameserver 203.88.135.194 from /etc/resolv.conf
2014/08/29 16:55:59 kid1| Adding nameserver 4.2.2.2 from /etc/resolv.conf
2014/08/29 16:55:59 kid1| helperOpenServers: Starting 5/5 'ssl_crtd' processes
2014/08/29 16:55:59.339 kid1| ErrorDetailManager.cc(254) parse: Remain size: 72 Content: name: X509_V_ERR_AKID_SKID_MISMATCH
detail: "%ssl_error_descr: %ssl_subj
2014/08/29 16:55:59.341 kid1| ErrorDetailManager.cc(254) parse: Remain size: 125 Content: name: X509_V_ERR_APPLICATION_VERIFICATION
detail: "%ssl_error_descr: %ssl_subject"
descr: "Application verification failure"
2014/08/29 16:55:59.341 kid1| ErrorDetailManager.cc(254) parse: Remain size: 0 Content:
2014/08/29 16:55:59.341 kid1| Logfile: opening log daemon:/var/log/squid/access.log
2014/08/29 16:55:59.341 kid1| Logfile Daemon: opening log /var/log/squid/access.log
2014/08/29 16:55:59.341 kid1| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec
2014/08/29 16:55:59.341 kid1| Store logging disabled
2014/08/29 16:55:59.341 kid1| Swap maxSize 0 + 262144 KB, estimated 20164 objects
2014/08/29 16:55:59.341 kid1| Target number of buckets: 1008
2014/08/29 16:55:59.341 kid1| Using 8192 Store buckets
2014/08/29 16:55:59.341 kid1| Max Mem size: 262144 KB
2014/08/29 16:55:59.341 kid1| Max Swap size: 0 KB
2014/08/29 16:55:59.341 kid1| Using Least Load store dir selection
2014/08/29 16:55:59.341 kid1| Set Current Directory to /var/cache/squid
k kill2014/08/29 16:55:59.341 kid1| Finished loading MIME types and icons.
2014/08/29 16:55:59.427 kid1| AsyncCall.cc(18) AsyncCall: The AsyncCall clientListenerConnectionOpened constructed, this=0x7ff9b784a900 [call18]
2014/08/29 16:55:59.427 kid1| AsyncCall.cc(85) ScheduleCall: StartListening.cc(56) will call clientListenerConnectionOpened(local=[::]:3128 remote=[::] FD 21 flags=9, err=0, HTTP Socket port=0x7ff9b727c528) [call18]
2014/08/29 16:55:59.427 kid1| HTCP Disabled.
2014/08/29 16:55:59.427 kid1| Squid plugin modules loaded: 0
2014/08/29 16:55:59.427 kid1| Adaptation support is off.
2014/08/29 16:55:59.428 kid1| AsyncCallQueue.cc(51) fireNext: entering clientListenerConnectionOpened(local=[::]:3128 remote=[::] FD 21 flags=9, err=0, HTTP Socket port=0x7ff9b727c528)
2014/08/29 16:55:59.428 kid1| AsyncCall.cc(30) make: make call clientListenerConnectionOpened [call18]
2014/08/29 16:55:59.428 kid1| Accepting SSL bumped HTTP Socket connections at local=[::]:3128 remote=[::] FD 21 flags=9
2014/08/29 16:55:59.429 kid1| AsyncCallQueue.cc(53) fireNext: leaving clientListenerConnectionOpened(local=[::]:3128 remote=[::] FD 21 flags=9, err=0, HTTP Socket port=0x7ff9b727c528)
2014/08/29 16:55:59.429 kid1| WARNING: ssl_crtd #Hlpr0 exited
2014/08/29 16:55:59.429 kid1| Too few ssl_crtd processes are running (need 1/5)
2014/08/29 16:55:59.429 kid1| Closing HTTP port [::]:3128
2014/08/29 16:55:59.429 kid1| storeDirWriteCleanLogs: Starting...
2014/08/29 16:55:59.429 kid1| Finished. Wrote 0 entries.
2014/08/29 16:55:59.429 kid1| Took 0.00 seconds ( 0.00 entries/sec).
FATAL: The ssl_crtd helpers are crashing too rapidly, need help!
2014/08/29 16:55:59.429 kid1| helper.cc(625) helperShutdown: helperShutdown: ssl_crtd #Hlpr0 is CLOSING.
2014/08/29 16:55:59.429 kid1| helper.cc(625) helperShutdown: helperShutdown: ssl_crtd #Hlpr0 is CLOSING.
2014/08/29 16:55:59.429 kid1| helper.cc(625) helperShutdown: helperShutdown: ssl_crtd #Hlpr0 is CLOSING.
2014/08/29 16:55:59.429 kid1| helper.cc(625) helperShutdown: helperShutdown: ssl_crtd #Hlpr0 is CLOSING.
Is there is any configuration change or work around to resolved this error? Tested with RHEL 6.4 and Fedora 18 with squid 3.2.3, 3.4.4, 3.3.1
ssl ssl-certificate squid
ssl ssl-certificate squid
asked Aug 29 '14 at 6:21
krupalkrupal
6615
asked Aug 29 '14 at 6:21
krupalkrupal
6615
asked Aug 29 '14 at 6:21
krupalkrupal
6615
asked Aug 29 '14 at 6:21
krupalkrupal
6615
asked Aug 29 '14 at 6:21
krupalkrupal
6615
6615
bumped to the homepage by Community♦ 9 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
bumped to the homepage by Community♦ 9 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
try also posting on squid-users mailing lists. they are very responsive. squid-cache.org/Support/mailing-lists.html
– Costin Gușă
Sep 8 '14 at 22:47
add a comment |
try also posting on squid-users mailing lists. they are very responsive. squid-cache.org/Support/mailing-lists.html
– Costin Gușă
Sep 8 '14 at 22:47
try also posting on squid-users mailing lists. they are very responsive. squid-cache.org/Support/mailing-lists.html
– Costin Gușă
Sep 8 '14 at 22:47
try also posting on squid-users mailing lists. they are very responsive. squid-cache.org/Support/mailing-lists.html
– Costin Gușă
Sep 8 '14 at 22:47
add a comment |
2 Answers
2
active
oldest
votes
I don't think what you've given us is of much use. It tells us that the helper processes are dying, and that it's happening more or less immediately, but doesn't tell us why they are dying.
You might get some clues using strace and/or ltrace. Trace the parent process (probably squid, and forked child processes. (eg strace -f -p PID or strace -ff -p PID). That's likely to show you what those processes are doing immediately before they crash. Try ltrace if strace doesn't give you something useful, but usually strace gives you what you need.
answered Sep 9 '14 at 17:47
mc0emc0e
5,3641127
add a comment |
This can be caused by an unitialized ssl_db in squid which can be created with:
ssl_crtd=$(find /usr -type f -name ssl_crtd)
$ssl_crtd -c -s /var/lib/ssl_db
chown -R squid /var/lib/ssl_db
& set in /etc/squid/squid.conf
sslcrtd_program /usr/lib/squid/ssl_crtd -s /var/lib/ssl_db -M 4MB
sslcrtd_children 3 startup=1 idle=1
depending on how your squid was built you may also be able to use
security_file_certgen
see also Squid docs for Dynamic SSL Certificate Generation
answered Aug 20 '18 at 11:02
Stuart CardallStuart Cardall
34635
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "2"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f624879%2fssl-crtd-helpers-are-crashing-too-rapidly-in-squid%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
I don't think what you've given us is of much use. It tells us that the helper processes are dying, and that it's happening more or less immediately, but doesn't tell us why they are dying.
You might get some clues using strace and/or ltrace. Trace the parent process (probably squid, and forked child processes. (eg strace -f -p PID or strace -ff -p PID). That's likely to show you what those processes are doing immediately before they crash. Try ltrace if strace doesn't give you something useful, but usually strace gives you what you need.
answered Sep 9 '14 at 17:47
mc0emc0e
5,3641127
add a comment |
I don't think what you've given us is of much use. It tells us that the helper processes are dying, and that it's happening more or less immediately, but doesn't tell us why they are dying.
You might get some clues using strace and/or ltrace. Trace the parent process (probably squid, and forked child processes. (eg strace -f -p PID or strace -ff -p PID). That's likely to show you what those processes are doing immediately before they crash. Try ltrace if strace doesn't give you something useful, but usually strace gives you what you need.
answered Sep 9 '14 at 17:47
mc0emc0e
5,3641127
add a comment |
I don't think what you've given us is of much use. It tells us that the helper processes are dying, and that it's happening more or less immediately, but doesn't tell us why they are dying.
You might get some clues using strace and/or ltrace. Trace the parent process (probably squid, and forked child processes. (eg strace -f -p PID or strace -ff -p PID). That's likely to show you what those processes are doing immediately before they crash. Try ltrace if strace doesn't give you something useful, but usually strace gives you what you need.
answered Sep 9 '14 at 17:47
mc0emc0e
5,3641127
I don't think what you've given us is of much use. It tells us that the helper processes are dying, and that it's happening more or less immediately, but doesn't tell us why they are dying.
You might get some clues using strace and/or ltrace. Trace the parent process (probably squid, and forked child processes. (eg strace -f -p PID or strace -ff -p PID). That's likely to show you what those processes are doing immediately before they crash. Try ltrace if strace doesn't give you something useful, but usually strace gives you what you need.
answered Sep 9 '14 at 17:47
mc0emc0e
5,3641127
edited Sep 9 '14 at 18:07
answered Sep 9 '14 at 17:47
mc0emc0e
5,3641127
answered Sep 9 '14 at 17:47
mc0emc0e
5,3641127
answered Sep 9 '14 at 17:47
mc0emc0e
5,3641127
5,3641127
add a comment |
add a comment |
This can be caused by an unitialized ssl_db in squid which can be created with:
ssl_crtd=$(find /usr -type f -name ssl_crtd)
$ssl_crtd -c -s /var/lib/ssl_db
chown -R squid /var/lib/ssl_db
& set in /etc/squid/squid.conf
sslcrtd_program /usr/lib/squid/ssl_crtd -s /var/lib/ssl_db -M 4MB
sslcrtd_children 3 startup=1 idle=1
depending on how your squid was built you may also be able to use
security_file_certgen
see also Squid docs for Dynamic SSL Certificate Generation
answered Aug 20 '18 at 11:02
Stuart CardallStuart Cardall
34635
add a comment |
This can be caused by an unitialized ssl_db in squid which can be created with:
ssl_crtd=$(find /usr -type f -name ssl_crtd)
$ssl_crtd -c -s /var/lib/ssl_db
chown -R squid /var/lib/ssl_db
& set in /etc/squid/squid.conf
sslcrtd_program /usr/lib/squid/ssl_crtd -s /var/lib/ssl_db -M 4MB
sslcrtd_children 3 startup=1 idle=1
depending on how your squid was built you may also be able to use
security_file_certgen
see also Squid docs for Dynamic SSL Certificate Generation
answered Aug 20 '18 at 11:02
Stuart CardallStuart Cardall
34635
add a comment |
This can be caused by an unitialized ssl_db in squid which can be created with:
ssl_crtd=$(find /usr -type f -name ssl_crtd)
$ssl_crtd -c -s /var/lib/ssl_db
chown -R squid /var/lib/ssl_db
& set in /etc/squid/squid.conf
sslcrtd_program /usr/lib/squid/ssl_crtd -s /var/lib/ssl_db -M 4MB
sslcrtd_children 3 startup=1 idle=1
depending on how your squid was built you may also be able to use
security_file_certgen
see also Squid docs for Dynamic SSL Certificate Generation
answered Aug 20 '18 at 11:02
Stuart CardallStuart Cardall
34635
This can be caused by an unitialized ssl_db in squid which can be created with:
ssl_crtd=$(find /usr -type f -name ssl_crtd)
$ssl_crtd -c -s /var/lib/ssl_db
chown -R squid /var/lib/ssl_db
& set in /etc/squid/squid.conf
sslcrtd_program /usr/lib/squid/ssl_crtd -s /var/lib/ssl_db -M 4MB
sslcrtd_children 3 startup=1 idle=1
depending on how your squid was built you may also be able to use
security_file_certgen
see also Squid docs for Dynamic SSL Certificate Generation
answered Aug 20 '18 at 11:02
Stuart CardallStuart Cardall
34635
edited Aug 20 '18 at 11:21
answered Aug 20 '18 at 11:02
Stuart CardallStuart Cardall
34635
answered Aug 20 '18 at 11:02
Stuart CardallStuart Cardall
34635
answered Aug 20 '18 at 11:02
Stuart CardallStuart Cardall
34635
34635
add a comment |
add a comment |
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f624879%2fssl-crtd-helpers-are-crashing-too-rapidly-in-squid%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
try also posting on squid-users mailing lists. they are very responsive. squid-cache.org/Support/mailing-lists.html
– Costin Gușă
Sep 8 '14 at 22:47