Jump to content



Photo

squid SSL keeps crashing D:


  • Please log in to reply
6 replies to this topic

#1 Original Poster

Original Poster

    Systems Developer

  • Tech Issues Solved: 1
  • Joined: 15-July 08
  • Location: my room
  • OS: windows 7/8, Kali, ubuntu, OSx 10.9
  • Phone: Android

Posted 13 August 2014 - 14:17

hello all I keep getting this error

 

FATAL: The ssl_crtd helpers are crashing too rapidly, need help!

 

I dont know what the error has had a bit of a google nothing really helped just loads of questions and a generic turn it off and on again... but this fails straight away. as soon as a connection over https is attempted....

 

where is the bud phone...(seriously I need a budman light for the sky or something)

 

save me mr budman! I know you are out there! (and yess I am on 3.4.6 at current so you will sigh in relief )




#2 zhangm

zhangm

    Just bitter.

  • Tech Issues Solved: 14
  • Joined: 21-August 02

Posted 13 August 2014 - 18:36

Thread moved to Internet, Network & Security.

#3 +BudMan

BudMan

    Neowinian Senior

  • Tech Issues Solved: 100
  • Joined: 04-July 02
  • Location: Schaumburg, IL
  • OS: Win7, Vista, 2k3, 2k8, XP, Linux, FreeBSD, OSX, etc. etc.

Posted 14 August 2014 - 01:55

What is the exact error your getting?

 

And send me your config - PM if your worried about posting it.



#4 OP Original Poster

Original Poster

    Systems Developer

  • Tech Issues Solved: 1
  • Joined: 15-July 08
  • Location: my room
  • OS: windows 7/8, Kali, ubuntu, OSx 10.9
  • Phone: Android

Posted 14 August 2014 - 07:18

What is the exact error your getting?

 

And send me your config - PM if your worried about posting it.

 

my config only has a few ACLs in it with domains and IPs chaned it is a pretty standard config now (I cleaned up a fair bit)

 

the only https related config is this:

(http://pen-testing-l...y-for-http.html)

http_port 3128 intercept
https_port 3127 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/usr/local/squid/ssl_cert/myCA.pem
acl broken_sites dstdomain .example.com
ssl_bump none localhost
ssl_bump none broken_sites
ssl_bump server-first all
sslcrtd_program /usr/local/squid/libexec/ssl_crtd -s /usr/local/squid/var/lib/ssl_db -M 4MB
sslcrtd_children 5

The error in squid debugging mode that i am getting is this (exactly this):

 

FATAL: The ssl_crtd helpers are crashing too rapidly, need help!

 

So yea, I made a single request which made it through before the SSL crashed :'( 



#5 OP Original Poster

Original Poster

    Systems Developer

  • Tech Issues Solved: 1
  • Joined: 15-July 08
  • Location: my room
  • OS: windows 7/8, Kali, ubuntu, OSx 10.9
  • Phone: Android

Posted 14 August 2014 - 09:22

2014/08/14 09:18:33| WARNING: ssl_crtd #1 exited

2014/08/14 09:18:33| Too few ssl_crtd processes are running (need 1/5)

2014/08/14 09:18:33| Closing HTTP port 0.0.0.0:3128

2014/08/14 09:18:33| Closing HTTPS port 0.0.0.0:3127

2014/08/14 09:18:33| storeDirWriteCleanLogs: Starting...

2014/08/14 09:18:33|   Finished.  Wrote 80 entries.

2014/08/14 09:18:33|   Took 0.00 seconds (204081.63 entries/sec).

FATAL: The ssl_crtd helpers are crashing too rapidly, need help!

 

 

ok budman dont strike me down but I changed the ssl_db -R to 777 *flinches* just to test out and it seems to have worked... BUT here is the but....SSL certs are getting denied, basically every single one! I have once again hacked it open *flinches again*

 

acl BadSite ssl_error SQUID_X509_V_ERR_DOMAIN_MISMATCH
sslproxy_cert_error allow BadSite
sslproxy_cert_error deny all

 

 

but I want to get around having to do this because its very dirty and dangerous?



#6 Haggis

Haggis

    Neowinian Senior

  • Tech Issues Solved: 12
  • Joined: 13-June 07
  • Location: Near Stirling, Scotland
  • OS: Debian 7
  • Phone: Samsung Galaxy S3 LTE (i9305)

Posted 14 August 2014 - 09:55

this thread may help

 

http://www.squid-cac...01209/0086.html



#7 OP Original Poster

Original Poster

    Systems Developer

  • Tech Issues Solved: 1
  • Joined: 15-July 08
  • Location: my room
  • OS: windows 7/8, Kali, ubuntu, OSx 10.9
  • Phone: Android

Posted 14 August 2014 - 10:42

this thread may help

 

http://www.squid-cac...01209/0086.html

yea this is what lead me to my dirty hack lol sadly this did not appear to be my issue with the crts it was permissions and with everything else it would seem that the error is now accepting the certs from the squid as squid seems to be blocking everyone