squid SSL keeps crashing D:


Recommended Posts

hello all I keep getting this error

 

FATAL: The ssl_crtd helpers are crashing too rapidly, need help!

 

I dont know what the error has had a bit of a google nothing really helped just loads of questions and a generic turn it off and on again... but this fails straight away. as soon as a connection over https is attempted....

 

where is the bud phone...(seriously I need a budman light for the sky or something)

 

save me mr budman! I know you are out there! (and yess I am on 3.4.6 at current so you will sigh in relief )

Link to comment
Share on other sites

What is the exact error your getting?

 

And send me your config - PM if your worried about posting it.

Link to comment
Share on other sites

What is the exact error your getting?

 

And send me your config - PM if your worried about posting it.

 

my config only has a few ACLs in it with domains and IPs chaned it is a pretty standard config now (I cleaned up a fair bit)

 

the only https related config is this:

(http://pen-testing-lab.blogspot.co.uk/2013/11/squid-3310-transparent-proxy-for-http.html)

http_port 3128 intercept
https_port 3127 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/usr/local/squid/ssl_cert/myCA.pem
acl broken_sites dstdomain .example.com
ssl_bump none localhost
ssl_bump none broken_sites
ssl_bump server-first all
sslcrtd_program /usr/local/squid/libexec/ssl_crtd -s /usr/local/squid/var/lib/ssl_db -M 4MB
sslcrtd_children 5

The error in squid debugging mode that i am getting is this (exactly this):

 

FATAL: The ssl_crtd helpers are crashing too rapidly, need help!

 

So yea, I made a single request which made it through before the SSL crashed :'( 

Link to comment
Share on other sites

2014/08/14 09:18:33| WARNING: ssl_crtd #1 exited

2014/08/14 09:18:33| Too few ssl_crtd processes are running (need 1/5)

2014/08/14 09:18:33| Closing HTTP port 0.0.0.0:3128

2014/08/14 09:18:33| Closing HTTPS port 0.0.0.0:3127

2014/08/14 09:18:33| storeDirWriteCleanLogs: Starting...

2014/08/14 09:18:33|   Finished.  Wrote 80 entries.

2014/08/14 09:18:33|   Took 0.00 seconds (204081.63 entries/sec).

FATAL: The ssl_crtd helpers are crashing too rapidly, need help!

 

 

ok budman dont strike me down but I changed the ssl_db -R to 777 *flinches* just to test out and it seems to have worked... BUT here is the but....SSL certs are getting denied, basically every single one! I have once again hacked it open *flinches again*

 

acl BadSite ssl_error SQUID_X509_V_ERR_DOMAIN_MISMATCH
sslproxy_cert_error allow BadSite
sslproxy_cert_error deny all

 

 

but I want to get around having to do this because its very dirty and dangerous?

Link to comment
Share on other sites

yea this is what lead me to my dirty hack lol sadly this did not appear to be my issue with the crts it was permissions and with everything else it would seem that the error is now accepting the certs from the squid as squid seems to be blocking everyone

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.