Sign in to follow this  
Followers 0

squid SSL keeps crashing D:

7 posts in this topic

Posted

hello all I keep getting this error

 

FATAL: The ssl_crtd helpers are crashing too rapidly, need help!

 

I dont know what the error has had a bit of a google nothing really helped just loads of questions and a generic turn it off and on again... but this fails straight away. as soon as a connection over https is attempted....

 

where is the bud phone...(seriously I need a budman light for the sky or something)

 

save me mr budman! I know you are out there! (and yess I am on 3.4.6 at current so you will sigh in relief )

Share this post


Link to post
Share on other sites

Posted

Thread moved to Internet, Network & Security.

Share this post


Link to post
Share on other sites

Posted

What is the exact error your getting?

 

And send me your config - PM if your worried about posting it.

Share this post


Link to post
Share on other sites

Posted

What is the exact error your getting?

 

And send me your config - PM if your worried about posting it.

 

my config only has a few ACLs in it with domains and IPs chaned it is a pretty standard config now (I cleaned up a fair bit)

 

the only https related config is this:

(http://pen-testing-lab.blogspot.co.uk/2013/11/squid-3310-transparent-proxy-for-http.html)

http_port 3128 intercept
https_port 3127 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/usr/local/squid/ssl_cert/myCA.pem
acl broken_sites dstdomain .example.com
ssl_bump none localhost
ssl_bump none broken_sites
ssl_bump server-first all
sslcrtd_program /usr/local/squid/libexec/ssl_crtd -s /usr/local/squid/var/lib/ssl_db -M 4MB
sslcrtd_children 5

The error in squid debugging mode that i am getting is this (exactly this):

 

FATAL: The ssl_crtd helpers are crashing too rapidly, need help!

 

So yea, I made a single request which made it through before the SSL crashed :'( 

Share this post


Link to post
Share on other sites

Posted

2014/08/14 09:18:33| WARNING: ssl_crtd #1 exited

2014/08/14 09:18:33| Too few ssl_crtd processes are running (need 1/5)

2014/08/14 09:18:33| Closing HTTP port 0.0.0.0:3128

2014/08/14 09:18:33| Closing HTTPS port 0.0.0.0:3127

2014/08/14 09:18:33| storeDirWriteCleanLogs: Starting...

2014/08/14 09:18:33|   Finished.  Wrote 80 entries.

2014/08/14 09:18:33|   Took 0.00 seconds (204081.63 entries/sec).

FATAL: The ssl_crtd helpers are crashing too rapidly, need help!

 

 

ok budman dont strike me down but I changed the ssl_db -R to 777 *flinches* just to test out and it seems to have worked... BUT here is the but....SSL certs are getting denied, basically every single one! I have once again hacked it open *flinches again*

 

acl BadSite ssl_error SQUID_X509_V_ERR_DOMAIN_MISMATCH
sslproxy_cert_error allow BadSite
sslproxy_cert_error deny all

 

 

but I want to get around having to do this because its very dirty and dangerous?

Share this post


Link to post
Share on other sites

Posted

yea this is what lead me to my dirty hack lol sadly this did not appear to be my issue with the crts it was permissions and with everything else it would seem that the error is now accepting the certs from the squid as squid seems to be blocking everyone

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.