squid SSL keeps crashing D:

By Original Poster
in Smart Home, Network & Security

 Share

Recommended Posts

Grand Master

Original Poster

Posted
Posted

hello all I keep getting this error

 

FATAL: The ssl_crtd helpers are crashing too rapidly, need help!

 

I dont know what the error has had a bit of a google nothing really helped just loads of questions and a generic turn it off and on again... but this fails straight away. as soon as a connection over https is attempted....

 

where is the bud phone...(seriously I need a budman light for the sky or something)

 

save me mr budman! I know you are out there! (and yess I am on 3.4.6 at current so you will sigh in relief )

Link to comment
https://www.neowin.net/forum/topic/1225601-squid-ssl-keeps-crashing-d/
Share on other sites
Grand Master

Original Poster

Posted
  • Author
Posted
  On 14/08/2014 at 01:55, BudMan said:

What is the exact error your getting?

 

And send me your config - PM if your worried about posting it.

 

my config only has a few ACLs in it with domains and IPs chaned it is a pretty standard config now (I cleaned up a fair bit)

 

the only https related config is this:

(http://pen-testing-lab.blogspot.co.uk/2013/11/squid-3310-transparent-proxy-for-http.html) 

http_port 3128 intercept
https_port 3127 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/usr/local/squid/ssl_cert/myCA.pem
acl broken_sites dstdomain .example.com
ssl_bump none localhost
ssl_bump none broken_sites
ssl_bump server-first all
sslcrtd_program /usr/local/squid/libexec/ssl_crtd -s /usr/local/squid/var/lib/ssl_db -M 4MB
sslcrtd_children 5

The error in squid debugging mode that i am getting is this (exactly this):

 

FATAL: The ssl_crtd helpers are crashing too rapidly, need help!

 

So yea, I made a single request which made it through before the SSL crashed :'( 

Grand Master

Original Poster

Posted
  • Author
Posted

2014/08/14 09:18:33| WARNING: ssl_crtd #1 exited

2014/08/14 09:18:33| Too few ssl_crtd processes are running (need 1/5)

2014/08/14 09:18:33| Closing HTTP port 0.0.0.0:3128

2014/08/14 09:18:33| Closing HTTPS port 0.0.0.0:3127

2014/08/14 09:18:33| storeDirWriteCleanLogs: Starting...

2014/08/14 09:18:33|   Finished.  Wrote 80 entries.

2014/08/14 09:18:33|   Took 0.00 seconds (204081.63 entries/sec).

FATAL: The ssl_crtd helpers are crashing too rapidly, need help!

 

 

ok budman dont strike me down but I changed the ssl_db -R to 777 *flinches* just to test out and it seems to have worked... BUT here is the but....SSL certs are getting denied, basically every single one! I have once again hacked it open *flinches again*

 

acl BadSite ssl_error SQUID_X509_V_ERR_DOMAIN_MISMATCH
sslproxy_cert_error allow BadSite
sslproxy_cert_error deny all

 

 

but I want to get around having to do this because its very dirty and dangerous?

Grand Master

Original Poster

Posted
  • Author
Posted
  On 14/08/2014 at 09:55, Haggis said:

yea this is what lead me to my dirty hack lol sadly this did not appear to be my issue with the crts it was permissions and with everything else it would seem that the error is now accepting the certs from the squid as squid seems to be blocking everyone

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • I miss the days when Windows came to play

      By DentedAphid7 · Posted

      Lmao. Cries about not playing those games not installed and yet don't ever want to touch them.
    • Searching for a Windows Folder Organizer Alternative

      By ShadeOfBlue · Posted

      If I want to merge folder trees that have a similar structure, Beyond Compare is always my first choice. It's not free but it's awesome. If I want to just scan a whole drive/folder and find duplicates that are taking up space, I like Czkawka.
    • Claude Code gets throttled as Anthropic rolls out fresh usage caps

      By David Uzondu · Posted

      Claude Code gets throttled as Anthropic rolls out fresh usage caps by David Uzondu Claude Code, the AI-in-terminal utility developed by Anthropic and launched back in February, is getting updated usage limits following weeks of user complaints about being abruptly cut off. Many developers on the "$200/month Max plan" found their access blocked after just a few requests, with no explanation from the company. In a recent thread posted to X, the AI lab explained that it has seen "unprecedented demand since launch," pointing to some of its heaviest users who were running the tool continuously in the background 24/7, with one person reportedly consuming tens of thousands of dollars in model usage on a single $200 subscription. Anthropic also claimed that some users were violating its usage policy by sharing and reselling accounts, which impacts system capacity for everyone. These factors all led the company to announce new weekly limits that will be added on top of the existing five-hour caps, effective August 28. Max plan subscribers will have the option to buy additional usage at standard API rates if they hit their cap. Here's what the new weekly limits look like: Pro Plan ($20/month): An estimated 40 to 80 hours of usage with the Sonnet 4 model. Max Plan ($100/month): An estimated 140 to 280 hours with Sonnet 4 and 15 to 35 hours with the top-tier Opus 4 model. Max Plan ($200/month): An estimated 240 to 480 hours with Sonnet 4 and 24 to 40 hours with Opus 4. Per TechCrunch, the company provided these hour-based estimates, noting that the actual numbers may vary based on the size of a project's codebase. What's interesting is how this new structure compares to the old marketing. Anthropic previously advertised its $200 Max plan as offering 20 times more usage than the Pro plan. Based on these new hourly estimates, that multiple is now closer to six. It is possible the 20x figure still applies when measured in tokens or raw compute, but, according to TechCrunch, the company has not clarified that point.
    • Trump likes TikTok but the app must be owned by an American, the US commerce secretary says

      By Phillip0web · Posted

      I don't give a rat's f### what Trumpette, the Putin puppet likes!
    • Microsoft Edge is turning into AI browser with new Copilot Mode

      By Phillip0web · Posted

      No, no, hell no and f#### no!!!!

  • Recent Achievements

    • First Post
      Gladiattore earned a badge
      First Post
    • Reacting Well
      Gladiattore earned a badge
      Reacting Well
    • Week One Done
      NeoWeen earned a badge
      Week One Done
    • One Month Later
      BA the Curmudgeon earned a badge
      One Month Later
    • First Post
      Doreen768 earned a badge
      First Post

  • Popular Contributors

    1. 1
      +primortal
      644
    2. 2
      ATLien_0
      260
    3. 3
      Xenon
      165
    4. 4
      neufuse
      142
    5. 5
      +FloatingFatMan
      107
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!