[squid-dev] [PATCH] Avoid SSL certificate db corruption with empty index.txt as a symptom.

[Tsantilas Christos]

* Detect cases where the size file is corrupted or has a clearly wrong 
value. Automatically rebuild the database in such cases.

* Teach ssl_crtd to keep running if it is unable to store the generated 
certificate in the database. Return the generated certificate to Squid 
and log an error message in such cases.

Background:

There are cases where ssl_crtd may corrupt its certificate database. The 
known cases manifest themselves with an empty db index file.  When that 
happens, ssl_crtd helpers quit, SSL bumping does not work any more, and 
the certificate DB has to be deleted and re-initialized.

We do not know exactly what causes corruption in deployments, but one 
known trigger that is easy to reproduce in a lab is the block size 
change in the ssl_crtd configuration. That change has the following 
side-effects:

1. When ssl_crtd removes certificates, it computes their size using a 
different block size than the one used to store the certificates. This 
is may result in negative database sizes.

2. Signed/unsigned conversion results in a huge number near LONG_MAX, 
which is then written to the "size" file.

3. The ssl_crtd helper refuses to store new certificates because the 
database size (as described by the "size" file) exceeds the configured 
limit.

4. The ssl_crtd helper exits because it cannot store a new certificates 
to the database. No helper response is sent to Squid in this case.

Most likely, there are other corruption triggers -- the database 
management code is of an overall poor quality. This change resolves some 
of the underlying problems in hope to address at least some of the 
unknown triggers as well as the known one.

This is a Measurement Factory project.