[squid-users] ***SPAM*** Re: Random SSL bump DB corruption

Vdoctor vdoctor at neuf.fr
Thu Apr 9 13:00:26 UTC 2015


Yury,

I checked the source code (3.4/3.5) ssl_crtd, the default size is 2048.
    -b fs_block_size     File system block size in bytes. Need for processing
                         natural size of certificate on disk. Default value is
                         2048 bytes."

/**
 \ingroup ssl_crtd
 * This is the external ssl_crtd process.
 */
int main(int argc, char *argv[])
{
    try {
        size_t max_db_size = 0;
        size_t fs_block_size = 2048;


But the crazy thing is the index.txt (last line) is wrong, not complete. It seems the tool writes/saves wrong data that's why it becomes corrupted and crash the Squid.

We have tried with a single ssl_crtd in the squid.conf, then one per worker, the same corruption.

Bye Fred

-----Message d'origine-----
De : squid-users [mailto:squid-users-bounces at lists.squid-cache.org] De la part de Yuri Voinov
Envoyé : jeudi 9 avril 2015 14:52
À : squid-users at lists.squid-cache.org
Objet : ***SPAM*** Re: [squid-users] Random SSL bump DB corruption


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
 
Don't think this is critical. What is native fs block size?

09.04.15 13:29, Stakres пишет:
> Hi Yuri,
>
> We have checked the sslproxy_capath, all certifs updated.
> OpenSSL is: OpenSSL 1.0.1e 11 Feb 2013 (Debian 7.8)
>
> Additional point, the auto-signed certif is a 1024, could it be the
problem
> ?
> Maybe we need to use the ssl_crtd with the option "-b 1024"
> what do you think ?
>
> example of corrupted db:
> *V    250402155004Z        7307E4A4E7FC6483C2B1D533821A7D2356DF1B88   
unknown
> /CN=r2---sn-q4f7sn7z.googlevideo.com+Sign=signTrusted+SignHash=SHA256
> V    250402155004Z        2D1FC87E26AC4D8AB1E6F3B45E2C69EB36C7F8D3   
unknown
> /CN=seal.verisign.com+Sign=signTrusted+SignHash=SHA256
> 6
> *
>
> the squid crash when the index.txt becomes wrong... weird...
>
> Bye Fred
>
>
>
> --
> View this message in context:
http://squid-web-proxy-cache.1019090.n4.nabble.com/Random-SSL-bump-DB-corruption-tp4670289p4670656.html
> Sent from the Squid - Users mailing list archive at Nabble.com.
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
 
iQEcBAEBCAAGBQJVJnXhAAoJENNXIZxhPexGUp0IAK5Q7MlBDnZOL5jaCGqZo6L5
gbqIUwMfBf8DMD86b0INI/n1nM4OyzcZnHv2NdfatWwJ2qxDs5W0ciYUXbqxtTer
h45AV78FmaQxabk6rU0oxPOMMZz1o9tmGaaPtaGl3eykeA4Fv6jhZFA6C2dAiX87
ALgC7VPyLnwJNIljWwNqI+n2LzTJmsJEGu1xvEJT248XgKExlVTzB2qOLBri4Eaw
r3GNfSjO8lG4sjmW/H1UqaneigHOn0/CRDQk2/PRViWl15T/DndmoSWD+S3k+H0n
qj1iEGOfPsVvY86mljCaYCgNiVXsLYIsvoif7FZ1JYoSvtITeUihmew8soKlewI=
=D1nG
-----END PGP SIGNATURE-----

_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users


More information about the squid-users mailing list