[squid-users] The SSL certificate database is corrupted. Please rebuild
Amos Jeffries
squid3 at treenet.co.nz
Wed Feb 4 17:15:27 UTC 2015
On 5/02/2015 4:33 a.m., Ortega Gustavo Martin wrote:
> Hello, i found multiple times this error in cache.log and then squid
> crashed and enter in a loop.
>
> I found one corrupted line in "index.txt" in the database directory.
> Last two lines are:
>
> V 150828132043Z
> 1BDA35020BA8933E63507E7D5A59386C8329A3D3 unknown
> /CN=zqnvza.bay.livefilestore.com+Sign=signTrusted ed
>
>
> I thought that "ed" is the corrupted line.
>
>
> This is my output of "squid -v" Squid Cache: Version
> 3.4.11-20150124-r13214 configure options:
> '--prefix=/export/squid-3.4.11-20150124-r13214' '--with-maxfd=400000'
> '--enable-delay-pools' '--enable-referer-log'
> '--enable-useragent-log'
Referer and Useragent logs are now built-in logformat definitions.
Remove these ./configure options.
> '--enable-auth'
Auth is enabled by default, the ./configure option is defined for use to
DISABLE authentication in Squid.
> '--with-large-files'
> '--enable-follow-x-forwarded-for'
> '--enable-default-err-language=Spanish'
> '--enable-err-languages=Spanish'
"Spanish" is not an ISO 3166 language code.
Use: --enable-default-err-language=es
> '--enable-external-acl-helpers=wbinfo_group' '--enable-async-io'
> '--enable-ssl' '--enable-ssl-crtd' '--enable-icap-client'
> '--enable-ltdl-convenience'
> '--with-openssl=/export/SOURCES/openssl-1.0.1c' '--disable-ipv6'
>
Please begin your migration to IPv6. BCP 177 (RFC 6540) make it clear
that IPv6 support is currenty mandatory for all machinery and software
using IP protocol. Current versions of Squid have no problems with IPv6
(remaining problem are all in the network and workarounds are configurable).
Cheers
Amos
More information about the squid-users
mailing list