[squid-users] The SSL certificate database is corrupted. Please rebuild

Ortega Gustavo Martin gortega at anses.gov.ar
Fri Feb 6 23:38:05 UTC 2015


Any comments?

Thanks

-----Mensaje original-----
De: squid-users [mailto:squid-users-bounces at lists.squid-cache.org] En nombre de Ortega Gustavo Martin
Enviado el: miércoles, 04 de febrero de 2015 03:05 p.m.
Para: squid-users at lists.squid-cache.org
Asunto: [squid-users] The SSL certificate database is corrupted. Please rebuild

Amos, thanks for your quick reply!

I ´ve got news:

i recompiled squid with your suggestions, remove the corrupted database but the same thing happens.

my squid -v now is:

Squid Cache: Version 3.4.11-20150124-r13214 configure options:  '--prefix=/export/squid-3.4.11-20150124-r13214' '--with-maxfd=400000' '--enable-delay-pools' '--with-large-files' '--enable-follow-x-forwarded-for' '--enable-default-err-language=es' '--enable-err-languages=es' '--enable-external-acl-helpers=wbinfo_group' '--enable-async-io' '--enable-ssl' '--enable-ssl-crtd' '--enable-icap-client' '--enable-ltdl-convenience' '--with-openssl=/export/SOURCES/openssl-1.0.2'

The complete line of cache.log is:

2015/02/04 15:00:57 kid1| helperOpenServers: Starting 1/200 'ssl_crtd' processes wrong number of fields on line 8 (looking for field 6, got 1, '' left)
(ssl_crtd): The SSL certificate database (....) is corrupted. Please rebuild

Thanks, Gustavo.

-----Mensaje original-----
De: squid-users [mailto:squid-users-bounces at lists.squid-cache.org] En nombre de Amos Jeffries Enviado el: miércoles, 04 de febrero de 2015 02:15 p.m.
Para: squid-users at lists.squid-cache.org
Asunto: Re: [squid-users] The SSL certificate database is corrupted. Please rebuild

On 5/02/2015 4:33 a.m., Ortega Gustavo Martin wrote:
> Hello, i found multiple times this error in cache.log and then squid 
> crashed and enter in a loop.
> 
> I found one corrupted line in "index.txt" in the database directory. 
> Last two lines are:
> 
> V       150828132043Z
> 1BDA35020BA8933E63507E7D5A59386C8329A3D3        unknown
> /CN=zqnvza.bay.livefilestore.com+Sign=signTrusted ed
> 
> 
> I thought that "ed" is the corrupted line.
> 
> 
> This is my output of "squid -v" Squid Cache: Version
> 3.4.11-20150124-r13214 configure options:
> '--prefix=/export/squid-3.4.11-20150124-r13214' '--with-maxfd=400000'
> '--enable-delay-pools' '--enable-referer-log'
> '--enable-useragent-log'

Referer and Useragent logs are now built-in logformat definitions.
Remove these ./configure options.

> '--enable-auth'

Auth is enabled by default, the ./configure option is defined for use to DISABLE authentication in Squid.

> '--with-large-files'
> '--enable-follow-x-forwarded-for'
> '--enable-default-err-language=Spanish'
> '--enable-err-languages=Spanish'

"Spanish" is not an ISO 3166 language code.

Use:  --enable-default-err-language=es


> '--enable-external-acl-helpers=wbinfo_group' '--enable-async-io'
> '--enable-ssl' '--enable-ssl-crtd' '--enable-icap-client'
> '--enable-ltdl-convenience'
> '--with-openssl=/export/SOURCES/openssl-1.0.1c' '--disable-ipv6'
> 

Please begin your migration to IPv6. BCP 177 (RFC 6540) make it clear that IPv6 support is currenty mandatory for all machinery and software using IP protocol. Current versions of Squid have no problems with IPv6 (remaining problem are all in the network and workarounds are configurable).

Cheers
Amos
_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users


More information about the squid-users mailing list