[squid-users] Squid 4.4 security_file_certgen helpers crashing

Eliezer Croitoru eliezer at ngtech.co.il
Sun Dec 30 06:34:20 UTC 2018

Hey Alex,

I didn't had the time to sit and compose a STDINT/OUT input and output that can be used to test the security_file_certgen.
Can you or anyone of the related developers post in the wiki a simple "example" input that can be sent over STDIN to debug this type of issues?
I can just load the software as squid or proxy user but...
Another option is to point us towards the debug options that will give the testing admins(or me) an option to copy and paste the data that squid is sending to the helper.


Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: eliezer at ngtech.co.il

-----Original Message-----
From: squid-users [mailto:squid-users-bounces at lists.squid-cache.org] On Behalf Of Alex Rousskov
Sent: Friday, December 28, 2018 05:29
To: squid-users at lists.squid-cache.org
Subject: Re: [squid-users] Squid 4.4 security_file_certgen helpers crashing

On 12/27/18 2:30 PM, johnr wrote:

> I find the following in the cache log:

> 2018/12/27 21:15:40 kid1| WARNING:
> /usr/local/squid/libexec/security_file_certgen -s
> /usr/local/squid/var/cache/squid/ssl_db -M 4MB #Hlpr1 exited

We need to figure out why the helper is exiting. If there are no error
messages in cache.log, then your system log may have additional
information such as the process signal that killed the helper. If it was
a crash, then your core dump directory should have the corresponding
core dump (make sure you enable core dumps!) that you can examine with gdb.

> I ran the security_gen_helper under GDB and it seems to be crashing here:
> https://github.com/squid-cache/squid/blob/master/src/ssl/gadgets.cc#L218

If you can reproduce helper crash while it has gdb attached, please post
the stack trace.

> I saw a commit supporting a newer version of openssl, I wonder if
> that may have mistakenly broken support for older versions of
> openssl?

Sure, it may have. Most likely, the changes are not tested in an
environment matching yours, and the bug may be environment-driven.

If you get more details such as a backtrace, please consider filing a
bug report with all the details.

Thank you,

squid-users mailing list
squid-users at lists.squid-cache.org

More information about the squid-users mailing list