[squid-users] Squid fails to bump where there are too many DNS names in SAN field
Alex Rousskov
rousskov at measurement-factory.com
Wed Sep 5 15:48:03 UTC 2018
On 09/05/2018 02:37 AM, Ahmad, Sarfaraz wrote:
> Tested with Squid-4.2 and ended with same results.
> How do we proceed here ?
At the risk of sounding like a broken record, I can only repeat my
earlier recommendation to file a bug report (assuming you cannot fix the
bug). Your overall options are summarized at
https://wiki.squid-cache.org/SquidFaq/AboutSquid#How_to_add_a_new_Squid_feature.2C_enhance.2C_of_fix_something.3F
If possible, please attach (to the bug report) a compressed ALL,9
cache.log showing a single transaction reproducing the problem. Squid
wiki has relevant suggestions:
https://wiki.squid-cache.org/SquidFaq/BugReporting#Debugging_a_single_transaction
Thank you,
Alex.
> -----Original Message-----
> From: Alex Rousskov <rousskov at measurement-factory.com>
> Sent: Tuesday, September 4, 2018 9:14 PM
> To: Ahmad, Sarfaraz <Sarfaraz.Ahmad at deshaw.com>; squid-users at lists.squid-cache.org
> Subject: Re: [squid-users] Squid fails to bump where there are too many DNS names in SAN field
>
> On 09/04/2018 02:00 AM, Ahmad, Sarfaraz wrote:
>
>> 2018/09/04 12:45:46.112 kid1| 24,5| BinaryTokenizer.cc(47) want: 520 more bytes for Handshake.msg_body.octets occupying 16900 bytes @90 in 0xfa4d70;
>> 2018/09/04 12:45:46.112 kid1| 83,5| PeerConnector.cc(451) noteWantRead: local=10.240.180.31:43716 remote=103.243.13.183:443 FD 15 flags=1
>
>
> Translation: Squid did not read enough data from the server to finish
> parsing TLS server handshake. Squid needs to read at least 520 more
> bytes from FD 15.
>
>
>> Later on after about 10 secs
>
>> 2018/09/04 12:45:58.124 kid1| 83,5| bio.cc(140) read: FD 12 read 0 <= 65535
>
> And end-of-file on the wrong/different connection.
>
>
> My recommendations remain the same, but please follow Amos advice and
> upgrade to the latest v4 first.
>
> Please note that I do _not_ recommend analyzing ALL,9 logs. On average,
> such analysis by non-developers wastes more time than it saves.
>
> Alex.
>
More information about the squid-users
mailing list