[squid-users] security_file_certgen problem

[Amos Jeffries]

On 21/03/19 10:04 am, leomessi983 wrote:
>> Have you initialized the /var/lib/ssl_db directory using the
>> low-privilege account Squid operates as?
> Yes i use -c option and set permissions for nobody and nogroup user which squid use!
> 

If you are using Debian packages, or packages based on the Debian
official .deb the user account is 'proxy'. That could be the problem.


>> The helper should have output a message before it shutdown. If that
>> managed to get written it would occur somewhere before this line in your
>> cache.log.
> After squid showed that warning  fatal error accrued and some termination errors!
> 

Yes that is clear. That warning is the "last straw" at the *end* as
Squid gives up on the helper. The helper will already have aborted maybe
10 times leading up to that and should have printed its reason for the
abort. So I asked what was going on *before* the warning ?


> I usedsecurity_file_certgen helper from squid4.3 source files and then i
> created a .deb package from my squid 4.6 compiled files and former helpers!
> then squid runs perfectly!!
> I think security_file_certgen helper in squid 4.6 is the problem!!
> 
> Also when i copy cecutity_file_certgen helper from older squid 4.3 to my new machine whit squid 4.6 it is OK !!!!!
> 

That is odd. The only changes related to that helper between those
version is improved support for OpenSSL 1.0.* libraries and deprecated API.


Amos