[squid-users] squid 5.0.3 Segment Violation when using ssl bump and cache peer

橋本紘希 hsmtkk at gmail.com
Fri Jul 3 23:49:57 UTC 2020 

I have a problem with squid 5.0.3.

I would like to use "Peering support for SSL-Bump" introduced in squid 5.
http://squid.mirror.colo-serv.net/archive/5/squid-5.0.2-RELEASENOTES.html#ss2.6

I configured this environment using docker-compose.
client -> childproxy -> parentproxy -> server

When I communicated client to server via childproxy and parentproxy,
"Segment Violation" happened and squid exited abnormally.

Do I need any extra configuration to use "Peering support for SSL-Bump" feature?


* squid --version output
Squid Cache: Version 5.0.3
Service Name: squid

This binary uses OpenSSL 1.1.1g  21 Apr 2020. For legal restrictions
on distribution see https://www.openssl.org/source/license.html

configure options:  '--prefix=/usr/local/squid' '--enable-ssl-crtd'
'--disable-optimizations' '--with-openssl=/usr/local/openssl'
--enable-ltdl-convenience

* executed command and its output

$ docker exec client curl -k -x childproxy:3128 https://server/hello.html
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to server:443

* error log

childproxy     | 2020/07/03 22:55:53 kid1| FATAL: Received Segment
Violation...dying.
childproxy     |     current master transaction: master53
childproxy     | 2020/07/03 22:55:53 kid1| Closing HTTP(S) port 0.0.0.0:3128
childproxy     |     current master transaction: master53
childproxy     | 2020/07/03 22:55:53 kid1| storeDirWriteCleanLogs: Starting...
childproxy     |     current master transaction: master53
childproxy     | 2020/07/03 22:55:53 kid1|   Finished.  Wrote 0 entries.
childproxy     |     current master transaction: master53
childproxy     | 2020/07/03 22:55:53 kid1|   Took 0.00 seconds (  0.00
entries/sec).
childproxy     |     current master transaction: master53
childproxy     | CPU Usage: 0.235 seconds = 0.106 user + 0.129 sys
childproxy     | Maximum Resident Size: 600336 KB
childproxy     | Page faults with physical i/o: 0

* core dump backtrace

#0  0x00007f8b433da387 in raise () from /lib64/libc.so.6
#1  0x00007f8b433dba78 in abort () from /lib64/libc.so.6
#2  0x000000000088b4bc in death (sig=11) at tools.cc:359
#3  <signal handler called>
#4  0x00000000009dbd12 in Comm::Connection::getPeer (this=0x0) at
Connection.cc:102
#5  0x00000000009dbed8 in Comm::Connection::connectTimeout (this=0x0,
fwdStart=1593816953) at Connection.cc:143
#6  0x00000000007b1332 in FwdState::connectingTimeout (this=0x2870a48,
conn=...) at FwdState.cc:1381
#7  0x00000000007ae351 in FwdState::establishTunnelThruProxy
(this=0x2870a48, conn=...) at FwdState.cc:850
#8  0x00000000007adba5 in FwdState::__lambda2::operator()
(__closure=0x7ffead0888f0) at FwdState.cc:836
#9  0x00000000007b1ca7 in
FwdState::advanceDestination<FwdState::noteConnection(HappyConnOpener::Answer&)::__lambda2>(const
char *, const Comm::ConnectionPointer &, const FwdState::__lambda2 &)
(this=0x2870a48,
    stepDescription=0xb487f0 "establish tunnel through proxy",
conn=..., startStep=...) at FwdState.cc:777
#10 0x00000000007ae1ca in FwdState::noteConnection (this=0x2870a48,
answer=...) at FwdState.cc:837
#11 0x00000000007b5f64 in HappyConnOpener::CbDialer<FwdState>::dial
(this=0x2871af8) at HappyConnOpener.h:120
#12 0x00000000007b56ed in
AsyncCallT<HappyConnOpener::CbDialer<FwdState> >::fire
(this=0x2871ac0)
    at ../src/base/AsyncCall.h:150
#13 0x000000000096c293 in AsyncCall::make (this=0x2871ac0) at AsyncCall.cc:44
#14 0x000000000096cfca in AsyncCallQueue::fireNext (this=0x23b6ec0) at
AsyncCallQueue.cc:60
#15 0x000000000096cd43 in AsyncCallQueue::fire (this=0x23b6ec0) at
AsyncCallQueue.cc:43
#16 0x000000000079afbf in EventLoop::dispatchCalls
(this=0x7ffead088c80) at EventLoop.cc:144
#17 0x000000000079aee7 in EventLoop::runOnce (this=0x7ffead088c80) at
EventLoop.cc:121
#18 0x000000000079ad4e in EventLoop::run (this=0x7ffead088c80) at
EventLoop.cc:83
#19 0x000000000081ce58 in SquidMain (argc=3, argv=0x7ffead088fb8) at
main.cc:1716
#20 0x000000000081c2c3 in SquidMainSafe (argc=3, argv=0x7ffead088fb8)
at main.cc:1403
#21 0x000000000081c296 in main (argc=3, argv=0x7ffead088fb8) at main.cc:1391

* I submitted all my configs and logs to my github page.
https://github.com/hsmtkk/squid5_sslbump_cachepeer/issues/1


Best regards,
Kouki Hashimoto
hsmtkk at gmail.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: parent-squid.conf
Type: application/octet-stream
Size: 453 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20200704/55a9d257/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: child-squid.conf
Type: application/octet-stream
Size: 551 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20200704/55a9d257/attachment-0001.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: child-cache.log
Type: application/octet-stream
Size: 4626 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20200704/55a9d257/attachment-0002.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: parent-cache.log
Type: application/octet-stream
Size: 1931 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20200704/55a9d257/attachment-0003.obj>

More information about the squid-users mailing list