<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8">
<META NAME="GENERATOR" CONTENT="GtkHTML/4.6.6">
</HEAD>
<BODY>
On Fri, 2015-07-24 at 19:15 -0500, Stanford Prescott wrote:
<BLOCKQUOTE TYPE=CITE>
Thanks for that. Any ideas why I am experiencing that?<BR>
<BR>
<BR>
</BLOCKQUOTE>
<BLOCKQUOTE TYPE=CITE>
Stan<BR>
<BR>
<BR>
</BLOCKQUOTE>
<BLOCKQUOTE TYPE=CITE>
<BR>
</BLOCKQUOTE>
<BLOCKQUOTE TYPE=CITE>
On Fri, Jul 24, 2015 at 7:07 PM, James Lay <<A HREF="mailto:jlay@slave-tothe-box.net">jlay@slave-tothe-box.net</A>> wrote:
</BLOCKQUOTE>
<BLOCKQUOTE TYPE=CITE>
<BLOCKQUOTE>
On Fri, 2015-07-24 at 17:25 -0500, Stanford Prescott wrote: <BR>
<BLOCKQUOTE TYPE=CITE>
I have a working implementation of Squid 3.5.5 with ssl-bump. When 3.5.5 is started with ssl-bump enabled all the squid and ssl_crtd processes start and Squid functions as intended when bumping ssl sites. However, when I bump Squid to 3.5.6 squid seems to start but ssl_crtd does not and Squid 3.5.6 cannot successfully bump ssl.<BR>
<BR>
<BR>
These are the config options I use for both 3.5.5 and 3.5.6.<BR>
<BR>
--enable-storeio="diskd,ufs,aufs" --enable-linux-netfilter \<BR>
--enable-removal-policies="heap,lru" --enable-delay-pools --libdir=/usr/lib/ \<BR>
--localstatedir=/var --with-dl --with-openssl --enable-http-violations \<BR>
--with-large-files --with-libcap --disable-ipv6 --with-swapdir=/var/spool/squid \<BR>
--enable-ssl-crtd --enable-follow-x-forwarded-for<BR>
<BR>
<BR>
<BR>
This is the squid.conf file used for both versions.<BR>
<BR>
visible_hostname smoothwallu3<BR>
<BR>
# Uncomment the following to send debug info to /var/log/squid/cache.log<BR>
debug_options ALL,1 33,2 28,9<BR>
<BR>
# ACCESS CONTROLS<BR>
# ----------------------------------------------------------------<BR>
acl localhostgreen src 10.20.20.1<BR>
acl localnetgreen src <A HREF="http://10.20.20.0/24">10.20.20.0/24</A><BR>
<BR>
acl SSL_ports port 445 443 441 563<BR>
acl Safe_ports port 80 # http<BR>
acl Safe_ports port 81 # smoothwall http<BR>
acl Safe_ports port 21 # ftp <BR>
acl Safe_ports port 445 443 441 563 # https, snews<BR>
acl Safe_ports port 70 # gopher<BR>
acl Safe_ports port 210 # wais <BR>
acl Safe_ports port 1025-65535 # unregistered ports<BR>
acl Safe_ports port 280 # http-mgmt<BR>
acl Safe_ports port 488 # gss-http <BR>
acl Safe_ports port 591 # filemaker<BR>
acl Safe_ports port 777 # multiling http<BR>
<BR>
acl CONNECT method CONNECT<BR>
<BR>
# TAG: http_access<BR>
# ----------------------------------------------------------------<BR>
<BR>
<BR>
<BR>
http_access allow localhost<BR>
http_access deny !Safe_ports<BR>
http_access deny CONNECT !SSL_ports<BR>
<BR>
http_access allow localnetgreen<BR>
http_access allow CONNECT localnetgreen<BR>
<BR>
http_access allow localhostgreen<BR>
http_access allow CONNECT localhostgreen<BR>
<BR>
# http_port and https_port<BR>
#----------------------------------------------------------------------------<BR>
<BR>
# For forward-proxy port. Squid uses this port to serve error pages, ftp icons and communication with other proxies.<BR>
#----------------------------------------------------------------------------<BR>
http_port 3127<BR>
<BR>
http_port <A HREF="http://10.20.20.1:800">10.20.20.1:800</A> intercept<BR>
https_port <A HREF="http://10.20.20.1:808">10.20.20.1:808</A> intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/var/smoothwall/mods/proxy/ssl_cert/squidCA.pem<BR>
<BR>
<BR>
http_port <A HREF="http://127.0.0.1:800">127.0.0.1:800</A> intercept<BR>
<BR>
sslproxy_cert_error allow all<BR>
sslproxy_flags DONT_VERIFY_PEER<BR>
sslproxy_session_cache_size 4 MB<BR>
<BR>
ssl_bump none localhostgreen<BR>
<BR>
acl step1 at_step SslBump1<BR>
acl step2 at_step SslBump2<BR>
ssl_bump peek step1<BR>
ssl_bump bump all<BR>
<BR>
sslcrtd_program /var/smoothwall/mods/proxy/libexec/ssl_crtd -s /var/smoothwall/mods/proxy/lib/ssl_db -M 4MB<BR>
sslcrtd_children 5<BR>
<BR>
http_access deny all<BR>
<BR>
cache_replacement_policy heap GDSF<BR>
memory_replacement_policy heap GDSF<BR>
<BR>
# CACHE OPTIONS<BR>
# ----------------------------------------------------------------------------<BR>
cache_effective_user squid<BR>
cache_effective_group squid<BR>
<BR>
cache_swap_high 100<BR>
cache_swap_low 80<BR>
<BR>
cache_access_log stdio:/var/log/squid/access.log<BR>
cache_log /var/log/squid/cache.log<BR>
cache_mem 64 MB<BR>
<BR>
cache_dir diskd /var/spool/squid/cache 1024 16 256<BR>
<BR>
maximum_object_size 33 MB<BR>
<BR>
minimum_object_size 0 KB<BR>
<BR>
<BR>
request_body_max_size 0 KB<BR>
<BR>
# OTHER OPTIONS<BR>
# ----------------------------------------------------------------------------<BR>
#via off<BR>
forwarded_for off<BR>
<BR>
pid_filename /var/run/squid.pid<BR>
<BR>
shutdown_lifetime 30 seconds<BR>
icp_port 3130<BR>
<BR>
half_closed_clients off<BR>
icap_enable on<BR>
icap_send_client_ip on<BR>
icap_send_client_username on<BR>
icap_client_username_encode off<BR>
icap_client_username_header X-Authenticated-User<BR>
icap_preview_enable on<BR>
icap_preview_size 1024<BR>
icap_service service_avi_req reqmod_precache icap://localhost:1344/squidclamav bypass=off<BR>
adaptation_access service_avi_req allow all<BR>
icap_service service_avi_resp respmod_precache icap://localhost:1344/squidclamav bypass=on<BR>
adaptation_access service_avi_resp allow all<BR>
<BR>
umask 022<BR>
<BR>
logfile_rotate 0<BR>
<BR>
strip_query_terms off<BR>
<BR>
redirect_program /usr/sbin/squidGuard<BR>
url_rewrite_children 5<BR>
<BR>
<BR>
And the cache.log file when starting 3.5.6 with debug options on in squid.conf<BR>
<BR>
<I>2015/07/24 17:15:06.230| Acl.cc(380) ~ACL: freeing ACL adaptation_access</I><BR>
<I>2015/07/24 17:15:06.230| Acl.cc(380) ~ACL: freeing ACL adaptation_access</I><BR>
<I>2015/07/24 17:15:06.230| Acl.cc(380) ~ACL: freeing ACL </I><BR>
<I>2015/07/24 17:15:06.230| Acl.cc(380) ~ACL: freeing ACL </I><BR>
<I>2015/07/24 17:15:06.231| Acl.cc(380) ~ACL: freeing ACL </I><BR>
<I>2015/07/24 17:15:06.231| Acl.cc(380) ~ACL: freeing ACL </I><BR>
<I>2015/07/24 17:15:06.231| Acl.cc(380) ~ACL: freeing ACL </I><BR>
<I>2015/07/24 17:15:06.231| Acl.cc(380) ~ACL: freeing ACL </I><BR>
<I>2015/07/24 17:15:06.231| Acl.cc(380) ~ACL: freeing ACL </I><BR>
<I>2015/07/24 17:15:06.231| Acl.cc(380) ~ACL: freeing ACL </I><BR>
<I>2015/07/24 17:15:06.231| Acl.cc(380) ~ACL: freeing ACL </I><BR>
<I>2015/07/24 17:15:06.231| Acl.cc(380) ~ACL: freeing ACL </I><BR>
<I>2015/07/24 17:15:06.231| Acl.cc(380) ~ACL: freeing ACL </I><BR>
<I>2015/07/24 17:15:06.231| Acl.cc(380) ~ACL: freeing ACL </I><BR>
<I>2015/07/24 17:15:06.231| Acl.cc(380) ~ACL: freeing ACL </I><BR>
<I>2015/07/24 17:15:06.231| Acl.cc(380) ~ACL: freeing ACL </I><BR>
<I>2015/07/24 17:15:06.231| Acl.cc(380) ~ACL: freeing ACL </I><BR>
<I>2015/07/24 17:15:06.231| Acl.cc(380) ~ACL: freeing ACL </I><BR>
<I>2015/07/24 17:15:06.231| Acl.cc(380) ~ACL: freeing ACL </I><BR>
<I>2015/07/24 17:15:06.231| Acl.cc(380) ~ACL: freeing ACL </I><BR>
<I>2015/07/24 17:15:06.231| Acl.cc(380) ~ACL: freeing ACL </I><BR>
<I>2015/07/24 17:15:06.231| Acl.cc(380) ~ACL: freeing ACL </I><BR>
<I>2015/07/24 17:15:06.231| Acl.cc(380) ~ACL: freeing ACL </I><BR>
<I>2015/07/24 17:15:06.231| Acl.cc(380) ~ACL: freeing ACL </I><BR>
<I>2015/07/24 17:15:06.231| Acl.cc(380) ~ACL: freeing ACL </I><BR>
<I>2015/07/24 17:15:06.231| Acl.cc(380) ~ACL: freeing ACL </I><BR>
<I>2015/07/24 17:15:06.231| Acl.cc(380) ~ACL: freeing ACL </I><BR>
<I>2015/07/24 17:15:06.232| Acl.cc(380) ~ACL: freeing ACL </I><BR>
<I>2015/07/24 17:15:06.232| Acl.cc(380) ~ACL: freeing ACL </I><BR>
<I>2015/07/24 17:15:06.232| Acl.cc(380) ~ACL: freeing ACL </I><BR>
<I>2015/07/24 17:15:06.232| Acl.cc(380) ~ACL: freeing ACL </I><BR>
<I>2015/07/24 17:15:06.232| Acl.cc(380) ~ACL: freeing ACL </I><BR>
<I>2015/07/24 17:15:06.232| Acl.cc(380) ~ACL: freeing ACL </I><BR>
<I>2015/07/24 17:15:06.232| Acl.cc(380) ~ACL: freeing ACL </I><BR>
<I>2015/07/24 17:15:06.232| Acl.cc(380) ~ACL: freeing ACL </I><BR>
<I>2015/07/24 17:15:06.232| Acl.cc(380) ~ACL: freeing ACL </I><BR>
<I>2015/07/24 17:15:06.232| Acl.cc(380) ~ACL: freeing ACL </I><BR>
<I>2015/07/24 17:15:06.232| Acl.cc(380) ~ACL: freeing ACL </I><BR>
<I>2015/07/24 17:15:06.232| Acl.cc(380) ~ACL: freeing ACL </I><BR>
<I>2015/07/24 17:15:06.232| Acl.cc(380) ~ACL: freeing ACL </I><BR>
<I>2015/07/24 17:15:06.232| Acl.cc(380) ~ACL: freeing ACL </I><BR>
<I>2015/07/24 17:15:06.232| Acl.cc(380) ~ACL: freeing ACL </I><BR>
<I>2015/07/24 17:15:06.232| Acl.cc(380) ~ACL: freeing ACL </I><BR>
<I>2015/07/24 17:15:06.232| Acl.cc(380) ~ACL: freeing ACL </I><BR>
<I>2015/07/24 17:15:06.232| Acl.cc(380) ~ACL: freeing ACL </I><BR>
<I>2015/07/24 17:15:06.232| Acl.cc(380) ~ACL: freeing ACL </I><BR>
<I>2015/07/24 17:15:06.232| Acl.cc(380) ~ACL: freeing ACL </I><BR>
<I>2015/07/24 17:15:06.232| Acl.cc(380) ~ACL: freeing ACL </I><BR>
<I>2015/07/24 17:15:06.232| Acl.cc(380) ~ACL: freeing ACL </I><BR>
<I>2015/07/24 17:15:06.232| Acl.cc(380) ~ACL: freeing ACL </I><BR>
<I>2015/07/24 17:15:06.232| Acl.cc(380) ~ACL: freeing ACL </I><BR>
<I>2015/07/24 17:15:06.232| Acl.cc(380) ~ACL: freeing ACL </I><BR>
<I>2015/07/24 17:15:06.232| Acl.cc(380) ~ACL: freeing ACL </I><BR>
<I>2015/07/24 17:15:06.232| Acl.cc(380) ~ACL: freeing ACL </I><BR>
<I>2015/07/24 17:15:06.232| Acl.cc(380) ~ACL: freeing ACL </I><BR>
<I>2015/07/24 17:15:06 kid1| Current Directory is /</I><BR>
<I>2015/07/24 17:15:06 kid1| Starting Squid Cache version 3.5.6 for i586-pc-linux-gnu...</I><BR>
<I>2015/07/24 17:15:06 kid1| Service Name: squid</I><BR>
<I>2015/07/24 17:15:06 kid1| Process ID 2907</I><BR>
<I>2015/07/24 17:15:06 kid1| Process Roles: worker</I><BR>
<I>2015/07/24 17:15:06 kid1| With 1024 file descriptors available</I><BR>
<I>2015/07/24 17:15:06 kid1| Initializing IP Cache...</I><BR>
<I>2015/07/24 17:15:06 kid1| DNS Socket created at 0.0.0.0, FD 8</I><BR>
<I>2015/07/24 17:15:06 kid1| Adding nameserver 127.0.0.1 from /etc/resolv.conf</I><BR>
<I>2015/07/24 17:15:06 kid1| helperOpenServers: Starting 0/5 'squidGuard' processes</I><BR>
<I>2015/07/24 17:15:06 kid1| helperOpenServers: No 'squidGuard' processes needed.</I><BR>
<I>2015/07/24 17:15:06 kid1| Logfile: opening log stdio:/var/log/squid/access.log</I><BR>
<I>2015/07/24 17:15:06 kid1| Unlinkd pipe opened on FD 15</I><BR>
<I>2015/07/24 17:15:06 kid1| Store logging disabled</I><BR>
<I>2015/07/24 17:15:06 kid1| Swap maxSize 1048576 + 65536 KB, estimated 85700 objects</I><BR>
<I>2015/07/24 17:15:06 kid1| Target number of buckets: 4285</I><BR>
<I>2015/07/24 17:15:06 kid1| Using 8192 Store buckets</I><BR>
<I>2015/07/24 17:15:06 kid1| Max Mem size: 65536 KB</I><BR>
<I>2015/07/24 17:15:06 kid1| Max Swap size: 1048576 KB</I><BR>
<I>2015/07/24 17:15:06 kid1| Rebuilding storage in /var/spool/squid/cache (dirty log)</I><BR>
<I>2015/07/24 17:15:06 kid1| Using Least Load store dir selection</I><BR>
<I>2015/07/24 17:15:06 kid1| Current Directory is /</I><BR>
<I>2015/07/24 17:15:06 kid1| Finished loading MIME types and icons.</I><BR>
<I>2015/07/24 17:15:06.578 kid1| AsyncCall.cc(26) AsyncCall: The AsyncCall clientListenerConnectionOpened constructed, this=0x946d218 [call5]</I><BR>
<I>2015/07/24 17:15:06.578 kid1| AsyncCall.cc(93) ScheduleCall: StartListening.cc(59) will call clientListenerConnectionOpened(local=<A HREF="http://0.0.0.0:3127">0.0.0.0:3127</A> remote=[::] FD 20 flags=9, err=0, HTTP Socket port=0x946d24c) [call5]</I><BR>
<I>2015/07/24 17:15:06.578 kid1| AsyncCall.cc(26) AsyncCall: The AsyncCall clientListenerConnectionOpened constructed, this=0x946d3a8 [call7]</I><BR>
<I>2015/07/24 17:15:06.578 kid1| AsyncCall.cc(93) ScheduleCall: StartListening.cc(59) will call clientListenerConnectionOpened(local=<A HREF="http://10.20.20.1:800">10.20.20.1:800</A> remote=[::] FD 21 flags=41, err=0, HTTP Socket port=0x946d3dc) [call7]</I><BR>
<I>2015/07/24 17:15:06.578 kid1| AsyncCall.cc(26) AsyncCall: The AsyncCall clientListenerConnectionOpened constructed, this=0x946d510 [call9]</I><BR>
<I>2015/07/24 17:15:06.578 kid1| AsyncCall.cc(93) ScheduleCall: StartListening.cc(59) will call clientListenerConnectionOpened(local=<A HREF="http://127.0.0.1:800">127.0.0.1:800</A> remote=[::] FD 22 flags=41, err=0, HTTP Socket port=0x946d544) [call9]</I><BR>
<I>2015/07/24 17:15:06.578 kid1| AsyncCall.cc(26) AsyncCall: The AsyncCall clientListenerConnectionOpened constructed, this=0x946d6b0 [call11]</I><BR>
<I>2015/07/24 17:15:06.578 kid1| AsyncCall.cc(93) ScheduleCall: StartListening.cc(59) will call clientListenerConnectionOpened(local=<A HREF="http://10.20.20.1:808">10.20.20.1:808</A> remote=[::] FD 23 flags=41, err=0, HTTPS Socket port=0x946d6e4) [call11]</I><BR>
<I>2015/07/24 17:15:06.578 kid1| HTCP Disabled.</I><BR>
<I>2015/07/24 17:15:06.578 kid1| Squid plugin modules loaded: 0</I><BR>
<I>2015/07/24 17:15:06.578 kid1| Adaptation support is on</I><BR>
<I>2015/07/24 17:15:06.578 kid1| AsyncCallQueue.cc(55) fireNext: entering clientListenerConnectionOpened(local=<A HREF="http://0.0.0.0:3127">0.0.0.0:3127</A> remote=[::] FD 20 flags=9, err=0, HTTP Socket port=0x946d24c)</I><BR>
<I>2015/07/24 17:15:06.578 kid1| AsyncCall.cc(38) make: make call clientListenerConnectionOpened [call5]</I><BR>
<I>2015/07/24 17:15:06.578 kid1| Accepting HTTP Socket connections at local=<A HREF="http://0.0.0.0:3127">0.0.0.0:3127</A> remote=[::] FD 20 flags=9</I><BR>
<I>2015/07/24 17:15:06.578 kid1| AsyncCallQueue.cc(57) fireNext: leaving clientListenerConnectionOpened(local=<A HREF="http://0.0.0.0:3127">0.0.0.0:3127</A> remote=[::] FD 20 flags=9, err=0, HTTP Socket port=0x946d24c)</I><BR>
<I>2015/07/24 17:15:06.578 kid1| AsyncCallQueue.cc(55) fireNext: entering clientListenerConnectionOpened(local=<A HREF="http://10.20.20.1:800">10.20.20.1:800</A> remote=[::] FD 21 flags=41, err=0, HTTP Socket port=0x946d3dc)</I><BR>
<I>2015/07/24 17:15:06.578 kid1| AsyncCall.cc(38) make: make call clientListenerConnectionOpened [call7]</I><BR>
<I>2015/07/24 17:15:06.578 kid1| Accepting NAT intercepted HTTP Socket connections at local=<A HREF="http://10.20.20.1:800">10.20.20.1:800</A> remote=[::] FD 21 flags=41</I><BR>
<I>2015/07/24 17:15:06.578 kid1| AsyncCallQueue.cc(57) fireNext: leaving clientListenerConnectionOpened(local=<A HREF="http://10.20.20.1:800">10.20.20.1:800</A> remote=[::] FD 21 flags=41, err=0, HTTP Socket port=0x946d3dc)</I><BR>
<I>2015/07/24 17:15:06.579 kid1| AsyncCallQueue.cc(55) fireNext: entering clientListenerConnectionOpened(local=<A HREF="http://127.0.0.1:800">127.0.0.1:800</A> remote=[::] FD 22 flags=41, err=0, HTTP Socket port=0x946d544)</I><BR>
<I>2015/07/24 17:15:06.579 kid1| AsyncCall.cc(38) make: make call clientListenerConnectionOpened [call9]</I><BR>
<I>2015/07/24 17:15:06.579 kid1| Accepting NAT intercepted HTTP Socket connections at local=<A HREF="http://127.0.0.1:800">127.0.0.1:800</A> remote=[::] FD 22 flags=41</I><BR>
<I>2015/07/24 17:15:06.579 kid1| AsyncCallQueue.cc(57) fireNext: leaving clientListenerConnectionOpened(local=<A HREF="http://127.0.0.1:800">127.0.0.1:800</A> remote=[::] FD 22 flags=41, err=0, HTTP Socket port=0x946d544)</I><BR>
<I>2015/07/24 17:15:06.579 kid1| AsyncCallQueue.cc(55) fireNext: entering clientListenerConnectionOpened(local=<A HREF="http://10.20.20.1:808">10.20.20.1:808</A> remote=[::] FD 23 flags=41, err=0, HTTPS Socket port=0x946d6e4)</I><BR>
<I>2015/07/24 17:15:06.579 kid1| AsyncCall.cc(38) make: make call clientListenerConnectionOpened [call11]</I><BR>
<I>2015/07/24 17:15:06.579 kid1| Accepting NAT intercepted SSL bumped HTTPS Socket connections at local=<A HREF="http://10.20.20.1:808">10.20.20.1:808</A> remote=[::] FD 23 flags=41</I><BR>
<I>2015/07/24 17:15:06.579 kid1| AsyncCallQueue.cc(57) fireNext: leaving clientListenerConnectionOpened(local=<A HREF="http://10.20.20.1:808">10.20.20.1:808</A> remote=[::] FD 23 flags=41, err=0, HTTPS Socket port=0x946d6e4)</I><BR>
<I>2015/07/24 17:15:06.579 kid1| Accepting ICP messages on <A HREF="http://0.0.0.0:3130">0.0.0.0:3130</A></I><BR>
<I>2015/07/24 17:15:06.579 kid1| Sending ICP messages from <A HREF="http://0.0.0.0:3130">0.0.0.0:3130</A></I><BR>
<I>2015/07/24 17:15:06.579 kid1| Done reading /var/spool/squid/cache swaplog (12 entries)</I><BR>
<I>2015/07/24 17:15:06.579 kid1| Finished rebuilding storage from disk.</I><BR>
<I>2015/07/24 17:15:06.579 kid1| 12 Entries scanned</I><BR>
<I>2015/07/24 17:15:06.579 kid1| 0 Invalid entries.</I><BR>
<I>2015/07/24 17:15:06.579 kid1| 0 With invalid flags.</I><BR>
<I>2015/07/24 17:15:06.579 kid1| 12 Objects loaded.</I><BR>
<I>2015/07/24 17:15:06.579 kid1| 0 Objects expired.</I><BR>
<I>2015/07/24 17:15:06.579 kid1| 0 Objects cancelled.</I><BR>
<I>2015/07/24 17:15:06.579 kid1| 0 Duplicate URLs purged.</I><BR>
<I>2015/07/24 17:15:06.579 kid1| 0 Swapfile clashes avoided.</I><BR>
<I>2015/07/24 17:15:06.579 kid1| Took 0.06 seconds (210.47 objects/sec).</I><BR>
<I>2015/07/24 17:15:06.579 kid1| Beginning Validation Procedure</I><BR>
<I>2015/07/24 17:15:06.579 kid1| Completed Validation Procedure</I><BR>
<I>2015/07/24 17:15:06.579 kid1| Validated 12 Entries</I><BR>
<I>2015/07/24 17:15:06.579 kid1| store_swap_size = 1444.00 KB</I><BR>
<I>2015/07/24 17:15:07 kid1| storeLateRelease: released 0 objects</I><BR>
<BR>
<BR>
<BR>
Any help or suggestions greatly appreciated.<BR>
<BR>
<BR>
Regards<BR>
<BR>
<BR>
Stan<BR>
<BR>
<BR>
</BLOCKQUOTE>
</BLOCKQUOTE>
</BLOCKQUOTE>
<BLOCKQUOTE TYPE=CITE>
<BLOCKQUOTE>
<BLOCKQUOTE TYPE=CITE>
<PRE>
_______________________________________________
squid-users mailing list
<A HREF="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</A>
<A HREF="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</A>
</PRE>
</BLOCKQUOTE>
<BR>
I do not experience this issue:<BR>
<BR>
<TT>[18:04:56 <A HREF="mailto:jlay@gateway">jlay</A>:~/nobackup/build$] ps aux | egrep "ssl|squid"</TT><BR>
<TT>root 3173 0.0 0.0 18840 372 ? Ss Jul23 0:00 /opt/sbin/squid</TT><BR>
<TT>nobody 3175 0.0 1.2 52856 39744 ? S Jul23 0:47 (squid-1)</TT><BR>
<TT>nobody 3177 0.0 0.0 5916 2040 ? S Jul23 0:05 (ssl_crtd) -s /opt/var/ssl_db -M 4MB -b 4096</TT><BR>
<TT>nobody 3178 0.0 0.0 5828 1840 ? S Jul23 0:00 (ssl_crtd) -s /opt/var/ssl_db -M 4MB -b 4096</TT><BR>
<TT>nobody 3179 0.0 0.0 5828 1708 ? S Jul23 0:00 (ssl_crtd) -s /opt/var/ssl_db -M 4MB -b 4096</TT><BR>
<TT>nobody 3180 0.0 0.0 5648 912 ? S Jul23 0:00 (ssl_crtd) -s /opt/var/ssl_db -M 4MB -b 4096</TT><BR>
<TT>nobody 3181 0.0 0.0 5648 912 ? S Jul23 0:00 (ssl_crtd) -s /opt/var/ssl_db -M 4MB -b 4096</TT><BR>
<BR>
my config line:<BR>
./configure --prefix=/opt --with-openssl --enable-ssl --enable-ssl-crtd --enable-linux-netfilter --enable-follow-x-forwarded-for --with-large-files --sysconfdir=/opt/etc/squid --enable-external-acl-helpers=none<BR>
<BR>
Squid Cache: Version 3.5.6<BR>
<BR>
<FONT COLOR="#888888">James</FONT>
</BLOCKQUOTE>
</BLOCKQUOTE>
<BLOCKQUOTE TYPE=CITE>
<BLOCKQUOTE>
<BR>
_______________________________________________<BR>
squid-users mailing list<BR>
<A HREF="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</A><BR>
<A HREF="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</A><BR>
<BR>
</BLOCKQUOTE>
</BLOCKQUOTE>
<BLOCKQUOTE TYPE=CITE>
<BR>
<BR>
</BLOCKQUOTE>
<BLOCKQUOTE TYPE=CITE>
<PRE>
_______________________________________________
squid-users mailing list
<A HREF="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</A>
<A HREF="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</A>
</PRE>
</BLOCKQUOTE>
<BR>
I recall when just starting out with ssl_crtd and had issue until I set the user running as squid on my ssl_db dir:<BR>
<BR>
<TT>drwxr-xr-x 3 nobody root 4096 May 30 17:22 ssl_db</TT><BR>
<BR>
My ssl_crtd lines:<BR>
<TT>sslcrtd_program /opt/libexec/ssl_crtd -s /opt/var/ssl_db -M 4MB</TT><BR>
<TT>sslcrtd_children 5</TT><BR>
<BR>
Hope it helps.<BR>
<BR>
James
</BODY>
</HTML>