<div dir="ltr">I did a new install of Squid 3.5.6 and it seems to be working now.<br></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Jul 24, 2015 at 7:24 PM, James Lay <span dir="ltr"><<a href="mailto:jlay@slave-tothe-box.net" target="_blank">jlay@slave-tothe-box.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><u></u>
<div><div><div class="h5">
On Fri, 2015-07-24 at 19:15 -0500, Stanford Prescott wrote:
<blockquote type="CITE">
Thanks for that. Any ideas why I am experiencing that?<br>
<br>
<br>
</blockquote>
<blockquote type="CITE">
Stan<br>
<br>
<br>
</blockquote>
<blockquote type="CITE">
<br>
</blockquote>
<blockquote type="CITE">
On Fri, Jul 24, 2015 at 7:07 PM, James Lay <<a href="mailto:jlay@slave-tothe-box.net" target="_blank">jlay@slave-tothe-box.net</a>> wrote:
</blockquote>
<blockquote type="CITE">
<blockquote>
On Fri, 2015-07-24 at 17:25 -0500, Stanford Prescott wrote: <br>
<blockquote type="CITE">
I have a working implementation of Squid 3.5.5 with ssl-bump. When 3.5.5 is started with ssl-bump enabled all the squid and ssl_crtd processes start and Squid functions as intended when bumping ssl sites. However, when I bump Squid to 3.5.6 squid seems to start but ssl_crtd does not and Squid 3.5.6 cannot successfully bump ssl.<br>
<br>
<br>
These are the config options I use for both 3.5.5 and 3.5.6.<br>
<br>
--enable-storeio="diskd,ufs,aufs" --enable-linux-netfilter \<br>
--enable-removal-policies="heap,lru" --enable-delay-pools --libdir=/usr/lib/ \<br>
--localstatedir=/var --with-dl --with-openssl --enable-http-violations \<br>
--with-large-files --with-libcap --disable-ipv6 --with-swapdir=/var/spool/squid \<br>
--enable-ssl-crtd --enable-follow-x-forwarded-for<br>
<br>
<br>
<br>
This is the squid.conf file used for both versions.<br>
<br>
visible_hostname smoothwallu3<br>
<br>
# Uncomment the following to send debug info to /var/log/squid/cache.log<br>
debug_options ALL,1 33,2 28,9<br>
<br>
# ACCESS CONTROLS<br>
# ----------------------------------------------------------------<br>
acl localhostgreen src 10.20.20.1<br>
acl localnetgreen src <a href="http://10.20.20.0/24" target="_blank">10.20.20.0/24</a><br>
<br>
acl SSL_ports port 445 443 441 563<br>
acl Safe_ports port 80 # http<br>
acl Safe_ports port 81 # smoothwall http<br>
acl Safe_ports port 21 # ftp <br>
acl Safe_ports port 445 443 441 563 # https, snews<br>
acl Safe_ports port 70 # gopher<br>
acl Safe_ports port 210 # wais <br>
acl Safe_ports port 1025-65535 # unregistered ports<br>
acl Safe_ports port 280 # http-mgmt<br>
acl Safe_ports port 488 # gss-http <br>
acl Safe_ports port 591 # filemaker<br>
acl Safe_ports port 777 # multiling http<br>
<br>
acl CONNECT method CONNECT<br>
<br>
# TAG: http_access<br>
# ----------------------------------------------------------------<br>
<br>
<br>
<br>
http_access allow localhost<br>
http_access deny !Safe_ports<br>
http_access deny CONNECT !SSL_ports<br>
<br>
http_access allow localnetgreen<br>
http_access allow CONNECT localnetgreen<br>
<br>
http_access allow localhostgreen<br>
http_access allow CONNECT localhostgreen<br>
<br>
# http_port and https_port<br>
#----------------------------------------------------------------------------<br>
<br>
# For forward-proxy port. Squid uses this port to serve error pages, ftp icons and communication with other proxies.<br>
#----------------------------------------------------------------------------<br>
http_port 3127<br>
<br>
http_port <a href="http://10.20.20.1:800" target="_blank">10.20.20.1:800</a> intercept<br>
https_port <a href="http://10.20.20.1:808" target="_blank">10.20.20.1:808</a> intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/var/smoothwall/mods/proxy/ssl_cert/squidCA.pem<br>
<br>
<br>
http_port <a href="http://127.0.0.1:800" target="_blank">127.0.0.1:800</a> intercept<br>
<br>
sslproxy_cert_error allow all<br>
sslproxy_flags DONT_VERIFY_PEER<br>
sslproxy_session_cache_size 4 MB<br>
<br>
ssl_bump none localhostgreen<br>
<br>
acl step1 at_step SslBump1<br>
acl step2 at_step SslBump2<br>
ssl_bump peek step1<br>
ssl_bump bump all<br>
<br>
sslcrtd_program /var/smoothwall/mods/proxy/libexec/ssl_crtd -s /var/smoothwall/mods/proxy/lib/ssl_db -M 4MB<br>
sslcrtd_children 5<br>
<br>
http_access deny all<br>
<br>
cache_replacement_policy heap GDSF<br>
memory_replacement_policy heap GDSF<br>
<br>
# CACHE OPTIONS<br>
# ----------------------------------------------------------------------------<br>
cache_effective_user squid<br>
cache_effective_group squid<br>
<br>
cache_swap_high 100<br>
cache_swap_low 80<br>
<br>
cache_access_log stdio:/var/log/squid/access.log<br>
cache_log /var/log/squid/cache.log<br>
cache_mem 64 MB<br>
<br>
cache_dir diskd /var/spool/squid/cache 1024 16 256<br>
<br>
maximum_object_size 33 MB<br>
<br>
minimum_object_size 0 KB<br>
<br>
<br>
request_body_max_size 0 KB<br>
<br>
# OTHER OPTIONS<br>
# ----------------------------------------------------------------------------<br>
#via off<br>
forwarded_for off<br>
<br>
pid_filename /var/run/squid.pid<br>
<br>
shutdown_lifetime 30 seconds<br>
icp_port 3130<br>
<br>
half_closed_clients off<br>
icap_enable on<br>
icap_send_client_ip on<br>
icap_send_client_username on<br>
icap_client_username_encode off<br>
icap_client_username_header X-Authenticated-User<br>
icap_preview_enable on<br>
icap_preview_size 1024<br>
icap_service service_avi_req reqmod_precache icap://localhost:1344/squidclamav bypass=off<br>
adaptation_access service_avi_req allow all<br>
icap_service service_avi_resp respmod_precache icap://localhost:1344/squidclamav bypass=on<br>
adaptation_access service_avi_resp allow all<br>
<br>
umask 022<br>
<br>
logfile_rotate 0<br>
<br>
strip_query_terms off<br>
<br>
redirect_program /usr/sbin/squidGuard<br>
url_rewrite_children 5<br>
<br>
<br>
And the cache.log file when starting 3.5.6 with debug options on in squid.conf<br>
<br>
<i>2015/07/24 17:15:06.230| Acl.cc(380) ~ACL: freeing ACL adaptation_access</i><br>
<i>2015/07/24 17:15:06.230| Acl.cc(380) ~ACL: freeing ACL adaptation_access</i><br>
<i>2015/07/24 17:15:06.230| Acl.cc(380) ~ACL: freeing ACL </i><br>
<i>2015/07/24 17:15:06.230| Acl.cc(380) ~ACL: freeing ACL </i><br>
<i>2015/07/24 17:15:06.231| Acl.cc(380) ~ACL: freeing ACL </i><br>
<i>2015/07/24 17:15:06.231| Acl.cc(380) ~ACL: freeing ACL </i><br>
<i>2015/07/24 17:15:06.231| Acl.cc(380) ~ACL: freeing ACL </i><br>
<i>2015/07/24 17:15:06.231| Acl.cc(380) ~ACL: freeing ACL </i><br>
<i>2015/07/24 17:15:06.231| Acl.cc(380) ~ACL: freeing ACL </i><br>
<i>2015/07/24 17:15:06.231| Acl.cc(380) ~ACL: freeing ACL </i><br>
<i>2015/07/24 17:15:06.231| Acl.cc(380) ~ACL: freeing ACL </i><br>
<i>2015/07/24 17:15:06.231| Acl.cc(380) ~ACL: freeing ACL </i><br>
<i>2015/07/24 17:15:06.231| Acl.cc(380) ~ACL: freeing ACL </i><br>
<i>2015/07/24 17:15:06.231| Acl.cc(380) ~ACL: freeing ACL </i><br>
<i>2015/07/24 17:15:06.231| Acl.cc(380) ~ACL: freeing ACL </i><br>
<i>2015/07/24 17:15:06.231| Acl.cc(380) ~ACL: freeing ACL </i><br>
<i>2015/07/24 17:15:06.231| Acl.cc(380) ~ACL: freeing ACL </i><br>
<i>2015/07/24 17:15:06.231| Acl.cc(380) ~ACL: freeing ACL </i><br>
<i>2015/07/24 17:15:06.231| Acl.cc(380) ~ACL: freeing ACL </i><br>
<i>2015/07/24 17:15:06.231| Acl.cc(380) ~ACL: freeing ACL </i><br>
<i>2015/07/24 17:15:06.231| Acl.cc(380) ~ACL: freeing ACL </i><br>
<i>2015/07/24 17:15:06.231| Acl.cc(380) ~ACL: freeing ACL </i><br>
<i>2015/07/24 17:15:06.231| Acl.cc(380) ~ACL: freeing ACL </i><br>
<i>2015/07/24 17:15:06.231| Acl.cc(380) ~ACL: freeing ACL </i><br>
<i>2015/07/24 17:15:06.231| Acl.cc(380) ~ACL: freeing ACL </i><br>
<i>2015/07/24 17:15:06.231| Acl.cc(380) ~ACL: freeing ACL </i><br>
<i>2015/07/24 17:15:06.231| Acl.cc(380) ~ACL: freeing ACL </i><br>
<i>2015/07/24 17:15:06.232| Acl.cc(380) ~ACL: freeing ACL </i><br>
<i>2015/07/24 17:15:06.232| Acl.cc(380) ~ACL: freeing ACL </i><br>
<i>2015/07/24 17:15:06.232| Acl.cc(380) ~ACL: freeing ACL </i><br>
<i>2015/07/24 17:15:06.232| Acl.cc(380) ~ACL: freeing ACL </i><br>
<i>2015/07/24 17:15:06.232| Acl.cc(380) ~ACL: freeing ACL </i><br>
<i>2015/07/24 17:15:06.232| Acl.cc(380) ~ACL: freeing ACL </i><br>
<i>2015/07/24 17:15:06.232| Acl.cc(380) ~ACL: freeing ACL </i><br>
<i>2015/07/24 17:15:06.232| Acl.cc(380) ~ACL: freeing ACL </i><br>
<i>2015/07/24 17:15:06.232| Acl.cc(380) ~ACL: freeing ACL </i><br>
<i>2015/07/24 17:15:06.232| Acl.cc(380) ~ACL: freeing ACL </i><br>
<i>2015/07/24 17:15:06.232| Acl.cc(380) ~ACL: freeing ACL </i><br>
<i>2015/07/24 17:15:06.232| Acl.cc(380) ~ACL: freeing ACL </i><br>
<i>2015/07/24 17:15:06.232| Acl.cc(380) ~ACL: freeing ACL </i><br>
<i>2015/07/24 17:15:06.232| Acl.cc(380) ~ACL: freeing ACL </i><br>
<i>2015/07/24 17:15:06.232| Acl.cc(380) ~ACL: freeing ACL </i><br>
<i>2015/07/24 17:15:06.232| Acl.cc(380) ~ACL: freeing ACL </i><br>
<i>2015/07/24 17:15:06.232| Acl.cc(380) ~ACL: freeing ACL </i><br>
<i>2015/07/24 17:15:06.232| Acl.cc(380) ~ACL: freeing ACL </i><br>
<i>2015/07/24 17:15:06.232| Acl.cc(380) ~ACL: freeing ACL </i><br>
<i>2015/07/24 17:15:06.232| Acl.cc(380) ~ACL: freeing ACL </i><br>
<i>2015/07/24 17:15:06.232| Acl.cc(380) ~ACL: freeing ACL </i><br>
<i>2015/07/24 17:15:06.232| Acl.cc(380) ~ACL: freeing ACL </i><br>
<i>2015/07/24 17:15:06.232| Acl.cc(380) ~ACL: freeing ACL </i><br>
<i>2015/07/24 17:15:06.232| Acl.cc(380) ~ACL: freeing ACL </i><br>
<i>2015/07/24 17:15:06.232| Acl.cc(380) ~ACL: freeing ACL </i><br>
<i>2015/07/24 17:15:06.232| Acl.cc(380) ~ACL: freeing ACL </i><br>
<i>2015/07/24 17:15:06.232| Acl.cc(380) ~ACL: freeing ACL </i><br>
<i>2015/07/24 17:15:06.232| Acl.cc(380) ~ACL: freeing ACL </i><br>
<i>2015/07/24 17:15:06 kid1| Current Directory is /</i><br>
<i>2015/07/24 17:15:06 kid1| Starting Squid Cache version 3.5.6 for i586-pc-linux-gnu...</i><br>
<i>2015/07/24 17:15:06 kid1| Service Name: squid</i><br>
<i>2015/07/24 17:15:06 kid1| Process ID 2907</i><br>
<i>2015/07/24 17:15:06 kid1| Process Roles: worker</i><br>
<i>2015/07/24 17:15:06 kid1| With 1024 file descriptors available</i><br>
<i>2015/07/24 17:15:06 kid1| Initializing IP Cache...</i><br>
<i>2015/07/24 17:15:06 kid1| DNS Socket created at 0.0.0.0, FD 8</i><br>
<i>2015/07/24 17:15:06 kid1| Adding nameserver 127.0.0.1 from /etc/resolv.conf</i><br>
<i>2015/07/24 17:15:06 kid1| helperOpenServers: Starting 0/5 'squidGuard' processes</i><br>
<i>2015/07/24 17:15:06 kid1| helperOpenServers: No 'squidGuard' processes needed.</i><br>
<i>2015/07/24 17:15:06 kid1| Logfile: opening log stdio:/var/log/squid/access.log</i><br>
<i>2015/07/24 17:15:06 kid1| Unlinkd pipe opened on FD 15</i><br>
<i>2015/07/24 17:15:06 kid1| Store logging disabled</i><br>
<i>2015/07/24 17:15:06 kid1| Swap maxSize 1048576 + 65536 KB, estimated 85700 objects</i><br>
<i>2015/07/24 17:15:06 kid1| Target number of buckets: 4285</i><br>
<i>2015/07/24 17:15:06 kid1| Using 8192 Store buckets</i><br>
<i>2015/07/24 17:15:06 kid1| Max Mem size: 65536 KB</i><br>
<i>2015/07/24 17:15:06 kid1| Max Swap size: 1048576 KB</i><br>
<i>2015/07/24 17:15:06 kid1| Rebuilding storage in /var/spool/squid/cache (dirty log)</i><br>
<i>2015/07/24 17:15:06 kid1| Using Least Load store dir selection</i><br>
<i>2015/07/24 17:15:06 kid1| Current Directory is /</i><br>
<i>2015/07/24 17:15:06 kid1| Finished loading MIME types and icons.</i><br>
<i>2015/07/24 17:15:06.578 kid1| AsyncCall.cc(26) AsyncCall: The AsyncCall clientListenerConnectionOpened constructed, this=0x946d218 [call5]</i><br>
<i>2015/07/24 17:15:06.578 kid1| AsyncCall.cc(93) ScheduleCall: StartListening.cc(59) will call clientListenerConnectionOpened(local=<a href="http://0.0.0.0:3127" target="_blank">0.0.0.0:3127</a> remote=[::] FD 20 flags=9, err=0, HTTP Socket port=0x946d24c) [call5]</i><br>
<i>2015/07/24 17:15:06.578 kid1| AsyncCall.cc(26) AsyncCall: The AsyncCall clientListenerConnectionOpened constructed, this=0x946d3a8 [call7]</i><br>
<i>2015/07/24 17:15:06.578 kid1| AsyncCall.cc(93) ScheduleCall: StartListening.cc(59) will call clientListenerConnectionOpened(local=<a href="http://10.20.20.1:800" target="_blank">10.20.20.1:800</a> remote=[::] FD 21 flags=41, err=0, HTTP Socket port=0x946d3dc) [call7]</i><br>
<i>2015/07/24 17:15:06.578 kid1| AsyncCall.cc(26) AsyncCall: The AsyncCall clientListenerConnectionOpened constructed, this=0x946d510 [call9]</i><br>
<i>2015/07/24 17:15:06.578 kid1| AsyncCall.cc(93) ScheduleCall: StartListening.cc(59) will call clientListenerConnectionOpened(local=<a href="http://127.0.0.1:800" target="_blank">127.0.0.1:800</a> remote=[::] FD 22 flags=41, err=0, HTTP Socket port=0x946d544) [call9]</i><br>
<i>2015/07/24 17:15:06.578 kid1| AsyncCall.cc(26) AsyncCall: The AsyncCall clientListenerConnectionOpened constructed, this=0x946d6b0 [call11]</i><br>
<i>2015/07/24 17:15:06.578 kid1| AsyncCall.cc(93) ScheduleCall: StartListening.cc(59) will call clientListenerConnectionOpened(local=<a href="http://10.20.20.1:808" target="_blank">10.20.20.1:808</a> remote=[::] FD 23 flags=41, err=0, HTTPS Socket port=0x946d6e4) [call11]</i><br>
<i>2015/07/24 17:15:06.578 kid1| HTCP Disabled.</i><br>
<i>2015/07/24 17:15:06.578 kid1| Squid plugin modules loaded: 0</i><br>
<i>2015/07/24 17:15:06.578 kid1| Adaptation support is on</i><br>
<i>2015/07/24 17:15:06.578 kid1| AsyncCallQueue.cc(55) fireNext: entering clientListenerConnectionOpened(local=<a href="http://0.0.0.0:3127" target="_blank">0.0.0.0:3127</a> remote=[::] FD 20 flags=9, err=0, HTTP Socket port=0x946d24c)</i><br>
<i>2015/07/24 17:15:06.578 kid1| AsyncCall.cc(38) make: make call clientListenerConnectionOpened [call5]</i><br>
<i>2015/07/24 17:15:06.578 kid1| Accepting HTTP Socket connections at local=<a href="http://0.0.0.0:3127" target="_blank">0.0.0.0:3127</a> remote=[::] FD 20 flags=9</i><br>
<i>2015/07/24 17:15:06.578 kid1| AsyncCallQueue.cc(57) fireNext: leaving clientListenerConnectionOpened(local=<a href="http://0.0.0.0:3127" target="_blank">0.0.0.0:3127</a> remote=[::] FD 20 flags=9, err=0, HTTP Socket port=0x946d24c)</i><br>
<i>2015/07/24 17:15:06.578 kid1| AsyncCallQueue.cc(55) fireNext: entering clientListenerConnectionOpened(local=<a href="http://10.20.20.1:800" target="_blank">10.20.20.1:800</a> remote=[::] FD 21 flags=41, err=0, HTTP Socket port=0x946d3dc)</i><br>
<i>2015/07/24 17:15:06.578 kid1| AsyncCall.cc(38) make: make call clientListenerConnectionOpened [call7]</i><br>
<i>2015/07/24 17:15:06.578 kid1| Accepting NAT intercepted HTTP Socket connections at local=<a href="http://10.20.20.1:800" target="_blank">10.20.20.1:800</a> remote=[::] FD 21 flags=41</i><br>
<i>2015/07/24 17:15:06.578 kid1| AsyncCallQueue.cc(57) fireNext: leaving clientListenerConnectionOpened(local=<a href="http://10.20.20.1:800" target="_blank">10.20.20.1:800</a> remote=[::] FD 21 flags=41, err=0, HTTP Socket port=0x946d3dc)</i><br>
<i>2015/07/24 17:15:06.579 kid1| AsyncCallQueue.cc(55) fireNext: entering clientListenerConnectionOpened(local=<a href="http://127.0.0.1:800" target="_blank">127.0.0.1:800</a> remote=[::] FD 22 flags=41, err=0, HTTP Socket port=0x946d544)</i><br>
<i>2015/07/24 17:15:06.579 kid1| AsyncCall.cc(38) make: make call clientListenerConnectionOpened [call9]</i><br>
<i>2015/07/24 17:15:06.579 kid1| Accepting NAT intercepted HTTP Socket connections at local=<a href="http://127.0.0.1:800" target="_blank">127.0.0.1:800</a> remote=[::] FD 22 flags=41</i><br>
<i>2015/07/24 17:15:06.579 kid1| AsyncCallQueue.cc(57) fireNext: leaving clientListenerConnectionOpened(local=<a href="http://127.0.0.1:800" target="_blank">127.0.0.1:800</a> remote=[::] FD 22 flags=41, err=0, HTTP Socket port=0x946d544)</i><br>
<i>2015/07/24 17:15:06.579 kid1| AsyncCallQueue.cc(55) fireNext: entering clientListenerConnectionOpened(local=<a href="http://10.20.20.1:808" target="_blank">10.20.20.1:808</a> remote=[::] FD 23 flags=41, err=0, HTTPS Socket port=0x946d6e4)</i><br>
<i>2015/07/24 17:15:06.579 kid1| AsyncCall.cc(38) make: make call clientListenerConnectionOpened [call11]</i><br>
<i>2015/07/24 17:15:06.579 kid1| Accepting NAT intercepted SSL bumped HTTPS Socket connections at local=<a href="http://10.20.20.1:808" target="_blank">10.20.20.1:808</a> remote=[::] FD 23 flags=41</i><br>
<i>2015/07/24 17:15:06.579 kid1| AsyncCallQueue.cc(57) fireNext: leaving clientListenerConnectionOpened(local=<a href="http://10.20.20.1:808" target="_blank">10.20.20.1:808</a> remote=[::] FD 23 flags=41, err=0, HTTPS Socket port=0x946d6e4)</i><br>
<i>2015/07/24 17:15:06.579 kid1| Accepting ICP messages on <a href="http://0.0.0.0:3130" target="_blank">0.0.0.0:3130</a></i><br>
<i>2015/07/24 17:15:06.579 kid1| Sending ICP messages from <a href="http://0.0.0.0:3130" target="_blank">0.0.0.0:3130</a></i><br>
<i>2015/07/24 17:15:06.579 kid1| Done reading /var/spool/squid/cache swaplog (12 entries)</i><br>
<i>2015/07/24 17:15:06.579 kid1| Finished rebuilding storage from disk.</i><br>
<i>2015/07/24 17:15:06.579 kid1| 12 Entries scanned</i><br>
<i>2015/07/24 17:15:06.579 kid1| 0 Invalid entries.</i><br>
<i>2015/07/24 17:15:06.579 kid1| 0 With invalid flags.</i><br>
<i>2015/07/24 17:15:06.579 kid1| 12 Objects loaded.</i><br>
<i>2015/07/24 17:15:06.579 kid1| 0 Objects expired.</i><br>
<i>2015/07/24 17:15:06.579 kid1| 0 Objects cancelled.</i><br>
<i>2015/07/24 17:15:06.579 kid1| 0 Duplicate URLs purged.</i><br>
<i>2015/07/24 17:15:06.579 kid1| 0 Swapfile clashes avoided.</i><br>
<i>2015/07/24 17:15:06.579 kid1| Took 0.06 seconds (210.47 objects/sec).</i><br>
<i>2015/07/24 17:15:06.579 kid1| Beginning Validation Procedure</i><br>
<i>2015/07/24 17:15:06.579 kid1| Completed Validation Procedure</i><br>
<i>2015/07/24 17:15:06.579 kid1| Validated 12 Entries</i><br>
<i>2015/07/24 17:15:06.579 kid1| store_swap_size = 1444.00 KB</i><br>
<i>2015/07/24 17:15:07 kid1| storeLateRelease: released 0 objects</i><br>
<br>
<br>
<br>
Any help or suggestions greatly appreciated.<br>
<br>
<br>
Regards<br>
<br>
<br>
Stan<br>
<br>
<br>
</blockquote>
</blockquote>
</blockquote>
<blockquote type="CITE">
<blockquote>
<blockquote type="CITE">
<pre>_______________________________________________
squid-users mailing list
<a href="mailto:squid-users@lists.squid-cache.org" target="_blank">squid-users@lists.squid-cache.org</a>
<a href="http://lists.squid-cache.org/listinfo/squid-users" target="_blank">http://lists.squid-cache.org/listinfo/squid-users</a>
</pre>
</blockquote>
<br>
I do not experience this issue:<br>
<br>
<tt>[18:04:56 <a href="mailto:jlay@gateway" target="_blank">jlay</a>:~/nobackup/build$] ps aux | egrep "ssl|squid"</tt><br>
<tt>root 3173 0.0 0.0 18840 372 ? Ss Jul23 0:00 /opt/sbin/squid</tt><br>
<tt>nobody 3175 0.0 1.2 52856 39744 ? S Jul23 0:47 (squid-1)</tt><br>
<tt>nobody 3177 0.0 0.0 5916 2040 ? S Jul23 0:05 (ssl_crtd) -s /opt/var/ssl_db -M 4MB -b 4096</tt><br>
<tt>nobody 3178 0.0 0.0 5828 1840 ? S Jul23 0:00 (ssl_crtd) -s /opt/var/ssl_db -M 4MB -b 4096</tt><br>
<tt>nobody 3179 0.0 0.0 5828 1708 ? S Jul23 0:00 (ssl_crtd) -s /opt/var/ssl_db -M 4MB -b 4096</tt><br>
<tt>nobody 3180 0.0 0.0 5648 912 ? S Jul23 0:00 (ssl_crtd) -s /opt/var/ssl_db -M 4MB -b 4096</tt><br>
<tt>nobody 3181 0.0 0.0 5648 912 ? S Jul23 0:00 (ssl_crtd) -s /opt/var/ssl_db -M 4MB -b 4096</tt><br>
<br>
my config line:<br>
./configure --prefix=/opt --with-openssl --enable-ssl --enable-ssl-crtd --enable-linux-netfilter --enable-follow-x-forwarded-for --with-large-files --sysconfdir=/opt/etc/squid --enable-external-acl-helpers=none<br>
<br>
Squid Cache: Version 3.5.6<br>
<br>
<font color="#888888">James</font>
</blockquote>
</blockquote>
<blockquote type="CITE">
<blockquote>
<br>
_______________________________________________<br>
squid-users mailing list<br>
<a href="mailto:squid-users@lists.squid-cache.org" target="_blank">squid-users@lists.squid-cache.org</a><br>
<a href="http://lists.squid-cache.org/listinfo/squid-users" target="_blank">http://lists.squid-cache.org/listinfo/squid-users</a><br>
<br>
</blockquote>
</blockquote>
<blockquote type="CITE">
<br>
<br>
</blockquote>
<blockquote type="CITE">
<pre>_______________________________________________
squid-users mailing list
<a href="mailto:squid-users@lists.squid-cache.org" target="_blank">squid-users@lists.squid-cache.org</a>
<a href="http://lists.squid-cache.org/listinfo/squid-users" target="_blank">http://lists.squid-cache.org/listinfo/squid-users</a>
</pre>
</blockquote>
<br></div></div>
I recall when just starting out with ssl_crtd and had issue until I set the user running as squid on my ssl_db dir:<br>
<br>
<tt>drwxr-xr-x 3 nobody root 4096 May 30 17:22 ssl_db</tt><br>
<br>
My ssl_crtd lines:<br>
<tt>sslcrtd_program /opt/libexec/ssl_crtd -s /opt/var/ssl_db -M 4MB</tt><br>
<tt>sslcrtd_children 5</tt><br>
<br>
Hope it helps.<span class="HOEnZb"><font color="#888888"><br>
<br>
James
</font></span></div>
</blockquote></div><br></div>