<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-2022-jp">
</head>
<body>
<div dir="auto" style="direction: ltr; margin: 0; padding: 0; font-family: sans-serif; font-size: 11pt; color: black; ">
How do I unsubscribe from this? Been a good couple years, but I'd appreciate some help :)<span id="ms-outlook-android-cursor"></span></div>
<hr style="display:inline-block;width:98%" tabindex="-1">
<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>From:</b> squid-users <squid-users-bounces@lists.squid-cache.org> on behalf of 橋本紘希 <hsmtkk@gmail.com><br>
<b>Sent:</b> Friday, July 3, 2020 7:49:57 PM<br>
<b>To:</b> squid-users@lists.squid-cache.org <squid-users@lists.squid-cache.org><br>
<b>Subject:</b> [squid-users] squid 5.0.3 Segment Violation when using ssl bump and cache peer</font>
<div> </div>
</div>
<div class="BodyFragment"><font size="2"><span style="font-size:11pt;">
<div class="PlainText">I have a problem with squid 5.0.3.<br>
<br>
I would like to use "Peering support for SSL-Bump" introduced in squid 5.<br>
<a href="http://squid.mirror.colo-serv.net/archive/5/squid-5.0.2-RELEASENOTES.html#ss2.6">http://squid.mirror.colo-serv.net/archive/5/squid-5.0.2-RELEASENOTES.html#ss2.6</a><br>
<br>
I configured this environment using docker-compose.<br>
client -> childproxy -> parentproxy -> server<br>
<br>
When I communicated client to server via childproxy and parentproxy,<br>
"Segment Violation" happened and squid exited abnormally.<br>
<br>
Do I need any extra configuration to use "Peering support for SSL-Bump" feature?<br>
<br>
<br>
* squid --version output<br>
Squid Cache: Version 5.0.3<br>
Service Name: squid<br>
<br>
This binary uses OpenSSL 1.1.1g 21 Apr 2020. For legal restrictions<br>
on distribution see <a href="https://www.openssl.org/source/license.html">https://www.openssl.org/source/license.html</a><br>
<br>
configure options: '--prefix=/usr/local/squid' '--enable-ssl-crtd'<br>
'--disable-optimizations' '--with-openssl=/usr/local/openssl'<br>
--enable-ltdl-convenience<br>
<br>
* executed command and its output<br>
<br>
$ docker exec client curl -k -x childproxy:3128 <a href="https://server/hello.html">
https://server/hello.html</a><br>
% Total % Received % Xferd Average Speed Time Time Time Current<br>
Dload Upload Total Spent Left Speed<br>
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0<br>
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to server:443<br>
<br>
* error log<br>
<br>
childproxy | 2020/07/03 22:55:53 kid1| FATAL: Received Segment<br>
Violation...dying.<br>
childproxy | current master transaction: master53<br>
childproxy | 2020/07/03 22:55:53 kid1| Closing HTTP(S) port 0.0.0.0:3128<br>
childproxy | current master transaction: master53<br>
childproxy | 2020/07/03 22:55:53 kid1| storeDirWriteCleanLogs: Starting...<br>
childproxy | current master transaction: master53<br>
childproxy | 2020/07/03 22:55:53 kid1| Finished. Wrote 0 entries.<br>
childproxy | current master transaction: master53<br>
childproxy | 2020/07/03 22:55:53 kid1| Took 0.00 seconds ( 0.00<br>
entries/sec).<br>
childproxy | current master transaction: master53<br>
childproxy | CPU Usage: 0.235 seconds = 0.106 user + 0.129 sys<br>
childproxy | Maximum Resident Size: 600336 KB<br>
childproxy | Page faults with physical i/o: 0<br>
<br>
* core dump backtrace<br>
<br>
#0 0x00007f8b433da387 in raise () from /lib64/libc.so.6<br>
#1 0x00007f8b433dba78 in abort () from /lib64/libc.so.6<br>
#2 0x000000000088b4bc in death (sig=11) at tools.cc:359<br>
#3 <signal handler called><br>
#4 0x00000000009dbd12 in Comm::Connection::getPeer (this=0x0) at<br>
Connection.cc:102<br>
#5 0x00000000009dbed8 in Comm::Connection::connectTimeout (this=0x0,<br>
fwdStart=1593816953) at Connection.cc:143<br>
#6 0x00000000007b1332 in FwdState::connectingTimeout (this=0x2870a48,<br>
conn=...) at FwdState.cc:1381<br>
#7 0x00000000007ae351 in FwdState::establishTunnelThruProxy<br>
(this=0x2870a48, conn=...) at FwdState.cc:850<br>
#8 0x00000000007adba5 in FwdState::__lambda2::operator()<br>
(__closure=0x7ffead0888f0) at FwdState.cc:836<br>
#9 0x00000000007b1ca7 in<br>
FwdState::advanceDestination<FwdState::noteConnection(HappyConnOpener::Answer&)::__lambda2>(const<br>
char *, const Comm::ConnectionPointer &, const FwdState::__lambda2 &)<br>
(this=0x2870a48,<br>
stepDescription=0xb487f0 "establish tunnel through proxy",<br>
conn=..., startStep=...) at FwdState.cc:777<br>
#10 0x00000000007ae1ca in FwdState::noteConnection (this=0x2870a48,<br>
answer=...) at FwdState.cc:837<br>
#11 0x00000000007b5f64 in HappyConnOpener::CbDialer<FwdState>::dial<br>
(this=0x2871af8) at HappyConnOpener.h:120<br>
#12 0x00000000007b56ed in<br>
AsyncCallT<HappyConnOpener::CbDialer<FwdState> >::fire<br>
(this=0x2871ac0)<br>
at ../src/base/AsyncCall.h:150<br>
#13 0x000000000096c293 in AsyncCall::make (this=0x2871ac0) at AsyncCall.cc:44<br>
#14 0x000000000096cfca in AsyncCallQueue::fireNext (this=0x23b6ec0) at<br>
AsyncCallQueue.cc:60<br>
#15 0x000000000096cd43 in AsyncCallQueue::fire (this=0x23b6ec0) at<br>
AsyncCallQueue.cc:43<br>
#16 0x000000000079afbf in EventLoop::dispatchCalls<br>
(this=0x7ffead088c80) at EventLoop.cc:144<br>
#17 0x000000000079aee7 in EventLoop::runOnce (this=0x7ffead088c80) at<br>
EventLoop.cc:121<br>
#18 0x000000000079ad4e in EventLoop::run (this=0x7ffead088c80) at<br>
EventLoop.cc:83<br>
#19 0x000000000081ce58 in SquidMain (argc=3, argv=0x7ffead088fb8) at<br>
main.cc:1716<br>
#20 0x000000000081c2c3 in SquidMainSafe (argc=3, argv=0x7ffead088fb8)<br>
at main.cc:1403<br>
#21 0x000000000081c296 in main (argc=3, argv=0x7ffead088fb8) at main.cc:1391<br>
<br>
* I submitted all my configs and logs to my github page.<br>
<a href="https://github.com/hsmtkk/squid5_sslbump_cachepeer/issues/1">https://github.com/hsmtkk/squid5_sslbump_cachepeer/issues/1</a><br>
<br>
<br>
Best regards,<br>
Kouki Hashimoto<br>
hsmtkk@gmail.com<br>
</div>
</span></font></div>
</body>
</html>