[squid-users] Why 3.5.0.4 generates mimicked certs with server IP only when bumping?

Yuri Voinov yvoinov at gmail.com
Mon Jan 26 18:40:50 UTC 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
Still not working.

Every HTTPS-site produces error like that:

1422297291.318      0 192.168.100.5 TAG_NONE_ABORTED/000 0 GET
https://r5---sn-h
xb54vo-304l.googlevideo.com/videoplayback?gir=yes&mm=31&signature=CF822B36D7CA4B
43B8D1244FFF568777CDFB7B15.FA40AB98545E64C3320FFDA1130E033AB5B0473E&id=o-AN8D1qc
0rtmOeTXFYoc0TPI8mbtZpVj2O2SJfpADCgwV&sparams=clen%2Cdur%2Cgir%2Cid%2Cinitcwndbp
s%2Cip%2Cipbits%2Citag%2Ckeepalive%2Clmt%2Cmime%2Cmm%2Cms%2Cmv%2Cpl%2Crequiressl
%2Csource%2Cupn%2Cexpire&sver=3&ip=178.88.163.102&clen=954398&mt=1422297217&mv=m
&ms=au&keepalive=yes&dur=60.046&source=youtube&itag=140&requiressl=yes&key=yt5&i
pbits=0&initcwndbps=903750&pl=24&mime=audio%2Fmp4&lmt=1390059362110278&expire=14
22318845&upn=_hyzhDi7WlU&fexp=3300103%2C3300103%2C3300133%2C3300133%2C3300137%2C
3300137%2C3300161%2C3300161%2C3310366%2C3310366%2C3310698%2C3310698%2C900718%2C9
07263%2C927622%2C930824%2C933226%2C9405146%2C941004%2C943607%2C943917%2C947225%2
C948124%2C952302%2C952605%2C952901%2C955301%2C957103%2C957105%2C957201%2C959701&
cpn=IFvjo3uYvTM59S0w&alr=yes&ratebypass=yes&c=WEB&cver=html5&range=273343-318800
 - HIER_NONE/- -

Request size = 0

And got these errors in cache.log:

2015/01/27 00:36:39 kid1| BUG 3556: FD 64 is not an open socket.
2015/01/27 00:39:47 kid1| BUG 3556: FD 38 is not an open socket.

So what...

Upgrade failed. Rollback to 3.4.11. It works perfectly.

27.01.2015 0:26, Daniel Greenwald пишет:
> Thank you Amos, I have updated to bump. Working well just the same..
> Even chrome doesn't complain for google properties. Very nice.
>
> -----------
> Daniel I Greenwald
>
>
>
> On Mon, Jan 26, 2015 at 12:35 PM, Yuri Voinov <yvoinov at gmail.com
<mailto:yvoinov at gmail.com>> wrote:
>
>
> It's mistype. :)
>
> Of course, I mean
>
> acl net_bump src 192.168.101.0/24 <http://192.168.101.0/24>
>
>
> Yep, sure - when I change "all" to another ACL - row bungled.
>
>
> 26.01.2015 23:33, Amos Jeffries пишет:
> > On 27/01/2015 5:37 a.m., Yuri Voinov wrote:
> >>
> >> I'm not about it.
> >>
> >> server-first keyword deprecated in 3.5.x.
> >>
> >> AFAIK, keywork "bump" now has yet another meaningful.
> >>
> >> And also: in your example can only use acl "all". Any other ACL's
> >> leading "Bungled config line" error.
> >>
> >> I.e, for example,
> >>
> >> acl net_bump acl net_bump src 192.168.101.0/24
<http://192.168.101.0/24>
>
> > You sure the bungled is not about the previous line?
>
> > "acl net_bump acl ..." no such ACL type as "acl".
>
>
> >> ssl_bump peek step1 net_bump
> >> ssl_bump server-first step2 net_bump
> >>
>
> > And yes you are right that is deprecated. It should be "bump" as the
> action.
>
> > Amos
> > _______________________________________________
> > squid-users mailing list
> > squid-users at lists.squid-cache.org
<mailto:squid-users at lists.squid-cache.org>
> > http://lists.squid-cache.org/listinfo/squid-users
>
>
>     _______________________________________________
>     squid-users mailing list
>     squid-users at lists.squid-cache.org
<mailto:squid-users at lists.squid-cache.org>
>     http://lists.squid-cache.org/listinfo/squid-users
>
>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
 
iQEcBAEBAgAGBQJUxooyAAoJENNXIZxhPexGIToH/1RRJnm9UNja8MYUMv0tuNri
sxwx6BCZ9OjYKAnfAs5uTwewRwDM6+1CrWq1OWlhPBPTODLMzk5RgdGVY1DrkxB3
aB6V38ynVmwAvzYbi6ycZyulPf7rOiJMTW4lEBiji8jmEBBmohMA24AWz6FALhv4
ohCYDH5KEn/OAkQ0S9xUOwhm7wOAwOQoBtgpzIKxZCpRFei7CElmx4TwlOrwRkon
HwwFx6X7QjI2Q73cU2R1Mgh7HbnhJDF7X0LBS939uBg0xk0Ixh1KxAJGzk7CjHpk
cSF0+nquOti+iIUEMW3CWxvSS1mKO38wVbpuI72RBN83QQRjUi1SljbfEd4i3a0=
=UjK6
-----END PGP SIGNATURE-----

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20150127/accada9e/attachment.html>


More information about the squid-users mailing list