Answer the question
In order to leave comments, you need to log in
N
N
Nikita Parfenovich2015-09-21 21:03:44
Nikita Parfenovich, 2015-09-21 21:03:44
Squid 3.5.9. SSL Peek and Splice without certificate spoofing. Any problems, any ideas?
Hello. SQUID 3.5 introduced the ability to create transparent https proxying, specifically SSL Peek and Splice. I did it according to this recipe https://toster.ru/q/249885 , it works, but my Squid starts to crash and automatically restarts when https sites are opened. It restarts 5 times, then stops due to the excess of the number of restarts for a certain period of time. And it restarts for no apparent reason. the cache.log only says that everything is restarted. In /var/log/messages I found the following lines:
Sep 22 00:12:09 shluz kernel: [4162228.121400] squid[17766]: segfault at c ip b6c15079 sp bfcef3e8 error 4 in libssl.so.1.0.0[b6bef000+5f000]
Sep 22 00:12:20 shluz kernel: [4162239.217368] squid[17771]: segfault at c ip b6cb5079 sp bfd999e8 error 4 in libssl.so.1.0.0[b6c8f000+5f000]
Sep 22 00:12:24 shluz kernel: [4162243.251076] squid[17780]: segfault at c ip b6c95079 sp bfb847c8 error 4 in libssl.so.1.0.0[b6c6f000+5f000]
Sep 22 00:21:38 shluz kernel: [4162797.295524] squid[18008]: segfault at c ip b6c05079 sp bfcf4e98 error 4 in libssl.so.1.0.0[b6bdf000+5f000]
Sep 22 00:21:46 shluz kernel: [4162805.371557] squid[18158]: segfault at c ip b6c77079 sp bfa59178 error 4 in libssl.so.1.0.0[b6c51000+5f000]
Sep 22 00:26:08 shluz kernel: [4163067.693651] squid[18163]: segfault at c ip b6cc2079 sp bfae5a68 error 4 in libssl.so.1.0.0[b6c9c000+5f000]
Sep 22 00:26:16 shluz kernel: [4163075.766431] squid[18302]: segfault at c ip b6c3f079 sp bf9b5868 error 4 in libssl.so.1.0.0[b6c19000+5f000]
Sep 22 00:30:46 shluz kernel: [4163346.045829] squid[18311]: segfault at c ip b6bfa079 sp bffb1738 error 4 in libssl.so.1.0.0[b6bd4000+5f000]
Sep 22 00:30:54 shluz kernel: [4163354.119116] squid[18392]: segfault at c ip b6c9e079 sp bfddf3a8 error 4 in libssl.so.1.0.0[b6c78000+5f000]
Sep 22 00:35:12 shluz kernel: [4163612.399517] squid[18602]: segfault at c ip b6c63079 sp bff49708 error 4 in libssl.so.1.0.0[b6c3d000+5f000]
Sep 22 00:35:21 shluz kernel: [4163620.474409] squid[18643]: segfault at c ip b6c68079 sp bfb9a508 error 4 in libssl.so.1.0.0[b6c42000+5f000]
Sep 22 00:39:48 shluz kernel: [4163887.731443] squid[18648]: segfault at c ip b6c53079 sp bfc734f8 error 4 in libssl.so.1.0.0[b6c2d000+5f000]
Sep 22 00:39:56 shluz kernel: [4163895.805680] squid[18820]: segfault at c ip b6c9a079 sp bfd20238 error 4 in libssl.so.1.0.0[b6c74000+5f000]As you can see, the problem is in the libssl.so.1.0.0 library.
Debian Jessie x86 system, Squid 3.5.9 built with ssl-bumping support.
What are your thoughts gentlemen?
2 answer(s)
@nagibat0r
@opium
N
Nikita Parfenovich, 2015-09-22 @nagibat0r
Unsubscribed in the Squid topic https filtering without changing certificates. How to solve the problem with ssl3? , in general, it seems to be a matter of specific patches that are available in Debian. Everything works fine on Archlinux x64, the topic can be closed.
UPD. 09/27/15: as they say, "the song is not about that at all". linux-admin.tk/?action=viewArticle&articleId=31 - wrote an article with a complete solution to the problem
P
Puma Thailand, 2015-09-22 @opium
ban at the level of dns, it's a hundred times easier on ssl dns does not go yet
Similar questions
J
E
G
S
V
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question