On 04/06/17 19:27, alexander lunev wrote:
> Hello everyone!
> I have two almost identical cache servers, both FreeBSD 10.3, both
> running latest squid-3.2.25 from ports in transparent mode, one runs
> OK and another is throwing this error:
If you can obtain an updated stack/back-trace from that assertion it
would be a help in identifying how it is happening.
<http://wiki.squid-cache.org/SquidFaq/BugReporting> has info on how to
report this type of bug, and how to obtain traces from production
proxies with minimal service impact if you need it.
> After this squid is exiting.
> Beside some default configuration config contains:
> http_port 127.0.0.1:3127
> http_port 127.0.0.1:3128 intercept
> https_port 127.0.0.1:3129 intercept ssl-bump
> options=ALL:NO_SSLv3:NO_SSLv2 connection-auth=off
> generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
> cert=/usr/local/etc/squid/squid.pem key=/usr/local/etc/squid/squid.key
> sslcrtd_program /usr/local/libexec/squid/ssl_crtd -s
> /usr/local/etc/squid/ssl_db -M 4MB
> sslcrtd_children 35
> cache deny all
> url_rewrite_program /usr/local/bin/squidGuard -c
> # Leave coredumps in the first cache dir
> coredump_dir /var/squid/cache
> #ssl_bump client-first all
> always_direct allow all
You can/should remove that above line. It is unnecessary for bumping
since 3.1 series.
You should definitely remove both the above lines. They are hiding many
potential TLS/SSL problems from *you* (not your users). The errors which
may appear are real security problems with potentially major impacts on
your users. They should usually be solved in ways other than simply
hiding ones head in the sand.
> Why is this and how it can be fixed?
Something being cached is not being aborted when it was supposed to have
been. More details are needed, please follow the instructions above.