Re: [squid-users] use of sslpassword_program a must since squid version 3.3.5 ?

From: Alex Rousskov <rousskov_at_measurement-factory.com>
Date: Fri, 24 May 2013 18:02:14 -0600

On 05/24/2013 02:25 AM, Dieter Bloms wrote:
> Hi Alex,
>
> On Thu, May 23, Alex Rousskov wrote:
>
>>> I use squid 3.3.5 with the ssl-bump feature.
>>> My private key is crypted and I want to enter the password at start time.
>>>
>>> Since 3.3.5 squid wants to execute a program even I haven't configured
>>> sslpassword_program and start squid with the -N option.
>>>
>>> --snip--
>>> idvhttpsproxy01:~ # squid -f /etc/squid/squid.conf -NY
>>> sh: (null): command not found
>>> FATAL: No valid signing SSL certificate configured for http_port MYIP:8080
>>> Squid Cache (Version 3.3.5): Terminated abnormally.
>>> CPU Usage: 0.004 seconds = 0.000 user + 0.004 sys
>>> Maximum Resident Size: 21248 KB
>>> Page faults with physical i/o: 0
>>> --snip--
>>>
>>> when I set sslpassword_program to a program which print the password on
>>> stdout squid starts, but I want to enter the password during start of
>>> squid.
>>>
>>> Is this a bug ?
>>
>>
>> Yes, I think it is. Please check whether the attached patch works when
>> you start Squid with -N and _without_ sslpassword_program.
>>
>> The patch may or may not work when you start Squid without -N and with
>> sslpassword_program. The outcome depends on whether snprintf() crashes
>> when given a NULL pointer and on whether your sslpassword_program needs
>> to know the name of the key file Squid is trying to load (that name will
>> not be passed to your sslpassword_program). If you can test this
>> scenario, please do.
>>
>> Please let us know what your tests show.
>
> I applied this patch against squid-3.3.5-20130521-r12565 and it works as
> expected.
> Many thanks for this patch !
> Will this patch be included in the next release ?

It will be in v3.4 (at least).

Alex.
Received on Sat May 25 2013 - 00:02:22 MDT

This archive was generated by hypermail 2.2.0 : Sat May 25 2013 - 12:00:07 MDT