1
我尝试配置squid(在openwrt上运行)充当ssl连接的透明代理。虽然“正常”的非ecrypted连接工作正常鱿鱼总是崩溃时,我试图用SSL连接运行它。squid:透明SSL代理的总线错误
我该配置是这样的:
https_port 3129 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/opt/ssl/ssl.pem key=/opt/ssl/ssl.pem
ssl_bump server-first all
但每次我尝试启动鱿鱼,我得到错误的只有一条线路:
Bus error
我使用鱿鱼3.5.2-2和调试日志看起来像这样:
2015/12/02 17:28:42.021| Initializing https proxy context
2015/12/02 17:28:42.026| support.cc(1068) method: Using SSLv2/SSLv3.
2015/12/02 17:28:42.029| support.cc(1200) sslCreateClientContext: Setting RSA key generation callback.
2015/12/02 17:28:42.029| support.cc(1204) sslCreateClientContext: NOTICE: Peer certificates are not verified for validity!
2015/12/02 17:28:42.030| support.cc(1211) sslCreateClientContext: Setting CA certificate locations.
2015/12/02 17:28:42.030| Initializing https_port [::]:3129 SSL context
2015/12/02 17:28:42.030| Using certificate in /opt/ssl/ssl.pem
2015/12/02 17:28:42.034| support.cc(1714) readSslX509CertificatesChain: Certificate is self-signed, will not be chained
2015/12/02 17:28:42.093| support.cc(1533) contextMethod: Using SSLv2/SSLv3.
2015/12/02 17:28:42.096| support.cc(855) configureSslContext: Setting RSA key generation callback.
2015/12/02 17:28:42.098| support.cc(858) configureSslContext: Setting CA certificate locations.
2015/12/02 17:28:42.100| support.cc(901) configureSslContext: Not requiring any client certificates
2015/12/02 17:28:42.101| tools.cc(543) leave_suid: leave_suid: PID 6477 called
2015/12/02 17:28:42.103| tools.cc(565) leave_suid: leave_suid: PID 6477 giving up root, becoming 'nobody'
2015/12/02 17:28:42.106| debug.cc(403) parseOptions: command-line -X overrides: ALL,1
Bus error
所以我现在的问题是:为什么不是鱿鱼,甚至开始?什么导致了总线错误?
我遇到了完全相同的问题(在openwrt路由器上运行相同的squid版本)。你有没有想出一个解决方案? – Rerito
据我所知,由于系统运行时性能不足,系统无法使用ssl处理鱿鱼......我在我的路由器上尝试过它,但它没有足够的内存和/或cpu能力。它会导致其他进程崩溃,这将导致一个总线错误...有些设备不是为了运行它...也许你应该运行在另一个更强大的设备上,只是重定向到它的流量......这工作对我来说 – ZeroTek