Segment Violation when using ssl bump and cache peer

[hsmtkk]

I have a problem with squid 5.0.3.

I would like to use "Peering support for SSL-Bump" introduced since squid 5. http://squid.mirror.colo-serv.net/archive/5/squid-5.0.2-RELEASENOTES.html#ss2.6

I configured this environment using docker-compose. client -> childproxy -> parentproxy -> server

When I communicated client to server via childproxy and parentproxy, "Segment Violation" happened and squid exited abnormally.

Do I need any extra configuration to use "Peering support for SSL-Bump" feature?

[hsmtkk]

• squid version

  
  Squid Cache: Version 5.0.3
  Service Name: squid

This binary uses OpenSSL 1.1.1g 21 Apr 2020. For legal restrictions on distribution see https://www.openssl.org/source/license.html

configure options: '--prefix=/usr/local/squid' '--enable-ssl-crtd' '--disable-optimizations' '--with-openssl=/usr/local/openssl' --enable-ltdl-convenience

[hsmtkk]

• command and its response

  $ docker exec client curl -k -x childproxy:3128 https://server/hello.html
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                               Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
  curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to server:443

[hsmtkk]

• error log

  childproxy     | 2020/07/03 22:55:53 kid1| FATAL: Received Segment Violation...dying.
  childproxy     |     current master transaction: master53
  childproxy     | 2020/07/03 22:55:53 kid1| Closing HTTP(S) port 0.0.0.0:3128
  childproxy     |     current master transaction: master53
  childproxy     | 2020/07/03 22:55:53 kid1| storeDirWriteCleanLogs: Starting...
  childproxy     |     current master transaction: master53
  childproxy     | 2020/07/03 22:55:53 kid1|   Finished.  Wrote 0 entries.
  childproxy     |     current master transaction: master53
  childproxy     | 2020/07/03 22:55:53 kid1|   Took 0.00 seconds (  0.00 entries/sec).
  childproxy     |     current master transaction: master53
  childproxy     | CPU Usage: 0.235 seconds = 0.106 user + 0.129 sys
  childproxy     | Maximum Resident Size: 600336 KB
  childproxy     | Page faults with physical i/o: 0

parent-cache.log child-cache.log

[hsmtkk]

child-squid.conf.txt parent-squid.conf.txt

[hsmtkk]

• core dump back trace

  #0  0x00007f8b433da387 in raise () from /lib64/libc.so.6
  #1  0x00007f8b433dba78 in abort () from /lib64/libc.so.6
  #2  0x000000000088b4bc in death (sig=11) at tools.cc:359
  #3  <signal handler called>
  #4  0x00000000009dbd12 in Comm::Connection::getPeer (this=0x0) at Connection.cc:102
  #5  0x00000000009dbed8 in Comm::Connection::connectTimeout (this=0x0, fwdStart=1593816953) at Connection.cc:143
  #6  0x00000000007b1332 in FwdState::connectingTimeout (this=0x2870a48, conn=...) at FwdState.cc:1381
  #7  0x00000000007ae351 in FwdState::establishTunnelThruProxy (this=0x2870a48, conn=...) at FwdState.cc:850
  #8  0x00000000007adba5 in FwdState::__lambda2::operator() (__closure=0x7ffead0888f0) at FwdState.cc:836
  #9  0x00000000007b1ca7 in FwdState::advanceDestination<FwdState::noteConnection(HappyConnOpener::Answer&)::__lambda2>(const char *, const Comm::ConnectionPointer &, const FwdState::__lambda2 &) (this=0x2870a48, 
  stepDescription=0xb487f0 "establish tunnel through proxy", conn=..., startStep=...) at FwdState.cc:777
  #10 0x00000000007ae1ca in FwdState::noteConnection (this=0x2870a48, answer=...) at FwdState.cc:837
  #11 0x00000000007b5f64 in HappyConnOpener::CbDialer<FwdState>::dial (this=0x2871af8) at HappyConnOpener.h:120
  #12 0x00000000007b56ed in AsyncCallT<HappyConnOpener::CbDialer<FwdState> >::fire (this=0x2871ac0)
  at ../src/base/AsyncCall.h:150
  #13 0x000000000096c293 in AsyncCall::make (this=0x2871ac0) at AsyncCall.cc:44
  #14 0x000000000096cfca in AsyncCallQueue::fireNext (this=0x23b6ec0) at AsyncCallQueue.cc:60
  #15 0x000000000096cd43 in AsyncCallQueue::fire (this=0x23b6ec0) at AsyncCallQueue.cc:43
  #16 0x000000000079afbf in EventLoop::dispatchCalls (this=0x7ffead088c80) at EventLoop.cc:144
  #17 0x000000000079aee7 in EventLoop::runOnce (this=0x7ffead088c80) at EventLoop.cc:121
  #18 0x000000000079ad4e in EventLoop::run (this=0x7ffead088c80) at EventLoop.cc:83
  #19 0x000000000081ce58 in SquidMain (argc=3, argv=0x7ffead088fb8) at main.cc:1716
  #20 0x000000000081c2c3 in SquidMainSafe (argc=3, argv=0x7ffead088fb8) at main.cc:1403
  #21 0x000000000081c296 in main (argc=3, argv=0x7ffead088fb8) at main.cc:1391

core.3a01c4265d95.squid.1593816953.zip

[Legolath]

I have teh same problem, do you find an solution to this?

[hsmtkk]

I have teh same problem, do you find an solution to this?

The patch solved this problems. The patch might be merged to the main branch, I assume.

http://lists.squid-cache.org/pipermail/squid-users/2020-July/022368.html https://github.com/squid-cache/squid/commit/056ad44.patch