[squid-users] Squid-2.6stable4 in reverse proxy mode - possible SSL memory leak

Mon, 30 Oct 2006 16:21:22 -0800 

Hi
I am running squid-2.6stable4 in reverse proxy mode as a front end for a 
Microsoft exchange 2003 SP2 server providing outlook web access, outlook mobile 
access and active synch.

I am terminating the SSL connection between the internet client and squid at 
the squid server then establishing another https connection between squid and 
the exchange server.

The configuration is working well however I am getting lots of the following 
errors in my cache log.

2006/10/31 10:50:16| fwdNegotiateSSL: Error negotiating SSL connection on FD 
16: error:00000000:lib(0):func(0):reason(0) (5/0/0)
2006/10/31 10:50:16| TCP connection to xxx.xxx.xxx.xxx/443 failed

No errors are reported by the client or in the access log and everything 
appears to working fine.

The memory usage of squid grows and eventually I get an out of memory error and 
squid is terminated by the kernel.  This takes about a week to occur with the 
current usage of the proxy.

I upgraded from squid-2.6stable3 as I was seeing the same behaviour and hoped 
stable4 may have a fix.

The relevant (hopefully) sections of my squid.conf follow (hostnames edited)

https_port squid.exchange.proxy.ip:443 defaultsite=xxx.xxx.xxx.xxx \
        cert=/etc/httpd/conf/ssl.crt/xxx.xxx.xxx.xxx_proxy.pem \
        key=/etc/httpd/conf/ssl.key/xxx.xxx.xxx.xxx_proxy.key protocol=https

cache_peer exchange.server.fqdn parent 443 0 front-end-https=on \
        ssl sslcert=/etc/httpd/conf/ssl.crt/emlcssurproxy02_client.pem \
        sslkey=/etc/httpd/conf/ssl.key/emlcssurproxy02_client.key \
        sslcafile=/etc/httpd/conf/ssl.crt/emlcsca.pem \
        originserver proxy-only connection-auth=off no-digest login=PASS

Perhaps I have an incorrect setting in squid.conf which is causing the error?  
I have searched on the net for similar errors but have not found an adequate 
explanation yet.

I look forward to suggestions from the group.  Please let me know if there is 
more information required to debug the problem.

Regards

Paul Freeman

+++---+++---+++---+++---+++---+++---+++---+++---+++---+++---+++---+++
EML Consulting Services Pty Ltd            Telephone: +61 3 9836 1999
417-431 Canterbury Road                    Facsimile: +61 3 9836 0517 SURREY 
HILLS, VICTORIA 3127            Email: [EMAIL PROTECTED]
+++---+++---+++---+++---+++---+++---+++---+++---+++---+++---+++---+++

Reply via email to