Squid:带有透明SSL代理的总线错误

Question

我试图将squid (运行在openwrt上)配置为充当ssl连接的透明代理。虽然“正常”的非氪连接工作良好，但当我尝试使用ssl连接运行它时，squid总是会崩溃。

我的配置如下所示：

https_port 3129 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/opt/ssl/ssl.pem key=/opt/ssl/ssl.pem              
ssl_bump server-first all

但每次我试着启动鱿鱼，我只会犯一行错误：

Bus error

我使用Squid3.5.2-2，调试日志如下所示：

2015/12/02 17:28:42.021| Initializing https proxy context
2015/12/02 17:28:42.026| support.cc(1068) method: Using SSLv2/SSLv3.
2015/12/02 17:28:42.029| support.cc(1200) sslCreateClientContext: Setting RSA key generation callback.
2015/12/02 17:28:42.029| support.cc(1204) sslCreateClientContext: NOTICE: Peer certificates are not verified for validity!
2015/12/02 17:28:42.030| support.cc(1211) sslCreateClientContext: Setting CA certificate locations.
2015/12/02 17:28:42.030| Initializing https_port [::]:3129 SSL context
2015/12/02 17:28:42.030| Using certificate in /opt/ssl/ssl.pem
2015/12/02 17:28:42.034| support.cc(1714) readSslX509CertificatesChain: Certificate is self-signed, will not be chained
2015/12/02 17:28:42.093| support.cc(1533) contextMethod: Using SSLv2/SSLv3.
2015/12/02 17:28:42.096| support.cc(855) configureSslContext: Setting RSA key generation callback.
2015/12/02 17:28:42.098| support.cc(858) configureSslContext: Setting CA certificate locations.
2015/12/02 17:28:42.100| support.cc(901) configureSslContext: Not requiring any client certificates
2015/12/02 17:28:42.101| tools.cc(543) leave_suid: leave_suid: PID 6477 called
2015/12/02 17:28:42.103| tools.cc(565) leave_suid: leave_suid: PID 6477 giving up root, becoming 'nobody'
2015/12/02 17:28:42.106| debug.cc(403) parseOptions: command-line -X overrides: ALL,1
Bus error

所以我现在的问题是:为什么鱿鱼还没有开始呢？是什么导致了公共汽车的错误？

Answer 1

我很确定这是一个空间问题，尽量缩小动态证书的大小：

dynamic_cert_mem_cache_size=1MB

Squid配置文件中的此选项也将非常有用：

sslproxy_session_cache_size 500 KB

如果您仍然有巴士错误，安装与opkg，并尝试与鱿鱼。你会得到更多关于发生的事情的日志。