-
Bug
-
Resolution: Unresolved
-
Undefined
-
rhel-10.1
-
squid-6.10-8.el10
-
No
-
Important
-
1
-
rhel-stacks-web-servers
-
0
-
False
-
False
-
-
No
-
_WS-Refined_
-
Pass
-
Automated
-
Unspecified Release Note Type - Unknown
-
Unspecified
-
Unspecified
-
Unspecified
-
-
All
-
None
What were you trying to do that didn't work?
Use squid when SSL keys and certs (CA cert, client & server certs and keys) are PQC (namely mldsa65 cipher), squid fails with "FATAL: Unable to generate signing certificate for untrusted sites for HTTPS_port"
What is the impact of this issue to you?
The dnf beakerlib test https://pkgs.devel.redhat.com/cgit/tests/dnf/tree/Sanity/proxy-ssl-configuration-options fails due to squid. It passes when the cipher used is classic crypto (RSA). The test uses internal beakerlib library https://pkgs.devel.redhat.com/cgit/tests/squid/tree/Library/squid
Please provide the package NVR for which the bug is seen:
squid-6.10-5.el10
How reproducible is this bug?:
always
Steps to reproduce
- use the dnf test proxy-ssl-configuration-options, set CIPH="mldsa65"
- run the test (using e.g. "tmt try rhel-10.1@minute")
Expected results
test passes
Actual results
test fails:
rlServiceStart: Starting service squid failed
Status of the failed service:
Redirecting to /bin/systemctl status squid.service
× squid.service - Squid caching proxy
Loaded: loaded (/usr/lib/systemd/system/squid.service; disabled; preset: disabled)
Active: failed (Result: exit-code) since Thu 2025-08-07 04:26:44 EDT; 55ms ago
Invocation: 9e0521b4c3664980ab99c3e3a4ad0292
Docs: man:squid(8)
Process: 22762 ExecStartPre=/usr/libexec/squid/cache_swap.sh (code=exited, status=0/SUCCESS)
Process: 22765 ExecStart=/usr/sbin/squid --foreground $SQUID_OPTS -f ${SQUID_CONF} (code=exited, status=1/FAILURE)
Main PID: 22765 (code=exited, status=1/FAILURE)
Mem peak: 3.3M
CPU: 27ms
Aug 07 04:26:44 prereserve-1mt-rhel-10.1-20250804.1-37984-2025-08-07-08-01 squid[22765]: Page faults with physical i/o: 0
Aug 07 04:26:44 prereserve-1mt-rhel-10.1-20250804.1-37984-2025-08-07-08-01 squid[22765]: 2025/08/07 04:26:44| Processing Configuration File: /etc/squid/squid.conf (depth 0)
Aug 07 04:26:44 prereserve-1mt-rhel-10.1-20250804.1-37984-2025-08-07-08-01 squid[22765]: 2025/08/07 04:26:44| storeDirWriteCleanLogs: Starting...
Aug 07 04:26:44 prereserve-1mt-rhel-10.1-20250804.1-37984-2025-08-07-08-01 squid[22765]: 2025/08/07 04:26:44| Finished. Wrote 0 entries.
Aug 07 04:26:44 prereserve-1mt-rhel-10.1-20250804.1-37984-2025-08-07-08-01 squid[22765]: 2025/08/07 04:26:44| Took 0.00 seconds ( 0.00 entries/sec).
Aug 07 04:26:44 prereserve-1mt-rhel-10.1-20250804.1-37984-2025-08-07-08-01 squid[22765]: 2025/08/07 04:26:44| FATAL: Unable to generate signing certificate for untrusted sites for HTTPS_port [::]:3128
Aug 07 04:26:44 prereserve-1mt-rhel-10.1-20250804.1-37984-2025-08-07-08-01 squid[22765]: 2025/08/07 04:26:44| Squid Cache (Version 6.10): Terminated abnormally.
Aug 07 04:26:44 prereserve-1mt-rhel-10.1-20250804.1-37984-2025-08-07-08-01 systemd[1]: squid.service: Main process exited, code=exited, status=1/FAILURE
Aug 07 04:26:44 prereserve-1mt-rhel-10.1-20250804.1-37984-2025-08-07-08-01 systemd[1]: squid.service: Failed with result 'exit-code'.
Aug 07 04:26:44 prereserve-1mt-rhel-10.1-20250804.1-37984-2025-08-07-08-01 systemd[1]: Failed to start squid.service - Squid caching proxy.
Runnning while ss -tan | grep -q :3128; do sleep 1; done, with 120 seconds timeout
Command ended itself, I am not killing it.
- links to
-
RHBA-2025:154779 squid update