SSL_read error on multiple simultaneous upstream SSL downloads

Agent Coulson shield1182 at gmail.com
Mon Oct 21 17:50:31 UTC 2013


Hi!

thanks for that input, I have done some debugging and examined the SSL
context when this state arrises.  Two SSL* structs (from different
connections) point to the same packet data.  Disabling the read_ahead flag
mitigates this.

I've attached a patch, after applying I was unable to repro using
openssl-1.0.1e.

I'll submit a report to the upstream openssl project.

thanks!



On Sat, Oct 19, 2013 at 12:58 PM, Maxim Dounin <mdounin at mdounin.ru> wrote:

> Hello!
>
> On Fri, Oct 18, 2013 at 07:59:40PM +0000, Agent Coulson wrote:
>
> > Yes, I am able to reproduce this talking to the same nginx as an
> upstream,
> > here is my new config.  To reproduce, create a file in the root which is
> > several Mb, i used 20Mb, and issus multiple simultaneous curl's to the
> > object, i found rate-limiting my curl is the best way to repro.  This
> > suggests there is some problem when we have to buffer.  I'm skeptical
> that
> > this is an openssl issue as I have used multiple different openssl
> versions
> > and still run into this.  However for completeness, I've reprod with
> > openssl sources from openssl.org (openssl-1.0.1e) as you suggested.
>
> [...]
>
> Ok, I was able to reproduce this.
>
> Looks like a regression in OpenSSL 1.0.0+.  I'm able to reporduce
> the problem with OpenSSL 1.0.0 and more recent versions, including
> recent git snapshot, but everything is fine with OpenSSL 0.9.8y
> and previous versions.
>
> Bisection on OpenSSL 1.0.0 branch may be a helpful to trace the
> exact cause.
>
> --
> Maxim Dounin
> http://nginx.org/en/donation.html
>
> _______________________________________________
> nginx-devel mailing list
> nginx-devel at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20131021/bb967c54/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: patch.patch
Type: application/octet-stream
Size: 978 bytes
Desc: not available
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20131021/bb967c54/attachment.obj>


More information about the nginx-devel mailing list