SSL_read error on multiple simultaneous upstream SSL downloads

Agent Coulson shield1182 at gmail.com
Mon Oct 21 20:00:32 UTC 2013


I think i would go with Piotr's suggestion, I had only started to dig into
the code, so hadn't got as far as he did (I took the weekend off)!

thanks again


On Mon, Oct 21, 2013 at 7:49 PM, Maxim Dounin <mdounin at mdounin.ru> wrote:

> Hello!
>
> On Mon, Oct 21, 2013 at 05:50:31PM +0000, Agent Coulson wrote:
>
> > Hi!
> >
> > thanks for that input, I have done some debugging and examined the SSL
> > context when this state arrises.  Two SSL* structs (from different
> > connections) point to the same packet data.  Disabling the read_ahead
> flag
> > mitigates this.
> >
> > I've attached a patch, after applying I was unable to repro using
> > openssl-1.0.1e.
> >
> > I'll submit a report to the upstream openssl project.
>
> Disabling the read_ahead as a workaround looks wrong for me.
> While it probably reduces a chance for a problem to appear, it's
> likely still there.
>
> Have you tried looking into the OpenSSL code to find out what
> causes the actual problem?
>
> I think it's likely SSL_MODE_RELEASE_BUFFERS related (and I indeed
> can't reproduce the error without SSL_MODE_RELEASE_BUFFERS set),
> but I don't see any obvious problems in the code.
>
> --
> Maxim Dounin
> http://nginx.org/en/donation.html
>
> _______________________________________________
> nginx-devel mailing list
> nginx-devel at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20131021/0819b1c5/attachment.html>


More information about the nginx-devel mailing list