<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <div class="moz-cite-prefix">Shaun,<br>
      <br>
      Can you post a snippet on how you include crl into your
      configuration and 'ps aux | grep nginx' output, please?<br>
      <br>
      The wild guess is that you include the crl several times. And on
      reload you get twice as many workers as there are usually.<br>
      You can try moving ssl_crl statement into http{} context.<br>
      <br>
      On 26.07.2018 23:16, Shaun Tarves wrote:<br>
    </div>
    <blockquote type="cite"
cite="mid:CANYxuWjNVCEE4uH+MZXrYY8y0cQ_yEf6Or4dPxcTRY9SZpuG6g@mail.gmail.com">
      <meta http-equiv="content-type" content="text/html; charset=utf-8">
      <div dir="ltr"><span
style="font-size:small;text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">Hi,</span>
        <div
style="font-size:small;text-decoration-style:initial;text-decoration-color:initial"><br>
        </div>
        <div
style="font-size:small;text-decoration-style:initial;text-decoration-color:initial">We
          are trying to use nginx to support the DoD PKI infrastructure,
          which includes many DoD and contractor CRLs. The combined CRL
          file is over 350MB in size, which seems to crash nginx during
          a reload (at least on Red Hat 6). Our cert/key/crl set up is
          valid and working, and when only including a subset of the CRL
          files we have, reloads work fine.</div>
        <div
style="font-size:small;text-decoration-style:initial;text-decoration-color:initial"><br>
        </div>
        <div
style="font-size:small;text-decoration-style:initial;text-decoration-color:initial">When
          we concatenate all the CRLs we need to support, the config
          reload request causes worker threads to become defunct and
          messages in the error log indicate the following:</div>
        <div
style="font-size:small;text-decoration-style:initial;text-decoration-color:initial"><br>
        </div>
        <div
style="font-size:small;text-decoration-style:initial;text-decoration-color:initial"><span></span>
          <p class="gmail-m_2419373206062243596gmail-p1"
style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-weight:normal;font-stretch:normal;font-size:10px;line-height:normal;font-family:Monaco;color:rgb(244,244,244);background-color:rgba(0,0,0,0.85)"><span
              class="gmail-m_2419373206062243596gmail-s1"
              style="font-variant-ligatures:no-common-ligatures">2018/07/26
              16:05:25 [alert] 30624#30624: fork() failed while spawning
              "worker process" (12: Cannot allocate memory)</span></p>
          <p class="gmail-m_2419373206062243596gmail-p1"
style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-weight:normal;font-stretch:normal;font-size:10px;line-height:normal;font-family:Monaco;color:rgb(244,244,244);background-color:rgba(0,0,0,0.85)"><span
              class="gmail-m_2419373206062243596gmail-s1"
              style="font-variant-ligatures:no-common-ligatures">2018/07/26
              16:05:25 [alert] 30624#30624: sendmsg() failed (9: Bad
              file descriptor)</span></p>
          <p class="gmail-m_2419373206062243596gmail-p1"
style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-weight:normal;font-stretch:normal;font-size:10px;line-height:normal;font-family:Monaco;color:rgb(244,244,244);background-color:rgba(0,0,0,0.85)"><span
              class="gmail-m_2419373206062243596gmail-s1"
              style="font-variant-ligatures:no-common-ligatures">2018/07/26
              16:08:42 [alert] 30624#30624: worker process 1611 exited
              on signal 9</span></p>
          <br>
        </div>
        <div
style="font-size:small;text-decoration-style:initial;text-decoration-color:initial">Is
          there any way we can get nginx to support such a large volume
          of CRLs?</div>
        <br>
      </div>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
nginx mailing list
<a class="moz-txt-link-abbreviated" href="mailto:nginx@nginx.org">nginx@nginx.org</a>
<a class="moz-txt-link-freetext" href="http://mailman.nginx.org/mailman/listinfo/nginx">http://mailman.nginx.org/mailman/listinfo/nginx</a></pre>
    </blockquote>
    <p><br>
    </p>
  </body>
</html>