[PATCH] Upstream: fix memory leak with resolved peers and ssl
Maxim Dounin
mdounin at mdounin.ru
Tue Jul 26 21:23:04 UTC 2011
Hello!
On Tue, Jul 26, 2011 at 09:37:25PM +0200, Srebrenko Šehić wrote:
> On Fri, Jul 22, 2011 at 4:07 PM, Maxim Dounin <mdounin at mdounin.ru> wrote:
>
> > Upstream: fix memory leak with resolved peers and ssl.
> >
> > As round robin peers created with ngx_http_upstream_create_round_robin_peer()
> > are allocated from request pool saved ssl sessions leaked on request
> > destruction. Since saving sessions is useless here anyway (each peer is only
> > used once) - fix this by not saving sessions at all.
>
> Is this only relevant for http -> https (where the backend protocol is
> SSL) or is this bug triggered as soon as you have SSL towards the
> backend?
This is triggered as long as you use https backend (original
protocol with client doesn't matter) and peer is dynamically
created (i.e. you use proxy_pass with variables, and resulting
hostname doesn't match existing upstream{} blocks).
That is, the following is safe:
proxy_pass https://backend;
but this will leak:
proxy_pass https://127.0.0.1$request_uri;
and require explicit
proxy_ssl_session_reuse off;
as a workaround (till upcoming 1.1.0, the patch was already
committed to trunk).
Maxim Dounin
More information about the nginx-devel
mailing list