CPU 100% Upstream SSL handshake

Maxim Dounin mdounin at mdounin.ru
Wed Jan 30 18:58:01 UTC 2013


Hello!

On Wed, Jan 30, 2013 at 03:50:39AM +0000, 彭谦(研六 福州) wrote:

> Hello all!
>    Recently I came across a problem that CPU 100% when nginx upstream were trying to SSL handshake to the web sever.
>    the pass_proxy url is https://www.salesforce.com/export/login-messages/common/css/images/login/bk_promo_overlay3.png;
>    maybe the slow https web site has the same problem.
> 
> The debug log:
> 2013/01/30 11:06:23 [debug] 19604#0: posted event 100232FC
> 2013/01/30 11:06:23 [debug] 19604#0: *1 delete posted event 100232FC
> 2013/01/30 11:06:23 [debug] 19604#0: *1 SSL handshake handler: 1
> 2013/01/30 11:06:23 [debug] 19604#0: *1 SSL_do_handshake: -1
> 2013/01/30 11:06:23 [debug] 19604#0: *1 SSL_get_error: 2
> 2013/01/30 11:06:23 [debug] 19604#0: posted event 00000000
> 2013/01/30 11:06:23 [debug] 19604#0: worker cycle
> 2013/01/30 11:06:23 [debug] 19604#0: select event: fd:6 wr:0
> 2013/01/30 11:06:23 [debug] 19604#0: select event: fd:3 wr:0
> 2013/01/30 11:06:23 [debug] 19604#0: select event: fd:7 wr:0
> 2013/01/30 11:06:23 [debug] 19604#0: select event: fd:7 wr:1
> 2013/01/30 11:06:23 [debug] 19604#0: max_fd: 7
> 2013/01/30 11:06:23 [debug] 19604#0: select timer: 46801
> 2013/01/30 11:06:23 [debug] 19604#0: select ready 1
> 2013/01/30 11:06:23 [debug] 19604#0: select write 7
> 2013/01/30 11:06:23 [debug] 19604#0: *1 post event 100232FC
> 2013/01/30 11:06:23 [debug] 19604#0: timer delta: 0
> 2013/01/30 11:06:23 [debug] 19604#0: posted events 100232FC
> 2013/01/30 11:06:23 [debug] 19604#0: posted event 100232FC
> 2013/01/30 11:06:23 [debug] 19604#0: *1 delete posted event 100232FC
> 2013/01/30 11:06:23 [debug] 19604#0: *1 SSL handshake handler: 1
> 2013/01/30 11:06:23 [debug] 19604#0: *1 SSL_do_handshake: -1
> 2013/01/30 11:06:23 [debug] 19604#0: *1 SSL_get_error: 2
> 2013/01/30 11:06:23 [debug] 19604#0: posted event 00000000
> 2013/01/30 11:06:23 [debug] 19604#0: worker cycle
> 2013/01/30 11:06:23 [debug] 19604#0: select event: fd:6 wr:0
> 2013/01/30 11:06:23 [debug] 19604#0: select event: fd:3 wr:0
> 2013/01/30 11:06:23 [debug] 19604#0: select event: fd:7 wr:0
> 2013/01/30 11:06:23 [debug] 19604#0: select event: fd:7 wr:1
> 2013/01/30 11:06:23 [debug] 19604#0: max_fd: 7
> 
> we can see the write handler will repeat again and again until the SSL_do_handshake return 1.
> i just repear the problem in select I/O multiplexing.
> Can you help me to fix this bug?

Thank you for your report, it looks like generic problem in ssl handshake
handling with level-triggered event methods.

The following patch should fix the problem:

diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -808,6 +808,10 @@ ngx_ssl_handshake(ngx_connection_t *c)
             return NGX_ERROR;
         }
 
+        if (ngx_handle_write_event(c->write, 0) != NGX_OK) {
+            return NGX_ERROR;
+        }
+
         return NGX_AGAIN;
     }
 
@@ -816,6 +820,10 @@ ngx_ssl_handshake(ngx_connection_t *c)
         c->read->handler = ngx_ssl_handshake_handler;
         c->write->handler = ngx_ssl_handshake_handler;
 
+        if (ngx_handle_read_event(c->read, 0) != NGX_OK) {
+            return NGX_ERROR;
+        }
+
         if (ngx_handle_write_event(c->write, 0) != NGX_OK) {
             return NGX_ERROR;
         }



-- 
Maxim Dounin
http://nginx.com/support.html



More information about the nginx-devel mailing list