Fwd: 1.17.5 regression

Maxim Dounin mdounin at mdounin.ru
Wed Dec 18 17:24:25 UTC 2019


On Mon, Dec 16, 2019 at 03:02:37PM +0100, Gábor Boskovits wrote:

> On berlin.guix.gnu.org we observed a regression upon upgrading nginx
> to 1.17.5. The problem was, when pipelining request to a proxy using
> tls, we suddenly started to get 408 client timeouts, manifesting in
> dropped connections. Currently we worked around the issue by
> downgrading to 1.17.4. I have collected some information about the
> problem here:
> https://gitlab.com/g_bor/fix-nginx-tls
> It contains the logs from the good and the bad version, a full nginx
> config, some info about how nginx was built. I managed to bisect the
> problem down to changeset 9d2ad2fb4423, which introduced the problem.
> Any help in further debuggin this would be greatly appreciated.

Thanks for the report, it indeed looks like a bug introduced 
in 9d2ad2fb4423.

The problem is that c->read->handler is overwritted when switching 
to the next pipelined request, ngx_ssl_next_read_handler() is not 
called, and c->read->ready remains not set.  I'll take a look how 
to fix it properly.

Note well that a simpler workaround might be to build nginx with 
the --with-cc-opt="-DNGX_HAVE_FIONREAD=0" configure argument, this 
will disable the code in question on systems not using kqueue.

Maxim Dounin

More information about the nginx-devel mailing list