segfault when both use builtin and shared in ssl_session_cache
Maxim Dounin
mdounin at mdounin.ru
Sat Oct 9 04:56:13 UTC 2021
Hello!
On Sat, Oct 09, 2021 at 09:14:19AM +0800, DeJiang Zhu wrote:
> Hi, Nginx developers:
>
> I'm investigating a segfault issue: it happens when both "builtin" and
> "shared" cache types are used in ssl_session_cache and it disappear when
> only use "shared".
>
> It's original reported here:
> https://github.com/kubernetes/ingress-nginx/issues/7080#issuecomment-932293028
> And some more details here:
> https://github.com/openssl/openssl/issues/16733#issue-1014329932
>
> I haven't see any code on Nginx side that will directly manipulate the
> session hash hash.
> Could you please provide any suggestions? Thanks very much!
By itself nginx does not try to manipulate OpenSSL's builtin
session cache directly. Rather, nginx only controls if builtin
cache is enabled and its size via SSL_CTX_set_session_cache_mode()
and SSL_CTX_sess_set_cache_size(). Additionally, when nginx has
reasons to remove a session, it calls SSL_CTX_remove_session() to
remove a particular session.
Note though that the links above indicate that you are using a
fork rather than nginx itself, this might make a difference.
Testing on vanilla nginx without any 3rd party modules might be a
good idea, if it's possible.
--
Maxim Dounin
http://mdounin.ru/
More information about the nginx-devel
mailing list