segfault when both use builtin and shared in ssl_session_cache
doujiang24 at gmail.com
Sat Oct 9 07:16:12 UTC 2021
On Sat, Oct 9, 2021 at 12:57 PM Maxim Dounin <mdounin at mdounin.ru> wrote:
> On Sat, Oct 09, 2021 at 09:14:19AM +0800, DeJiang Zhu wrote:
> > Hi, Nginx developers:
> > I'm investigating a segfault issue: it happens when both "builtin" and
> > "shared" cache types are used in ssl_session_cache and it disappear when
> > only use "shared".
> > It's original reported here:
> > And some more details here:
> > https://github.com/openssl/openssl/issues/16733#issue-1014329932
> > I haven't see any code on Nginx side that will directly manipulate the
> > session hash hash.
> > Could you please provide any suggestions? Thanks very much!
> By itself nginx does not try to manipulate OpenSSL's builtin
> session cache directly. Rather, nginx only controls if builtin
> cache is enabled and its size via SSL_CTX_set_session_cache_mode()
> and SSL_CTX_sess_set_cache_size(). Additionally, when nginx has
> reasons to remove a session, it calls SSL_CTX_remove_session() to
> remove a particular session.
Got it. Thanks for your quick reply.
> Note though that the links above indicate that you are using a
> fork rather than nginx itself, this might make a difference.
> Testing on vanilla nginx without any 3rd party modules might be a
> good idea, if it's possible.
AFAIK, ingress-nginx only enabled the "ssl_session_cache" for session cache.
It hasn't enabled `ssl_session_fetch/store_by_lua" from lua-nginx-module.
It is only reproduced in some production cases, it's hard to reproduce it
on vanilla Nginx.
Anyway, thanks again, and will update here when got more clues.
> Maxim Dounin
> nginx-devel mailing list
> nginx-devel at nginx.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the nginx-devel