[PATCH 02 of 11] SSL: reduced logging of session cache failures (ticket #621)
Maxim Dounin
mdounin at mdounin.ru
Fri Aug 26 03:01:09 UTC 2022
# HG changeset patch
# User Maxim Dounin <mdounin at mdounin.ru>
# Date 1661481947 -10800
# Fri Aug 26 05:45:47 2022 +0300
# Node ID 5b137f110e84af974ef2b9efcf35bec2d883c187
# Parent 2cd8fbeb4edc5a99b725585edc02a16a8a0c503e
SSL: reduced logging of session cache failures (ticket #621).
Session cache allocations might fail as long as the new session is different
in size from the one least recently used (and freed when the first allocation
fails). In particular, it might not be possible to allocate space for
sessions with client certificates, since they are noticeably bigger than
normal sessions.
To ensure such allocation failures won't clutter logs, logging level changed
to "warn", and logging is now limited to at most one warning per second.
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -3949,8 +3949,11 @@ failed:
ngx_shmtx_unlock(&shpool->mutex);
- ngx_log_error(NGX_LOG_ALERT, c->log, 0,
- "could not allocate new session%s", shpool->log_ctx);
+ if (cache->fail_time != ngx_time()) {
+ cache->fail_time = ngx_time();
+ ngx_log_error(NGX_LOG_WARN, c->log, 0,
+ "could not allocate new session%s", shpool->log_ctx);
+ }
return 0;
}
diff --git a/src/event/ngx_event_openssl.h b/src/event/ngx_event_openssl.h
--- a/src/event/ngx_event_openssl.h
+++ b/src/event/ngx_event_openssl.h
@@ -150,6 +150,7 @@ typedef struct {
ngx_rbtree_t session_rbtree;
ngx_rbtree_node_t sentinel;
ngx_queue_t expire_queue;
+ time_t fail_time;
} ngx_ssl_session_cache_t;
More information about the nginx-devel
mailing list