https + large-file sending, sometimes fails

Gábor Farkas gabor at nekomancer.net
Thu Dec 20 12:55:16 MSK 2007 

Igor Sysoev wrote:
> On Tue, Dec 18, 2007 at 10:15:03AM +0100, G??bor Farkas wrote:
> 
>> Igor Sysoev wrote:
>>> On Mon, Dec 17, 2007 at 03:56:39PM +0100, G??bor Farkas wrote:
>>>
>>>> Igor Sysoev wrote:
>>>>> On Mon, Dec 17, 2007 at 03:12:33PM +0100, G?bor Farkas wrote:
>>>>>
>>>>>> i am sending large (400mb) csv files using nginx, using https.
>>>>>>
>>>>>> sometimes not the whole file is served by nginx.
>>>>>> it simply closes the connection before the whole file is sent.
>>>>>>
>>>>>>
>>>>>> when such problems happen, the error-log contains this:
>>>>>>
>>>>>> 2007/12/17 01:02:03 [crit] 21821#0: *864836 SSL_write() failed (SSL: 
>>>>>> error:1409F07F:SSL routines:SSL3_WRITE_PENDING:bad write retry) while 
>>>>>> sending response to client, client: 1.2.3.4, server: www.example.com, 
>>>>>> URL: "/some/url/to/a.csv", upstream: 
>>>>>> "http://internal-ip/some/auth/url/a.csv", host: "www.example.com"
>>>>>>
>>>>>> debian lenny (it has nginx 0.5.30-1)
>> maybe i am completely wrong here, but:
>>
>> (on ubuntu gutsy and hardy):
>>
>> simply create a minimal https-serving nginx-config, serve a 200mb file,
>> and try to fetch it from a different computer, using a lot of
>> concurrent-requests (something like "ab -n 1000 -c 100"),
>> and you will get the mentioned error.
>>
>> so, basically, any https-serving is broken.
>>
>> i find this very hard to believe, but i do not know what should i change
>> in the test.
>>
>> (the packages:nginx-0.5.33, openssl-0.9.8g)
>>
>> any ideas why this happens?
> 
> In the debug log I have not seen any invalid things from nginx side.
> Then I have looked OpenSSL sources and now I suspect the bug in OpenSSL.
> The attached patch may fix OpenSSL.
> 
> Could you build patched OpenSSL version and link it statically with nginx:
> 
>       tar zxf openssl-0.9.8g.tar.gz
>       patch -d openssl-0.9.8g < bad_write_retry.txt
>       tar zxf nginx-0.5.33.tar.gz
>       cd nginx-0.5.33
>       ./configure --with-openssl=../openssl-0.9.8g ...
> 

hi,

i tried the patch, and unfortunately it did not help.

also, something i say by the testing: if you start to do a lot of 
concurrent requests, and start to kill the clients (which are fetching 
the file), then also other requests start to die more frequently then 
normally.

thanks,
gabor

More information about the nginx mailing list