upstream keepalive - call for testing
Maxim Dounin
mdounin at mdounin.ru
Mon Aug 29 01:47:09 UTC 2011
Hello!
On Sun, Aug 28, 2011 at 01:07:25PM -0400, magicbear wrote:
> Hello, tested for 2 days, the segmentation failure frequence is
> decreased, but sometime still will dead.
>
> Here is the coredump information. It seems appear too at official
> without patch version.
[...]
> (gdb) bt
> #0 0x000000000045bd99 in ngx_http_upstream_handler (ev=0x7f99438901e8)
> at src/http/ngx_http_upstream.c:921
> #1 0x0000000000427839 in ngx_event_expire_timers () at
> src/event/ngx_event_timer.c:149
Could you please test if the attached patch fixes things for you?
You may also grab it from here:
http://mdounin.ru/files/patch-nginx-ssl-shutdown.txt
Maxim Dounin
-------------- next part --------------
# HG changeset patch
# User Maxim Dounin <mdounin at mdounin.ru>
# Date 1314581235 -14400
# Node ID 804454a04e22d32c064a3af8e7b24326c7fc2d63
# Parent 4b58ea791d9f09b0e2d019fcdea340c0a390af6c
Handle quiet ssl shutdown.
OpenSSL's SSL_shutdown() may still try to talk to network even if
SSL_set_shutdown(SSL_RECEIVED_SHUTDOWN|SSL_SENT_SHUTDOWN) was used.
This happens if there are some unsent alerts.
Use SSL_set_quiet_shutdown() to actually shutdown quitely if we were asked
to. Note that SSL_set_shutdown() is still required as not setting it will
invalidate session.
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -1205,6 +1205,7 @@ ngx_ssl_shutdown(ngx_connection_t *c)
if (c->timedout) {
mode = SSL_RECEIVED_SHUTDOWN|SSL_SENT_SHUTDOWN;
+ SSL_set_quiet_shutdown(c->ssl->connection, 1);
} else {
mode = SSL_get_shutdown(c->ssl->connection);
@@ -1216,6 +1217,10 @@ ngx_ssl_shutdown(ngx_connection_t *c)
if (c->ssl->no_send_shutdown) {
mode |= SSL_SENT_SHUTDOWN;
}
+
+ if (c->ssl->no_wait_shutdown && c->ssl->no_send_shutdown) {
+ SSL_set_quiet_shutdown(c->ssl->connection, 1);
+ }
}
SSL_set_shutdown(c->ssl->connection, mode);
More information about the nginx
mailing list