no server response in https

Maxim Dounin mdounin at mdounin.ru
Thu May 5 10:22:06 MSD 2011


Hello!

On Tue, May 03, 2011 at 01:42:42PM -0400, art.wu wrote:

> I'm running 0.8.53 on QNX Neutrino 6.5.0 with SSL on and the server
> doesn't respond to the client. Instead it times out, as below. It does
> work properly with SSL off. Can you provide any suggestions? Thanks.

Yep, this is general bug affecting systems with 32-bit off_t.  
Attached patch fixes it.

Please note that using 64-bit off_t may be a good thing anyway (2G 
limit is two low today even on embedded platforms...), and it 
looks like QNX (at least 6.5.0) supports -D_FILE_OFFSET_BITS=64 
(though nginx doesn't know and doesn't try it on QNX).  Try using 

./configure --with-cc-opt="-D_FILE_OFFSET_BITS=64" ...

it should resolve the issue even without the patch.

Please also note that there are other problems with QNX 6 due to 
time_t type being unsigned there.  GCC will refuse to build nginx 
with -Werror (as used by nginx) - and this is the right thing.  
I'm looking into this issue, but it will require a bit more work.

Maxim Dounin
-------------- next part --------------
# HG changeset patch
# User Maxim Dounin <mdounin at mdounin.ru>
# Date 1304575111 -14400
# Node ID 0446d18df946f8cfae3f623d3335722d7c4489a6
# Parent  9b9e61f1b5004e0c5a2d56372e682c2a1e053e34
Bugfix: https wasn't working on systems with 32-bit off_t.

Due to off_t being signed NGX_MAX_UINT32_VALUE will overflow off_t while
calculating limit in ngx_ssl_send_chain() on systems with 32-bit time_t,
and as a result ngx_ssl_send_chain() won't be able to send anything.

Introduce NGX_MAX_INT32_VALUE and use it there instead.

diff --git a/src/core/ngx_config.h b/src/core/ngx_config.h
--- a/src/core/ngx_config.h
+++ b/src/core/ngx_config.h
@@ -127,5 +127,6 @@ typedef intptr_t        ngx_flag_t;
 #define NGX_MAX_UINT32_VALUE  (uint32_t) 0xffffffff
 #endif
 
+#define NGX_MAX_INT32_VALUE   (int32_t) 2147483647
 
 #endif /* _NGX_CONFIG_H_INCLUDED_ */
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -957,10 +957,10 @@ ngx_ssl_send_chain(ngx_connection_t *c, 
     }
 
 
-    /* the maximum limit size is the maximum uint32_t value - the page size */
-
-    if (limit == 0 || limit > (off_t) (NGX_MAX_UINT32_VALUE - ngx_pagesize)) {
-        limit = NGX_MAX_UINT32_VALUE - ngx_pagesize;
+    /* the maximum limit size is the maximum int32_t value - the page size */
+
+    if (limit == 0 || limit > (off_t) (NGX_MAX_INT32_VALUE - ngx_pagesize)) {
+        limit = NGX_MAX_INT32_VALUE - ngx_pagesize;
     }
 
     buf = c->ssl->buf;


More information about the nginx mailing list