Socket leaks., pread and [crit] SSL_Write() in 1.0.14
Maxim Dounin
mdounin at mdounin.ru
Mon Mar 26 16:47:54 UTC 2012
Hello!
On Mon, Mar 26, 2012 at 08:04:13AM -0400, TECK wrote:
> Hi Maxim,
>
> > Do you see this as a regression from some previous version? If
> > yes - which one? Do you see the same problem in 1.1.x?
>
> I used before 1.0.12 and did not experienced the socket leaks.
That's really strange, changes between 1.0.12 and 1.0.14 are
minimal. Could you please re-try with 1.0.12 to see if it works
for you without problems?
> > As openssl 0.9.8e is quite old, I assume it's heavily modified by
> > your OS vendor. Do you see the same errors if you compile nginx with
> > recent vanilla openssl (0.9.8u, 1.0.0h or 1.0.1 will be ok)?
>
> We are using the default openssl version available in CentOS 5.8.
> I could look into that but we are talking hundreds of thousands of
> servers still using 0.9.8e.
I'm mostly concerned by local changes by your OS vendor, not about
openssl 0.9.8e by itself. BTW, when you've upgraded your openssl
last time? I.e. did the same openssl package version worked for
you before, or you've upgraded it with nginx as well?
> Personally I'm not comfortable yet moving to CentOS 6.2. I will create
> an openssl-1.0.1 RPM for CentOS 5.8 and test it on a development server,
> then move it into production. Still, I don't recall noticing any SSL
> errors on previous Nginx version (1.0.12).
As already suggested - you may build nginx with any particular
openssl version statically, by using --with-openssl= configure
argument.
Maxim Dounin
More information about the nginx
mailing list