Socket leaks., pread and [crit] SSL_Write() in 1.0.14

Maxim Dounin mdounin at
Mon Mar 26 16:47:54 UTC 2012


On Mon, Mar 26, 2012 at 08:04:13AM -0400, TECK wrote:

> Hi Maxim,
> > Do you see this as a regression from some previous version? If
> > yes - which one? Do you see the same problem in 1.1.x?
> I used before 1.0.12 and did not experienced the socket leaks.

That's really strange, changes between 1.0.12 and 1.0.14 are 
minimal.  Could you please re-try with 1.0.12 to see if it works 
for you without problems?

> > As openssl 0.9.8e is quite old, I assume it's heavily modified by
> > your OS vendor. Do you see the same errors if you compile nginx with
> > recent vanilla openssl (0.9.8u, 1.0.0h or 1.0.1 will be ok)?
> We are using the default openssl version available in CentOS 5.8.
> I could look into that but we are talking hundreds of thousands of
> servers still using 0.9.8e.

I'm mostly concerned by local changes by your OS vendor, not about 
openssl 0.9.8e by itself.  BTW, when you've upgraded your openssl 
last time?  I.e. did the same openssl package version worked for 
you before, or you've upgraded it with nginx as well? 

> Personally I'm not comfortable yet moving to CentOS 6.2. I will create
> an openssl-1.0.1 RPM for CentOS 5.8 and test it on a development server,
> then move it into production. Still, I don't recall noticing any SSL
> errors on previous Nginx version (1.0.12).

As already suggested - you may build nginx with any particular 
openssl version statically, by using --with-openssl= configure 

Maxim Dounin

More information about the nginx mailing list