Large CRL file crashing nginx on reload

Shaun Tarves shaun.tarves at
Thu Jul 26 20:16:11 UTC 2018


We are trying to use nginx to support the DoD PKI infrastructure, which
includes many DoD and contractor CRLs. The combined CRL file is over 350MB
in size, which seems to crash nginx during a reload (at least on Red Hat
6). Our cert/key/crl set up is valid and working, and when only including a
subset of the CRL files we have, reloads work fine.

When we concatenate all the CRLs we need to support, the config reload
request causes worker threads to become defunct and messages in the error
log indicate the following:

2018/07/26 16:05:25 [alert] 30624#30624: fork() failed while spawning
"worker process" (12: Cannot allocate memory)

2018/07/26 16:05:25 [alert] 30624#30624: sendmsg() failed (9: Bad file

2018/07/26 16:08:42 [alert] 30624#30624: worker process 1611 exited on
signal 9

Is there any way we can get nginx to support such a large volume of CRLs?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the nginx mailing list