nginx serving corrupt images

Dan Swaney justdan23 at gmail.com
Fri Feb 24 03:35:16 UTC 2023


Hi Maxim,

Here is the version details from my full recompile of NGINX 64-bit on
Windows.  My code base is 2 months old, but it reproduced Saint's issue.

nginx version: nginx/1.23.3
> built by cl 19.34.31937 for x64
> *built with OpenSSL 3.1.0-beta1-dev*
> TLS SNI support enabled
> configure arguments: --with-cc=cl --builddir=objs --with-debug --prefix=.
> --conf-path=conf/nginx.conf --pid-path=logs/nginx.pid
> --http-log-path=logs/access.log --error-log-path=logs/error.log
> --sbin-path=nginx.exe --http-client-body-temp-path=temp/client_body_temp
> --http-proxy-temp-path=temp/proxy_temp
> --http-fastcgi-temp-path=temp/fastcgi_temp
> --http-scgi-temp-path=temp/scgi_temp --http-uwsgi-temp-path=temp/uwsgi_temp
> --with-cc-opt=-DFD_SETSIZE=1024 --with-pcre=objs/lib/pcre2
> --with-zlib=objs/lib/zlib --with-select_module --with-http_v2_module
> --with-http_realip_module --with-http_addition_module
> --with-http_sub_module --with-http_dav_module
> --with-http_stub_status_module --with-http_flv_module
> --with-http_mp4_module --with-http_gunzip_module
> --with-http_gzip_static_module --with-http_auth_request_module
> --with-http_random_index_module --with-http_secure_link_module
> --with-http_slice_module --with-mail --with-stream --with-http_ssl_module
> --with-mail_ssl_module --with-stream_ssl_module
> --with-openssl=objs/lib/openssl
> --add-module=objs/lib/spnego-http-auth-nginx-module --with-cc-opt='-I
> objs/lib/krb5/objs/include'
>

I'm using a OpenSSL beta build from earlier, but I was able to reproduce
Saint's issue and discovered the work-around with lowering the
ssl_buffer_size to 4k,  Something for Saint to try out.

On Thu, Feb 23, 2023 at 10:26 PM Maxim Dounin <mdounin at mdounin.ru> wrote:

> Hello!
>
> On Thu, Feb 23, 2023 at 09:42:29PM -0500, Dan Swaney wrote:
>
> > Ah-ah...I caught the NGINX failure in the SSL response:
>
> [...]
>
> > > 2023/02/23 21:24:49 [debug] 4768#4528: *1 malloc:
> 000002DC83A8F350:16384
> > > 2023/02/23 21:24:49 [debug] 4768#4528: *1 SSL buf copy: 626
> > > 2023/02/23 21:24:49 [debug] 4768#4528: *1 SSL buf copy: 15758
> > > *2023/02/23 21:24:49 [debug] 4768#4528: *1 SSL to write: 16384*
> > > 2023/02/23 21:24:49 [debug] 4768#4528: ssl remove session: B87DD7B9:32
> > > 2023/02/23 21:24:49 [debug] 4768#4528: shmtx lock
> > > 2023/02/23 21:24:49 [debug] 4768#4528: shmtx unlock
> > > 2023/02/23 21:24:49 [debug] 4768#4528: *1 SSL_write: -1
> > > 2023/02/23 21:24:49 [debug] 4768#4528: *1 SSL_get_error: 1
> > >
> > > *2023/02/23 21:24:49 [crit] 4768#4528: *1 SSL_write() failed (SSL:
> > > error:0A0C0103:SSL routines::internal error) while sending response to
> > > client, client: 192.168.80.130, server: win10-web-svr.dreamstone.com
> > > <http://win10-web-svr.dreamstone.com>, request: "GET
> /images/image001.jpg
> > > HTTP/1.1", host: "win10-web-svr.dreamstone.com
> > > <http://win10-web-svr.dreamstone.com>", referrer:
> > > "https://win10-web-svr.dreamstone.com/
> > > <https://win10-web-svr.dreamstone.com/>"*
>
> The error suggests there is a bug in the SSL library you are
> using.  What does "nginx -V" show?
>
> (IIRC, there was something like this in the OpenSSL development
> recently, though I believe it doesn't affect any of the released
> versions.  I may be wrong though.)
>
> --
> Maxim Dounin
> http://mdounin.ru/
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> https://mailman.nginx.org/mailman/listinfo/nginx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20230223/2ad005f1/attachment.htm>


More information about the nginx mailing list