Welcome! Log In Create A New Profile

Advanced

Re: segfault when both use builtin and shared in ssl_session_cache

DeJiang Zhu
October 09, 2021 03:18AM
Hello Maxim,

On Sat, Oct 9, 2021 at 12:57 PM Maxim Dounin <mdounin@mdounin.ru> wrote:

> Hello!
>
> On Sat, Oct 09, 2021 at 09:14:19AM +0800, DeJiang Zhu wrote:
>
> > Hi, Nginx developers:
> >
> > I'm investigating a segfault issue: it happens when both "builtin" and
> > "shared" cache types are used in ssl_session_cache and it disappear when
> > only use "shared".
> >
> > It's original reported here:
> >
> https://github.com/kubernetes/ingress-nginx/issues/7080#issuecomment-932293028
> > And some more details here:
> > https://github.com/openssl/openssl/issues/16733#issue-1014329932
> >
> > I haven't see any code on Nginx side that will directly manipulate the
> > session hash hash.
> > Could you please provide any suggestions? Thanks very much!
>
> By itself nginx does not try to manipulate OpenSSL's builtin
> session cache directly. Rather, nginx only controls if builtin
> cache is enabled and its size via SSL_CTX_set_session_cache_mode()
> and SSL_CTX_sess_set_cache_size(). Additionally, when nginx has
> reasons to remove a session, it calls SSL_CTX_remove_session() to
> remove a particular session.
>

Got it. Thanks for your quick reply.


>
> Note though that the links above indicate that you are using a
> fork rather than nginx itself, this might make a difference.
> Testing on vanilla nginx without any 3rd party modules might be a
> good idea, if it's possible.
>

AFAIK, ingress-nginx only enabled the "ssl_session_cache" for session cache.
It hasn't enabled `ssl_session_fetch/store_by_lua" from lua-nginx-module.

It is only reproduced in some production cases, it's hard to reproduce it
on vanilla Nginx.

Anyway, thanks again, and will update here when got more clues.


> --
> Maxim Dounin
> http://mdounin.ru/
> _______________________________________________
> nginx-devel mailing list
> nginx-devel@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-devel
>
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
Subject Author Views Posted

segfault when both use builtin and shared in ssl_session_cache

DeJiang Zhu 92 October 08, 2021 09:16PM

Re: segfault when both use builtin and shared in ssl_session_cache

Maxim Dounin 26 October 09, 2021 12:58AM

Re: segfault when both use builtin and shared in ssl_session_cache

DeJiang Zhu 20 October 09, 2021 03:18AM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 45
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready