Hello Maxim, On Sat, Oct 9, 2021 at 12:57 PM Maxim Dounin <[email protected]> wrote:
> Hello! > > On Sat, Oct 09, 2021 at 09:14:19AM +0800, DeJiang Zhu wrote: > > > Hi, Nginx developers: > > > > I'm investigating a segfault issue: it happens when both "builtin" and > > "shared" cache types are used in ssl_session_cache and it disappear when > > only use "shared". > > > > It's original reported here: > > > https://github.com/kubernetes/ingress-nginx/issues/7080#issuecomment-932293028 > > And some more details here: > > https://github.com/openssl/openssl/issues/16733#issue-1014329932 > > > > I haven't see any code on Nginx side that will directly manipulate the > > session hash hash. > > Could you please provide any suggestions? Thanks very much! > > By itself nginx does not try to manipulate OpenSSL's builtin > session cache directly. Rather, nginx only controls if builtin > cache is enabled and its size via SSL_CTX_set_session_cache_mode() > and SSL_CTX_sess_set_cache_size(). Additionally, when nginx has > reasons to remove a session, it calls SSL_CTX_remove_session() to > remove a particular session. > Got it. Thanks for your quick reply. > > Note though that the links above indicate that you are using a > fork rather than nginx itself, this might make a difference. > Testing on vanilla nginx without any 3rd party modules might be a > good idea, if it's possible. > AFAIK, ingress-nginx only enabled the "ssl_session_cache" for session cache. It hasn't enabled `ssl_session_fetch/store_by_lua" from lua-nginx-module. It is only reproduced in some production cases, it's hard to reproduce it on vanilla Nginx. Anyway, thanks again, and will update here when got more clues. > -- > Maxim Dounin > http://mdounin.ru/ > _______________________________________________ > nginx-devel mailing list > [email protected] > http://mailman.nginx.org/mailman/listinfo/nginx-devel >
_______________________________________________ nginx-devel mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx-devel
