Custom Query (2297 matches)
Results (28 - 30 of 2297)
Ticket | Resolution | Summary | Owner | Reporter |
---|---|---|---|---|
#1519 | fixed | grpc_pass causes grpc TCP reset when streaming a lot of data (with default gprc_buffer_size) | ||
Description |
grpc_pass seems to cause grpc core to do a TCP reset when streaming a lot of data, ostensibly when response headers are being sent. The grpc client experiences a HTTP/2 RST_STREAM frame. The problem *appears* to be fixed if the grpc_buffer_size is set to a large number such as 100M. Presumably, this makes sense if the upstream GRPC server is able to produce data faster than the client can receive it; however I expected grpc_pass to act like proxy_pass and use a temporary file if the buffer size is exceeded. Alternatively, disabling buffering and relying on flow-control seems like a good option, considering the GRPC stream data may be real-time in some use cases. With proxy_pass this is possible with proxy_buffering off. Unfortunately there is no such option with grpc_pass. I have created a gist which includes a minimal example (with nginx configuration, versions etc) to reproduce this: https://gist.github.com/naggie/1c432b41613a23497a3c6f67c0adac28 Thanks! |
|||
#1646 | fixed | Nginx 1.15.4 segfault during normal ssllabs.com test | ||
Description |
I have compiled latest nginx 1.15.4 and noticed that it segfault every time when trying to do ssllabs test (https://www.ssllabs.com/ssltest/) on any vhost. It always segfault during "Testing renegotiation" stage. I have generated core dump and backtrace is always the same: backtrace #0 ngx_http_ssl_servername (ssl_conn=0x1eccef0, ad=0x7ffd4e5949d0, arg=0x0) at src/http/ngx_http_request.c:878 #1 0x000000000057bc9f in ssl_parse_clienthello_tlsext () #2 0x000000000057227e in tls_process_client_hello () #3 0x00000000005678bd in state_machine () #4 0x000000000054fd42 in ssl3_read_bytes () #5 0x00000000005556a5 in ssl3_read () #6 0x000000000055edc9 in SSL_read () #7 0x0000000000495f76 in ngx_ssl_recv (c=0x1c18a40, buf=0x1efb21a "", size=886) at src/event/ngx_event_openssl.c:1746 #8 0x00000000004b00ed in ngx_http_read_request_header (r=0x1da0e60) at src/http/ngx_http_request.c:1418 #9 0x00000000004afc46 in ngx_http_process_request_headers (rev=0x1c8f730) at src/http/ngx_http_request.c:1285 #10 0x0000000000491415 in ngx_epoll_process_events (cycle=0x162e050, timer=42349, flags=1) at src/event/modules/ngx_epoll_module.c:902 #11 0x0000000000481540 in ngx_process_events_and_timers (cycle=0x162e050) at src/event/ngx_event.c:242 #12 0x000000000048ebe8 in ngx_worker_process_cycle (cycle=0x162e050, data=0x0) at src/os/unix/ngx_process_cycle.c:750 #13 0x000000000048bac8 in ngx_spawn_process (cycle=0x162e050, proc=0x48eb3a <ngx_worker_process_cycle>, data=0x0, name=0x6e7ee8 "worker process", respawn=-3) at src/os/unix/ngx_process.c:199 #14 0x000000000048ddfd in ngx_start_worker_processes (cycle=0x162e050, n=4, type=-3) at src/os/unix/ngx_process_cycle.c:359 #15 0x000000000048d54d in ngx_master_process_cycle (cycle=0x162e050) at src/os/unix/ngx_process_cycle.c:131 #16 0x000000000044e751 in main (argc=1, argv=0x7ffd4e5953d8) at src/core/nginx.c:382 Tested on different servers and OSes (Fedora 28, Centos 7.5) with different configs, every time it results in segfault. The same problem exists when compiled with openssl-1.1.1 or with openssl-1.1.0i. My test config is: worker_processes 4; events {
} http {
} |
|||
#2008 | fixed | 699f6e55bbb4 causes request for client certificate | ||
Description |
A few users (using Chrome and Safari) where getting request for client certificates upon connecting to the site. I was unable to reproduce the error until I installed another client certificate in Chrome (so it prompts to select certificate). I double checked the config and none of the options for client certificates were set. I also added "ssl_verify_client off;" just to be sure. After reverting 699f6e55bbb4 the users are no longer getting client certificate requests. |