Bug 196059

Summary:

www/nginx: nginx worker crashes with HTTPS request using TLS => 1.0

Product:

Ports & Packages

Reporter:

marek

Component:

Individual Port(s)

Assignee:

Sergey A. Osokin <osa>

Status:

Closed FIXED

Severity:

Affects Only Me

CC:

trasz

Priority:

---

Flags:

bugzilla: maintainer-feedback? (osa)

Version:

Latest

Hardware:

amd64

OS:

Any

Attachments:

Description	Flags
nginx.conf	none

Description marek 2014-12-17 11:05:34 UTC

Overview:
I am using nginx 1.6.2 with php-fpm 5.3.35 and enabled HTTPS. All installed on FreeBSD 10.1 / amd64. When I try to access the site using TLS1.0 or greater, the server worker crashes.

Steps to Reproduce:
I reproduced this bug successfully on the Virtual Machine. Here is the steps:
- install FreeBSD (tested on 10.0 and 10.1)
- install packages: nginx php5 curl
- configure nginx to work with php-fpm (I used this tutorial: http://wiki.nginx.org/PHPFcgiExample)
- create any .php page, I used simple index.php with phpinfo():

<?php
phpinfo();
?>

- create self signed or get CA signed certificate (no matter for this)
- launch the HTTPS enabled site
- test with curl (see below)

Actual Results:
I tested this site using curl with several SSL parameters:

1. curl -k --sslv3 https://testpage.server.domain/
Result:
- curl showed generated page from phpinfo()

2. curl -k --tlsv1.0 https://testpage.server.domain/
Result:
- curl: (52) Empty reply from server
- dmesg: pid 59695 (nginx), uid 80: exited on signal 11

3. curl -k --tlsv1.1 https://testpage.server.domain/
Result:
- same as above

4. curl -k --tlsv1.2 https://testpage.server.domain/
Result:
- same as above

Expected Results:
Any test mentioned above should not crash the nginx.

Build Date & Hardware:
FreeBSD 10.1-RELEASE #0 r274401: Tue Nov 11 21:02:49 UTC 2014 root@releng1.nyi.freebsd.org:/usr/obj/usr/src/sys/GENERIC amd64
All packages from latest pkg repository:
curl-7.39.0_1 Non-interactive tool to get files from FTP, GOPHER, HTTP(S) servers
nginx-1.6.2_1,2 Robust and small WWW server
php5-5.4.35 PHP Scripting Language

Additional Builds and Platforms:
Virtual Machine on Microsoft Hyper-V. Same FreeBSD and the packages.

Additional Information:
1. I was unable to get core, after nginx crashes. I tried to incerase worker_limit_core in nginx.conf to 20480M but with no success:

worker_rlimit_core 20480M;
working_directory /var/crash/;

# fstat /var/crash
USER CMD PID FD MOUNT INUM MODE SZ|DV R/W NAME
www nginx 96008 wd /var/crash 4 drwxrwxrwx 2 r /var/crash

After nginx worker crashes, there is no core in /var/crash

2. There is no access log or error log when nginx worker crashes.

3. The server works correctly with static html content (all the tests mentioned above have passed).

Comment 1 Bugzilla Automation freebsd_committer

2014-12-17 11:05:34 UTC

Auto-assigned to maintainer osa@FreeBSD.org

Comment 2 Sergey A. Osokin freebsd_committer

2015-05-02 17:31:37 UTC

Hi,

could you please show the nginx.conf file.

Also, recently www/nginx has been upgraded to latest stable version 1.8.0, could you please try to reproduce the issue with new version.

Comment 3 marek 2015-05-06 15:36:12 UTC

Created attachment 156430 [details]
nginx.conf

Comment 4 marek 2015-05-06 15:36:57 UTC

(In reply to Sergey A. Osokin from comment #2)

Hi,

I updated the system to latest version. Currently I have:

OS: FreeBSD 10.1-RELEASE-p9

Packages:
curl-7.42.1
nginx-1.8.0,2
php56-5.6.8

The problem still exists. The results are the same as above. Please check my nginx.conf

Comment 5 Sergey A. Osokin freebsd_committer

2015-05-28 02:23:59 UTC

Thanks for report.

Two questions here:
1) are you using third-party modules?  Could you please provide nginx -V output?
2) is there any chance to compile nginx with debugging log and try to reproduce the issue?

Comment 6 Edward Tomasz Napierala freebsd_committer

2015-05-28 07:53:09 UTC

Few days ago I've spent some time on debugging this (note to myself: use "master_process off" to get an usable core file), and it seems to be related to SSL session cache; it crashes somewhere in ssl_update_cache().  Basically, uncommenting this line in the server section of the default nginx.conf:

ssl_session_cache    shared:SSL:1m;

... uncommenting this seems to trigger the problem; when running without ssl_session_cache the crash doesn't seem to occur.

This thread - http://comments.gmane.org/gmane.comp.web.haproxy/16402 - mentions a bug that looks similar, although for haproxy, not nginx.  Might be a good idea to consult FreeBSD OpenSSL maintainer?

Comment 7 marek 2015-07-15 16:15:34 UTC

Hi Sergey, 
I updated packages and the problem disappeared (?). Currently I have:
curl-7.43.0_2
nginx-1.8.0_3,2
php56-5.6.11

I tried to reproduce this problem on clean install on  VM, but currently everything works correctly. Probably the problem was solved somewhere between nginx-1.8.0,2 and nginx-1.8.0_3,2

Answering to your questions:

1) This is standard instalation with default port options:
# nginx -V
nginx version: nginx/1.8.0
built with OpenSSL 1.0.1l-freebsd 15 Jan 2015 (running with OpenSSL 1.0.1j-freebsd 15 Oct 2014)
TLS SNI support enabled
configure arguments: --prefix=/usr/local/etc/nginx --with-cc-opt='-I /usr/local/include' --with-ld-opt='-L /usr/local/lib' --conf-path=/usr/local/etc/nginx/nginx.conf
 --sbin-path=/usr/local/sbin/nginx --pid-path=/var/run/nginx.pid --error-log-path=/var/log/nginx-error.log --user=www --group=www --with-ipv6 --http-client-body-temp-
path=/var/tmp/nginx/client_body_temp --http-fastcgi-temp-path=/var/tmp/nginx/fastcgi_temp --http-proxy-temp-path=/var/tmp/nginx/proxy_temp --http-scgi-temp-path=/var/
tmp/nginx/scgi_temp --http-uwsgi-temp-path=/var/tmp/nginx/uwsgi_temp --http-log-path=/var/log/nginx-access.log --with-http_stub_status_module --with-pcre --with-http_
ssl_module

2) I did not do that, due to the problem was solved after package upgrade.

Thank you for your support. Due to the fact that the problem has disappeared and cannot be reproduced, this bug can be closed.

Comment 8 Sergey A. Osokin freebsd_committer

2015-11-11 21:16:09 UTC

Closed by originator request.  Thanks for report!