Project

General

Profile

[Solved] Single process (pblighttpd -1) and SSL

Added by citaylor 4 months ago

Hello, I'm trying to configure lighttpd 1.4.45 with SSL and FCGI to run under xinetd (yeah I know all the arguments against that...please don't go there)
When I run it as a normal service its fine, however when I run it as a single-shot it hangs in an OpenSSL BIO_read - gdb backtrace:

(gdb) where
#0 0x0000003f5f6db670 in __read_nocancel () from /lib64/libc.so.6
#1 0x00007fc0d2068c82 in sock_read () from /usr/lib/libcrypto.so.1.0.0
#2 0x00007fc0d2066be3 in BIO_read () from /usr/lib/libcrypto.so.1.0.0
#3 0x00007fc0d22b6332 in ssl3_read_n () from /usr/lib/libssl.so.1.0.0
#4 0x00007fc0d22b7f19 in ssl3_get_record () from /usr/lib/libssl.so.1.0.0
#5 0x00007fc0d22b7a5f in ssl3_read_bytes () from /usr/lib/libssl.so.1.0.0
#6 0x00007fc0d22b48f2 in ssl3_read () from /usr/lib/libssl.so.1.0.0
#7 0x00007fc0d22cc766 in SSL_read () from /usr/lib/libssl.so.1.0.0
#8 0x000000000042574b in connection_handle_read_ssl (srv=0x240f010, con=0x243d130)
at ../../../src/connections-glue.c:117
#9 connection_handle_read (srv=0x240f010, con=0x243d130) at ../../../src/connections-glue.c:234
#10 0x000000000040d366 in connection_handle_read_state (srv=0x240f010, con=0x243d130)
at ../../../src/connections.c:804
#11 0x000000000040db9a in connection_state_machine (srv=0x240f010, con=0x243d130)
at ../../../src/connections.c:1296
#12 0x000000000040af9c in server_oneshot_init (argc=<value optimized out>, argv=<value optimized out>)
at ../../../src/server.c:534
#13 main (argc=<value optimized out>, argv=<value optimized out>) at ../../../src/server.c:1501

And the debug displays:
2017-07-28 16:12:15: (../../../src/mod_fastcgi.c.1485) --- fastcgi spawning local ...
2017-07-28 16:12:15: (../../../src/mod_fastcgi.c.1509) --- fastcgi spawning ...
2017-07-28 16:12:15: (../../../src/connections.c.1103) state at start 3 req-start
2017-07-28 16:12:15: (../../../src/connections.c.1113) state for fd 3 req-start
2017-07-28 16:12:15: (../../../src/connections.c.1113) state for fd 3 read

HOWEVER, If I write a "shim" program between xinetd and the lighttpd which sets file descriptor 0 (stdin) to non-blocking everything SEEMS to start working again (though I haven't thoroughly tested it yet)

Can someone tell me if this is my misunderstanding/misconfiguration of lighttpd/xinetd, or whether its a lighttpd bug please ?

I'm running on centos-7.0 x64, lighttpd 1.4.45
Config file attached.

My config.log is:
configure --srcdir=../.. --cache-file=config.cache --prefix=/usr/lib/lighttpd --enable-static --without-pcre --without-bzip2 --without-zlib --with-openssl --with-openssl-includes=/usr/local/openssl_so-1.0.2a/include --with-openssl-libs=/usr/local/openssl_so-1.0.2a/lib

Thanks

lighttpd.conf (966 Bytes) lighttpd.conf lighttpd.conf
lighttpd-xinetd (415 Bytes) lighttpd-xinetd xinetd lighttpd configuration

Replies (2)

RE: Single process (pblighttpd -1) and SSL - Added by gstrauss 4 months ago

Thanks for the report. It is a bug with one-shot mode. Here's a patch, which will be part of lighttpd 1.4.46.

--- a/src/server.c
+++ b/src/server.c
@@ -516,6 +516,9 @@ static int server_oneshot_init(server *srv, int fd) {
                return 0;
        }

+       /*(must set flags; fd did not pass through fdevent accept() logic)*/
+       fdevent_fcntl_set_nb_cloexec(srv->ev, fd);
+
        if (cnt_addr.plain.sa_family != AF_UNIX) {
                network_accept_tcp_nagle_disable(fd);
        }

RE: [Solved] Single process (pblighttpd -1) and SSL - Added by citaylor 4 months ago

Fantastic service, fantastic product - thank you!!
(donation made...)

    (1-2/2)