Project

General

Profile

Activity

From 2021-01-17 to 2021-01-23

2021-01-22

06:28 Lighttpd Bug #3056: OCSP Stapling reload seems not to work
After spending quite a bit of time trying to reproduce this, I think that the stapling file refresh code is pretty so... gstrauss

2021-01-21

19:44 Lighttpd Bug #3056: OCSP Stapling reload seems not to work
No yet, next "Next Update" is on Jan, 24th. I did not manage to create ocsp responses with less than 7 days. flynn
18:05 Lighttpd Bug #3056: OCSP Stapling reload seems not to work
Anything interesting in your logs now that the original stapling file has expired and a new one should have been read? gstrauss
06:31 Lighttpd Bug #3059: Connections stuck in Close_Wait causing 100% cpu usage
What version of the openssl libraries are installed on your system?
@openssl version@
gstrauss
06:00 Lighttpd Bug #3059: Connections stuck in Close_Wait causing 100% cpu usage
Only because I haven't yet asked: is there any trace in the lighttpd error log? gstrauss
05:55 Lighttpd Bug #3059: Connections stuck in Close_Wait causing 100% cpu usage
The most recent trace that you shared shows @BIO_write()@ and @write()@ along with SIGPIPE, which is blocked, but the... gstrauss
04:29 Lighttpd Bug #3059: Connections stuck in Close_Wait causing 100% cpu usage
It does not look like lighttpd was built with full debugging symbols, or maybe lighttpd has not been deployed with de... gstrauss
04:03 Lighttpd Bug #3059: Connections stuck in Close_Wait causing 100% cpu usage
I attempted to step through using gdb today and generated the following:
https://pastebin.com/niNTr7Ja
I'm unsure i...
mitd

2021-01-20

22:05 Lighttpd Bug #3059: Connections stuck in Close_Wait causing 100% cpu usage
@debug.log-state-handling = "enable"@ will generate *a lot* of noise in the error logs on a busy site, but would also... gstrauss
05:52 Lighttpd Bug #3059: Connections stuck in Close_Wait causing 100% cpu usage
If this is reproducible after a scan, I'd be curious what the request is.... gstrauss
01:03 Lighttpd Bug #3059: Connections stuck in Close_Wait causing 100% cpu usage
That's an interesting @strace@. Thanks.
I don't see anything trying to @read()@ after the event is received and nee...
gstrauss
01:00 Lighttpd Bug #3059: Connections stuck in Close_Wait causing 100% cpu usage
The following patch is a worthwhile improvement, but I do not think it sufficient to address the issue here. This pa... gstrauss
00:52 Lighttpd Bug #3059: Connections stuck in Close_Wait causing 100% cpu usage
Some new info, the connections seem to be coming from one of our security scanners. So this happens each time the ser... mitd
00:00 Lighttpd Bug #3059: Connections stuck in Close_Wait causing 100% cpu usage
Are you able to reproduce this error with any frequency?
The code which reaches @fdevent_is_tcp_half_closed()@ is fa...
gstrauss
17:15 Lighttpd Bug #3058: rare spontaneous segfaults
Both fixes sound reasonable to me.
Thank you for your time.
mgottinger
16:58 Lighttpd Bug #3058 (Fixed): rare spontaneous segfaults
The "rare spontaneous segfault" may have already been fixed in commit commit:8faa456f See #3052
The 100% CPU use w...
gstrauss
06:18 Lighttpd Bug #3060 (Invalid): SSE stream being corrupted
There is nothing wrong with lighttpd. The response is using @chunked@ encoding. @5d@ is the length of the chunk. A... gstrauss
00:08 Lighttpd Bug #3060 (Invalid): SSE stream being corrupted
I’m just starting with lighttpd and have noticed that an SSE (Server-Sent Events) stream that I send via a CGI script... fgasper

2021-01-19

23:38 Lighttpd Bug #3059: Connections stuck in Close_Wait causing 100% cpu usage
... gstrauss
22:54 Lighttpd Bug #3059: Connections stuck in Close_Wait causing 100% cpu usage
I will look and confirm if they are HTTP/1.1 or 2 and try and use pstack/gdb to obtain a stack trace and update this ... mitd
22:37 Lighttpd Bug #3059: Connections stuck in Close_Wait causing 100% cpu usage
That's a fairly straightforward config. Thank you for sharing it.
Do you know if the stuck requests are HTTP/1.1 ...
gstrauss
22:11 Lighttpd Bug #3059: Connections stuck in Close_Wait causing 100% cpu usage
Heres the config:
https://pastebin.com/7vKE72zU
And we don't have traffic limits set in our setup so don't believ...
mitd
21:50 Lighttpd Bug #3059: Connections stuck in Close_Wait causing 100% cpu usage
> Any help to get to the bottom of this bug would be appreciated, let me know what other info you may need.
Sharing ...
gstrauss
21:25 Lighttpd Bug #3059 (New): Connections stuck in Close_Wait causing 100% cpu usage
Hello folks,
I've run into an odd issue with some of the simple web servers we run (they serve some text in index....
mitd
18:59 Lighttpd Bug #3058: rare spontaneous segfaults
See the one-line patch at the tip of lighttpd git master.
I understand that you need to keep parts of your configura...
gstrauss
18:33 Lighttpd Bug #3058: rare spontaneous segfaults
As it turns out I'm using traffic limits on exactly that proxied Apache server.
Where can I find this fix?
Sorry,...
mgottinger
18:10 Lighttpd Bug #3058: rare spontaneous segfaults
lighttpd should not use 100% CPU unless lighttpd is really busy doing productive work or unless you have a custom mod... gstrauss
18:10 Lighttpd Bug #3058: rare spontaneous segfaults
I will try server.feature-flags += ("proxy.force-http10" => "enable") next time and get myself educated on valgrind.
...
mgottinger
18:03 Lighttpd Bug #3058: rare spontaneous segfaults
Locking at the logs once again, I think this segfault only happens with 1.4.58. (Correlating installation/update time... mgottinger
16:36 Lighttpd Bug #3058: rare spontaneous segfaults
Among the changes in lighttpd 1.4.56 are improvements to @mod_proxy@. If your lighttpd instance crashes again, pleas... gstrauss
16:25 Lighttpd Bug #3058: rare spontaneous segfaults
BTW, it is not surprising that lighttpd 1.4.56 crashed for you since #3048 was fixed in lighttpd 1.4.57. When you tr... gstrauss
17:02 Lighttpd Revision 471ab4dd: [core] fix 100% CPU spin if traffic limit hit
(thx Dirk) (reported on FreeBSD)
HTTP/1.1 requests might end up spinning if traffic limits are configured
(connect...
gstrauss
17:01 Lighttpd Revision fcbfc083: [core] check more carefully after SSL_WANT_WRITE
con->is_readable and con->is_writable might be set to -1 by TLS modules
which encounter SSL_WANT_READ or SSL_WANT_WRI...
gstrauss

2021-01-18

21:04 Lighttpd Bug #3058: rare spontaneous segfaults
> Do you want me to list all packages?
Not at this time. I am asking questions that will hopefully lead you in th...
gstrauss
20:51 Lighttpd Bug #3058: rare spontaneous segfaults
What changed: I did install updates, restarted the VM...
Looking at the dependencies (https://archlinux.org/packages...
mgottinger
20:24 Lighttpd Bug #3058: rare spontaneous segfaults
It is SIGSEGV:... mgottinger
19:57 Lighttpd Bug #3058: rare spontaneous segfaults
> I disabled various parts of the configuration - the origin seemed to be Nextcloud.
Which parts? Did you try dis...
gstrauss
19:53 Lighttpd Bug #3058: rare spontaneous segfaults
> Both: it crashes with segfault -> lighttpd-angel restarts the process -> it is almost immediately going 100% for so... gstrauss
19:38 Lighttpd Bug #3058: rare spontaneous segfaults
Both: it crashes with segfault -> lighttpd-angel restarts the process -> it is almost immediately going 100% for some... mgottinger
19:36 Lighttpd Bug #3058: rare spontaneous segfaults
Unfortunately not, that was one of my first guesses, but I did and do not see any specific request.
I have set deb...
mgottinger
19:20 Lighttpd Bug #3058: rare spontaneous segfaults
mgottinger: you titled this post "rare spontaneous segfaults". Are you seeing lighttpd crash? Or are you seeing lig... gstrauss
18:46 Lighttpd Bug #3058: rare spontaneous segfaults
> Can I do anything to get more information, when this happens?
Do you know if any specific type of request trigge...
gstrauss
18:23 Lighttpd Bug #3058 (Fixed): rare spontaneous segfaults
It happened first a week ago with version 1.4.57 (Arch Linux) installed, compiled with support for brotli (Arch Linux... mgottinger

2021-01-17

21:17 Lighttpd Revision b757e738: [mod_gnutls] fix alt code for coverity
gstrauss
20:50 Lighttpd Revision 915b4ef3: [multiple] fix TLS config string parsing
flagged by coverity
(incomplete fix a few commits back)
gstrauss
20:37 Lighttpd Bug #3056: OCSP Stapling reload seems not to work
Yes I have listed the certificates multiple times, one for IPv4 und one for IPv6.
I have changed that (global loadin...
flynn
19:00 Lighttpd Bug #3056: OCSP Stapling reload seems not to work
> One question: every 64sec I expect one log message per certificate, but I get 5 log messages for two certificates (... gstrauss
16:11 Lighttpd Bug #3056: OCSP Stapling reload seems not to work
One question: every 64sec I expect one log message per certificate, but I get 5 log messages for two certificates (3 ... flynn
15:56 Lighttpd Bug #3056: OCSP Stapling reload seems not to work
After an update of the @ssl.stapling-file@ by the cron-job @pc->ssl_stapling_nextts@ has been updated too. The OCSP-r... flynn
20:06 Lighttpd Revision 9d8d559e: [mod_wolfssl] fix syntax errors
gstrauss
19:52 Lighttpd Revision 755f895b: [mod_wolfssl] wipe ssl_pemfile_pkey before free()
gstrauss
19:45 Lighttpd Revision a1648826: [mod_gnutls] fix ssl.ca_dn_file data access
identified by coverity
If ssl.ca_dn_file is set, then its contents were not properly matched
against the provided cl...
gstrauss
19:33 Lighttpd Revision d5b166c0: [multiple] fix TLS config string parsing
flagged by coverity
final segment of colon (':') separated string was being ignored
in some TLS config strings in mo...
gstrauss
19:32 Lighttpd Revision 0e2a1492: [multiple] fix coverity warnings
gstrauss
13:33 Lighttpd Revision 5b0aed8c: [mod_deflate] compat with zstd < v1.4.0
ZSTD_compressStream2() was an "advanced API" (experimental; unstable)
in v1.3.x
gstrauss
13:32 Lighttpd Revision f8792bfb: [mod_deflate] use zstd typedefs (minor cleanup)
gstrauss
04:07 Lighttpd Revision 625d57b2: build] scripts/ci-build.sh remove --with-maxminddb
remove --with-maxminddb;
maxminddb libs not currently part of our FreeBSD build images
gstrauss
03:52 Lighttpd Revision 02c83d73: [build] scripts/ci-build.sh add --with-maxminddb
gstrauss
03:33 Lighttpd Revision 62a874df: [mod_alias] modify r->physical.path in place
(reduce string copying)
split out func mod_alias_remap() from handler func for unit testing
gstrauss
01:11 Lighttpd Revision 43cc87dd: [build] adjust crypto vars in src/CMakeLists.txt
gstrauss
01:11 Lighttpd Revision 073f57e5: [core] avoid multiple definition of SHA512_CTX
avoid multiple definition of SHA512_CTX when using Nettle gstrauss
 

Also available in: Atom