I have nginx 0.5.35 on centos 5.1 with openssl 0.9.8b.
some of the error are similar to previous post regarding download on
ssl.
2008/01/29 13:23:33 [crit] 21470#0: *35748 SSL_write() failed (SSL:
error:1409F07F:SSL routines:SSL3_WRITE_PENDING:bad write retry) while
sending
to client, client: 172.23.75.21, server: agile.seating-intier.com,
request: “POST /Filemgr/VueServlet?172.23.65.132:5099 HTTP/1.1”,
upstream:
“http://172.23.65.131:8080/Filemgr/VueServlet?172.23.65.132:5099”,
host: “agile.seating-intier.com”
2008/01/29 13:24:35 [crit] 21461#0: *36006 SSL_write() failed (SSL:
error:1409F07F:SSL routines:SSL3_WRITE_PENDING:bad write retry) while
sending
to client, client: 172.23.75.21, server: agile.seating-intier.com,
request: “POST /Filemgr/VueServlet?172.23.65.132:5099 HTTP/1.1”,
upstream:
“http://172.23.65.131:8080/Filemgr/VueServlet?172.23.65.132:5099”,
host: “agile.seating-intier.com”
2008/01/29 13:50:37 [crit] 21466#0: *38294 SSL_do_handshake() failed
(SSL:
error:140943E8:SSL routines:SSL3_READ_BYTES:reason(1000)) while reading
client
request line, client: 172.23.75.135, server: agile.seating-intier.com
2008/01/29 13:50:37 [crit] 21466#0: *38295 SSL_do_handshake() failed
(SSL:
error:140943E8:SSL routines:SSL3_READ_BYTES:reason(1000)) while reading
client
request line, client: 172.23.75.135, server: agile.seating-intier.com
output from nginx -V
nginx -V
nginx version: nginx/0.5.35
built by gcc 4.1.2 20070626 (Red Hat 4.1.2-14)
configure arguments: --user=nginx --group=nginx
–prefix=/usr/share/nginx –
sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-
path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log
–http-
client-body-temp-path=/var/lib/nginx/tmp/client_body --http-proxy-temp-
path=/var/lib/nginx/tmp/proxy --http-fastcgi-temp-
path=/var/lib/nginx/tmp/fastcgi --pid-path=/var/run/nginx.pid --lock-
path=/var/lock/subsys/nginx --with-http_ssl_module
–with-http_realip_module –
with-http_addition_module --with-http_sub_module --with-http_dav_module
–with-
http_flv_module --with-http_stub_status_module --with-http_perl_module
–with-
mail --with-mail_ssl_module --with-cc-opt=-O2 -g -pipe -Wall -Wp,-
D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector
–param=ssp-buffer-size=4 -
m32 -march=i386 -mtune=generic -fasynchronous-unwind-tables
On Tue, Jan 29, 2008 at 07:14:51PM +0000, Tho Nguyen wrote:
2008/01/29 13:24:35 [crit] 21461#0: *36006 SSL_write() failed (SSL:
request line, client: 172.23.75.135, server: agile.seating-intier.com
path=/var/lib/nginx/tmp/fastcgi --pid-path=/var/run/nginx.pid --lock-
path=/var/lock/subsys/nginx --with-http_ssl_module --with-http_realip_module –
with-http_addition_module --with-http_sub_module --with-http_dav_module --with-
http_flv_module --with-http_stub_status_module --with-http_perl_module --with-
mail --with-mail_ssl_module --with-cc-opt=-O2 -g -pipe -Wall -Wp,-
D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -
m32 -march=i386 -mtune=generic -fasynchronous-unwind-tables
Try the attached patch.
On Tue, Jan 29, 2008 at 07:14:51PM +0000, Tho Nguyen wrote:
I have nginx 0.5.35 on centos 5.1 with openssl 0.9.8b.
Is this a custom build of nginx 0.5.35 or one from the yum EPEL testing
repository?
If it is a custom build of nginx, try this one from the EPEL repository
and see if it works for you.
http://download.fedora.redhat.com/pub/epel/testing/5/x86_64/nginx-0.5.35-1.el5.x86_64.rpm
enjoy,
-jeremy
Jeremy H. <jeremy@…> writes:
http://download.fedora.redhat.com/pub/epel/testing/5/x86_64/nginx-0.5.35-
1.el5.x86_64.rpm
enjoy,
-jeremy
the rpm is nginx-0.5.34-1.el5.src.rpm. I updated it with 0.5.35 source.
The
rest of the files in the src rpm looks the same.
Igor S. <is@…> writes:
Try the attached patch.
I have applied the patch. Will tried to have it test on thursday.
Tho Nguyen <tho.nguyen@…> writes:
Igor S. <is@…> writes:
Try the attached patch.
I have applied the patch. Will tried to have it test on thursday.
I can put the server back into production to see but with my limited
testing,
the patch seems to resolved the issue.
Thanks
The patch seems to have resolved the SSL3_WRITE_PENDING:bad write retry
error.
The SSL3_READ_BYTES:reason(1000) error is still there.
2008/02/04 15:12:23 [crit] 11762#0: *22267 SSL_do_handshake() failed
(SSL:
error:140943E8:SSL routines:SSL3_READ_BYTES:reason(1000)) while reading
client
request line, client: 172.23.75.21, server: agile.seating-intier.com
2008/02/04 15:12:23 [crit] 11762#0: *22268 SSL_do_handshake() failed
(SSL:
error:140943E8:SSL routines:SSL3_READ_BYTES:reason(1000)) while reading
client
request line, client: 172.23.75.21, server: agile.seating-intier.com
2008/02/04 15:12:23 [crit] 11762#0: *22271 SSL_do_handshake() failed
(SSL:
error:140943E8:SSL routines:SSL3_READ_BYTES:reason(1000)) while reading
client
request line, client: 172.23.75.21, server: agile.seating-intier.com
2008/02/04 15:12:23 [crit] 11762#0: *22272 SSL_do_handshake() failed
(SSL:
error:140943E8:SSL routines:SSL3_READ_BYTES:reason(1000)) while reading
client
request line, client: 172.23.75.21, server: agile.seating-intier.com
On Mon, Feb 04, 2008 at 08:20:12PM +0000, Tho Nguyen wrote:
The patch seems to have resolved the SSL3_WRITE_PENDING:bad write retry error.
OK.
request line, client: 172.23.75.21, server: agile.seating-intier.com
2008/02/04 15:12:23 [crit] 11762#0: *22272 SSL_do_handshake() failed (SSL:
error:140943E8:SSL routines:SSL3_READ_BYTES:reason(1000)) while reading client
request line, client: 172.23.75.21, server: agile.seating-intier.com
“reason(1000)” means that peer has sent a “close notify” alert while SSL
handshake. In next 0.6.x version I will decrease this and some other
handshake errors at info level.