Hi,
Looking for help with a high number of md5 collisions with proxy
caching.
It’s my understanding that we shouldn’t be getting any, but we seem to
be
getting quite a few.
checking for system md library … not found
checking for system md5 library … not found
checking for OpenSSL md5 crypto library … found
checking for zlib library … found
creating objs/Makefile
Configuration summary
using PCRE library: …/pcre-8.31
OpenSSL library is not used
md5: using system crypto library
sha1 library is not used
using system zlib library
We are using the default cace key, though I’ve tried a few variations.
We
are doing one “weird” thing…The upstream server might re-request a
slightly modified version from Nginx in the hopes that this modified
version
is in the cache. If it isn’t, this modified request goes back to the
upstream, which then returns a file (which then goes back to the
upstream to
fulfill the original request). At most, this is 2 loops… NGINX →
Upstream → NGINX → Upstream but the URLs wil be different between
the
first set and the second one. Not sure that this is a problem, but since
it’s the only odd thing, I figured I’d mention it.
On Thu, Sep 13, 2012 at 07:07:09AM -0400, karlseguin wrote:
Hi,
Looking for help with a high number of md5 collisions with proxy caching.
It’s my understanding that we shouldn’t be getting any, but we seem to be
getting quite a few.
What makes you think that there are md5 collisions? Do you see
nginx complaining in error log?
-V
nginx version: nginx/1.2.3
built by gcc 4.6.3 (Ubuntu/Linaro 4.6.3-1ubuntu5)
So nginx is using system crypto library (aka OpenSSL’s crypto
library) and it seems to do wrong thing. Could you please try to
force nginx’s own md5 implementation with
./configure --with-cc-opt=“-DNGX_HAVE_MD5=0” …
to see if it helps?
You may also want to produce debug log, see Debugging | NGINX for details.
On Thu, Sep 13, 2012 at 11:21:27AM -0400, karlseguin wrote:
Getting OpenSSL to handle md5 didn’t change anything
As copilation long as
(wasn’t able to get it
to compile with your specific flag, but I figured this was what you had
intended?)
With the flag in question (–with-cc-opt=“-DNGX_HAVE_MD5=0”) nginx
should compile with internal md5 implementation. If it doesn’t -
you may want to provide more details.
Do you see the same problem if you re-request the resource in
question?
If yes - what’s in the cache file? Intresting part is first bytes
and the KEY string. Note that first bytes are binary, please use
hd/xxd to show them.
If no - how the cache was populated? Note that cache files aren’t
portable and you can’t move the cache from one host to another.
Please try removing the cache file in question (move it away or
just delete) and re-request it twice (once to cache the response,
and once to see the error) to see if problem persists. Please
also make sure you are able to reproduce the problem without any
3rd party modules/patches (and preferably with latest nginx
1.3.6).
If the problem persists, please follow Debugging | NGINX and provide minimal full config
you are able to reproduce the probem with, and full debug log
(since file removal).
Getting OpenSSL to handle md5 didn’t change anything (wasn’t able to get
it
to compile with your specific flag, but I figured this was what you had
intended?)