Nginx-0.7.46

On Wed, Apr 01, 2009 at 12:50:53AM -0700, Michael S. wrote:

Doesn’t look like it. Looks like it comes paired with openssl, or
beecrypt, or teamed up with the package requiring it (at least from my
scans of the apt cache)

Thank you, beecrypt looks intresting, although its interface is
different
from OpenSSL/libmd’s one.

2009/4/1 Igor S. [email protected]:

Thank you, beecrypt looks intresting, although its interface is different
from OpenSSL/libmd’s one.

I don’t know if it would be a good thing for nginx to require
something additional like it.

I’d rather see it leverage the standard openssl :slight_smile:

BTW, did you take a look at my SSL error? I cannot determine what the
problem is. The only idea that I seem to have at the moment is during
peak usage periods, the issue comes up.

I get this:

2009/03/26 01:11:00 [info] 6523#0: *665 SSL_do_handshake() failed
(SSL: error:140943FC SL routines SL3_READ_BYTES slv3 alert bad record
mac) while SSL handshaking, client: 22.11.8.27, server:
bugzilla.foo.org
2009/03/26 01:11:00 [debug] 6523#0: *664 SSL handshake handler: 0
2009/03/26 01:11:00 [debug] 6523#0: *664 SSL_do_handshake: -1
2009/03/26 01:11:00 [info] 6523#0: *664 peer closed connection in SSL
handshake (104: Connection reset by peer) while SSL handshaking,
client: 22.11.8.27, server: bugzilla.foo.org

I can’t find any workarounds on the net, it seems to be only with
Firefox 3.x.

Is there a tuneable or anything that would increase SSL performance or
available resources (the server is not highly utilized which is what
is weird…) that nginx can do, or could this be an openssl bug? It
seems like I found in nginx you recently had added those return values
of the “bad record mac” to the code, but I don’t know -why- that is
happening, and only during specific periods of time, which is why I
think it is load related…

I’ve already done the ssl_protocols SSLv3 TLSv1; and that’s fixed my
other servers and even other sites on the same server. It’s this one
specific site and I’ve regenerated the SSL cert/etc…

It does proxy to apache, that’s the only difference…

    server {
            listen 1.2.3.4:443;
            server_name bugzilla.foo.org;
            ssl on;
            ssl_certificate /etc/nginx/certs/bugzilla.foo.org.pem;
            ssl_certificate_key 

/etc/nginx/certs/bugzilla.foo.org.key;
ssl_protocols SSLv3 TLSv1;
location / {
proxy_pass http://127.0.0.1:81/;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_pass_header Expires;
proxy_pass_header Server;
proxy_buffering off;
}
}

Any help is appreciated.

On Wed, Apr 01, 2009 at 04:16:20PM +0200, Otto Bretz wrote:

š š š š š š š š from src/core/nginx.c:7:
from src/core/nginx.c:7:
/usr/include/sys/ucred.h:46: error: `NGROUPS’ undeclared here (not in
a function)

What does configure show ?

2009/4/1 Igor S. [email protected]:

What does configure show ?

http://pastebin.com/m3ef8c583

/Otto

On Mon, Mar 30, 2009 at 1:43 PM, Maxim D. [email protected]
wrote:

/usr/include/sys/ucred.h:71: error: `NGROUPS’ undeclared here (not
in a function)

Same problem here on OpenBSD trying to compile 0.7.47
cc -c -O2 -pipe -I src/core -I src/event -I src/event/modules -I
src/os/unix -I /usr/local/include -I objs -o objs/src/core/nginx.o
src/core/nginx.c
In file included from /usr/include/sys/mount.h:40,
from src/os/unix/ngx_posix_config.h:48,
from src/core/ngx_config.h:41,
from src/core/nginx.c:7:
/usr/include/sys/ucred.h:46: error: `NGROUPS’ undeclared here (not in
a function)

/Otto

2009/4/1 Igor S. [email protected]:

Try the attached patch.

It works fine now.

Thanks!

On Wed, Apr 01, 2009 at 05:12:32PM +0200, Otto Bretz wrote:

2009/4/1 Igor S. [email protected]:

What does configure show ?

http://pastebin.com/m3ef8c583

Try the attached patch.