SSL Problems with 0.7

I put up a gentoo box this weekend, and I installed nginx 0.7.7 on it.
I put a php backend on via fastcgi. No matter what I did,
Firefox+HTTPS didn’t work properly. I used Firefox 3.0.x from Mac and
Linux. Webkit/Safari worked almost 100%. (I had one problem, which
may have been an aberration.) I tried many things, and always I
could get one or two pages to successfully to load, then the next time
I clicked the page would never complete loading.

php-5.6.2
roundcube - 0.1 and 0.2alpha
openssl 0.9.8g
nginx 0.7.7, 0.7.8
Godaddy signed chained certificates

No startup errors were found in either PHP or Nginx.

If I killed php-cgi, and restarted, there would be no effect.

If I restarted NGINX, then the browser load would (of course) stop.
Often times the page would be incomplete.

I enabled http:// for the site, and it worked fine. I tried a variety
of options for 0.7, and was unable to succeed.

ssl on; ssl_certificate /etc/ssl/cert.bundle.pem; ssl_certificate_key /etc/ssl/private/sslcertificate.key; keepalive_timeout 70; ssl_session_cache shared:SABIO:10m; ssl_session_timeout 30m; ssl_protocols SSLv3; ssl_ciphers ALL:!CAMELLIA;

I tried a variety of settings, but ultimately nothing worked until I
downgraded to nginx-0.6.32. Now, with the exact same config
everything is working.

Sincerely,
Joshua

Gentoo USE Flags for NGINX:
fastcgi flv imap pcre ssl webdav zlib -addition -debug -perl -status
-sub

Joshua Schmidlkofer wrote:

I put up a gentoo box this weekend, and I installed nginx 0.7.7 on it.
I put a php backend on via fastcgi. No matter what I did,
Firefox+HTTPS didn’t work properly. […]

I’m experiencing the same problem with phpMyAdmin 2.11.8.1, Firefox 3,
nginx 0.7.[78] and SSL. The problem does not occur with Konqueror 3.5.
And it previously worked fine with nginx 0.7.6 and Firefox 3. So the bug
must have been introduced in nginx 0.7.7.

I do not see any error messages in the logs either. Firefox just tries
to load the page “forever” without displaying anything.

Godaddy signed chained certificates
My SSL-certificate is self-signed, so this does not seem to be the
cause.

The only ssl options I have set in nginx.conf are:

ssl on;
ssl_certificate /path/to/cert.cert;
ssl_certificate_key /path/to/cert.key;

Kind regards
Steffen W.

Dear both,

On Don 07.08.2008 13:46, Steffen W. wrote:

Joshua Schmidlkofer wrote:

I put up a gentoo box this weekend, and I installed nginx 0.7.7 on
it. I put a php backend on via fastcgi. No matter what I did,
Firefox+HTTPS didn’t work properly. […]

I’m experiencing the same problem with phpMyAdmin 2.11.8.1, Firefox 3,
nginx 0.7.[78] and SSL. The problem does not occur with Konqueror
3.5. And it previously worked fine with nginx 0.7.6 and Firefox 3. So
the bug must have been introduced in nginx 0.7.7.

Please can you provide us with a debug log?

BR

Aleks

What do I do to produce a debug log?link? I will google when I get
to my desk.

Sent from my iPhone

Aleksandar L. wrote:

Please can you provide us with a debug log?

I have uploaded one here: http://steffenweber.net/files/nginx-debug.log

The server that I have used to generate the debug log runs PHP 5.3.0
Alpha 1, but on our production server the same problem occurs with PHP
5.2.6.

After about one minute Firefox finally displays the page. At this point
some timeout event occurs in nginx:

2008/08/07 17:27:18 [info] 7791#0: *106 client timed out (110:
Connection timed out) while reading client request line

Hope that helps.

Kind regards
Steffen W.

On Don 07.08.2008 19:05, Steffen W. wrote:

point some timeout event occurs in nginx:

2008/08/07 17:27:18 [info] 7791#0: *106 client timed out (110:
Connection timed out) while reading client request line

Hope that helps.

Many thanks.

I don’t see the bug, I hope Igor can help here more.

BR

Aleks

Joshua Schmidlkofer wrote:

What do I do to produce a debug log?

I have compiled nginx using “–with-debug” and then set the error_log
directive in nginx.conf to “debug”.

Kind regards
Steffen

  if (n == 1) {

FYI, Looks like that was the patch from thread “IMAP/SSL issue” on Jul
29.

On Thu, Aug 07, 2008 at 03:50:21PM -0400, jeff emminger wrote:

  if (n == 1) {

FYI, Looks like that was the patch from thread “IMAP/SSL issue” on Jul 29.

Yes, lines can be removed for HTTPS case to see whether they are the
cause
of problem.

Igor S. wrote:

08:12:30.000000000 +0200
Due the fact that I’am not so deep in the development, I don’t know what
happen when you remove tis :wink:

FYI, Looks like that was the patch from thread “IMAP/SSL issue” on Jul 29.

Yes, lines can be removed for HTTPS case to see whether they are the cause
of problem.

After removing the two lines, the problem is gone on both servers!

Steffen

On Don 07.08.2008 21:20, Aleksandar L. wrote:

After about one minute Firefox finally displays the page. At this
point some timeout event occurs in nginx:

2008/08/07 17:27:18 [info] 7791#0: *106 client timed out (110:
Connection timed out) while reading client request line

Hope that helps.

Many thanks.

I don’t see the bug, I hope Igor can help here more.

Wait there was a change in src/event/ngx_event_openssl.c

diff -ru nginx-0.7.6/src/event/ngx_event_openssl.c
nginx-0.7.7/src/event/ngx_event_openssl.c
— nginx-0.7.6/src/event/ngx_event_openssl.c 2008-06-20
16:42:54.000000000 +0200
+++ nginx-0.7.7/src/event/ngx_event_openssl.c 2008-07-30
08:12:30.000000000 +0200
@@ -505,6 +505,9 @@

  if (n == 1) {
  •    c->read->ready = 0;
    
  •    c->write->ready = 1;
    
  •     if (ngx_handle_read_event(c->read, 0) == NGX_ERROR) {
            return NGX_ERROR;
        }
    

Due the fact that I’am not so deep in the development, I don’t know what
happen when you remove tis :wink:

Cheers

Aleks

Igor S. wrote:

— nginx-0.7.6/src/event/ngx_event_openssl.c 2008-06-20
}
OK, the attached patch should fix the bug.
Confirmed, thanks! :slight_smile:

Steffen

On Fri, Aug 08, 2008 at 12:57:29PM +0200, Steffen W. wrote:

+++ nginx-0.7.7/src/event/ngx_event_openssl.c 2008-07-30

Due the fact that I’am not so deep in the development, I don’t know what
happen when you remove tis :wink:

FYI, Looks like that was the patch from thread “IMAP/SSL issue” on Jul 29.

Yes, lines can be removed for HTTPS case to see whether they are the cause
of problem.

After removing the two lines, the problem is gone on both servers!

OK, the attached patch should fix the bug.

On Fri, Aug 8, 2008 at 11:02 PM, Steffen W.
[email protected]wrote:

of problem.

After removing the two lines, the problem is gone on both servers!

OK, the attached patch should fix the bug.

Confirmed, thanks! :slight_smile:

It can be an OpenSSL issue as well, see
http://www.opensourcery.co.za/2008/07/02/firefox-3-and-the-apparent-random-ssl-errors/

I sorted it out with this:

echo '=dev-libs/openssl-0.9.8h-r1′ >> /etc/portage/package.unmask

emerge -av openssl

Best

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs