On Wed, Jan 03, 2018 at 06:41:01PM +0100, William Lallemand wrote:
> I'm able to reproduce the problem thanks to your detailed example, it looks
> like a regression in the code.
>
> I will check the code to see what's going on.
I found the issue, would you mind trying the attached patch?
Thanks.
--
William Lallemand
>From da786103ff39a0bed8efbde1208cccc08b2ee2ec Mon Sep 17 00:00:00 2001
From: William Lallemand <wlallem...@haproxy.com>
Date: Wed, 3 Jan 2018 19:15:51 +0100
Subject: [PATCH] BUG/MEDIUM: ssl: cache doesn't release shctx blocks
Since the rework of the shctx with the hot list system, the ssl cache
was putting session inside the hot list, without removing them.
Once all block were used, they were all locked in the hot list, which
was forbiding to reuse them for new sessions.
Bug introduced by 4f45bb9 ("MEDIUM: shctx: separate ssl and shctx")
Thanks to Jeffrey J. Persch for reporting this bug.
Must be backported to 1.8.
---
src/ssl_sock.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index f9d5f2567..322b05409 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -3849,8 +3849,12 @@ static int sh_ssl_sess_store(unsigned char *s_id, unsigned char *data, int data_
first->len = sizeof(struct sh_ssl_sess_hdr);
}
- if (shctx_row_data_append(ssl_shctx, first, data, data_len) < 0)
+ if (shctx_row_data_append(ssl_shctx, first, data, data_len) < 0) {
+ shctx_row_dec_hot(ssl_shctx, first);
return 0;
+ }
+
+ shctx_row_dec_hot(ssl_shctx, first);
return 1;
}
--
2.13.6
