Hey,
in case of fully populated SSL session cache with no memory left for
new allocations, ngx_ssl_new_session() will try to expire the oldest
non-expired session and retry, but only in case when slab allocation
fails for "cached_sess", not when slab allocation fails for either
"sess_id" or "id", which can happen for number of reasons and results
in new session not being cached.
Attached patch fixes this by adding retry logic to "sess_id" & "id" allocations.
Best regards,
Piotr Sikora
diff -r 1c472e3b8c10 src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c Thu Feb 21 23:31:57 2013 +0000
+++ b/src/event/ngx_event_openssl.c Fri Feb 22 13:14:32 2013 -0800
@@ -1842,8 +1842,18 @@
}
sess_id = ngx_slab_alloc_locked(shpool, sizeof(ngx_ssl_sess_id_t));
+
if (sess_id == NULL) {
- goto failed;
+
+ /* drop the oldest non-expired session and try once more */
+
+ ngx_ssl_expire_sessions(cache, shpool, 0);
+
+ sess_id = ngx_slab_alloc_locked(shpool, sizeof(ngx_ssl_sess_id_t));
+
+ if (sess_id == NULL) {
+ goto failed;
+ }
}
#if (NGX_PTR_SIZE == 8)
@@ -1853,8 +1863,18 @@
#else
id = ngx_slab_alloc_locked(shpool, sess->session_id_length);
+
if (id == NULL) {
- goto failed;
+
+ /* drop the oldest non-expired session and try once more */
+
+ ngx_ssl_expire_sessions(cache, shpool, 0);
+
+ id = ngx_slab_alloc_locked(shpool, sess->session_id_length);
+
+ if (id == NULL) {
+ goto failed;
+ }
}
#endif
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
