On Wed, 2015-07-15 at 23:38 +0930, Jack Burton wrote:
> Sorry, I don't have any hosts running -current at the moment, but I've
> written a trivial patch against 5.7-stable to treat that particular
> failure mode in the same way as was already being done for EV_TIMEOUTs.
> That fixes the issue for us here (been in place on one production host
> with a modest [2req/sec avg] load for 4 hours with no obvious
> regressions and no stale sockets -- previously we were getting at least
> several stale sockets appearing every hour). The good folks on misc@
> suggested I should post my patch to tech@, so here it is:
Hmm, that's a bit painful to read -- it seems my mail client collapsed
all the tabs into single spaces. I'll try again with tabs expanded:
--- usr.sbin/httpd/server.c.orig Wed Jul 15 20:40:16 2015
+++ usr.sbin/httpd/server.c Wed Jul 15 20:50:15 2015
@@ -932,6 +932,7 @@ server_accept_tls(int fd, short event, void *arg)
struct client *clt = (struct client *)arg;
struct server *srv = (struct server *)clt->clt_srv;
int ret;
+ char *errmsg;
if (event == EV_TIMEOUT) {
server_close(clt, "TLS accept timeout");
@@ -952,8 +953,13 @@ server_accept_tls(int fd, short event, void *arg)
server_accept_tls, &clt->clt_tv_start,
&srv->srv_conf.timeout, clt);
} else if (ret != 0) {
- log_warnx("%s: TLS accept failed - %s", __func__,
- tls_error(srv->srv_tls_ctx));
+ if (asprintf(&errmsg, "%s: TLS accept failed - %s",
+ __func__, tls_error(srv->srv_tls_ctx)) < 0) {
+ server_close(clt, "server_accept_tls: TLS accept
failed");
+ } else {
+ server_close(clt, errmsg);
+ free(errmsg);
+ }
return;
}
