[Bug 196059] New: www/nginx: nginx worker crashes with HTTPS request using TLS => 1.0

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Wed Dec 17 11:05:34 UTC 2014 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=196059

            Bug ID: 196059
           Summary: www/nginx: nginx worker crashes with HTTPS request
                    using TLS => 1.0
           Product: Ports Tree
           Version: Latest
          Hardware: amd64
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: osa at FreeBSD.org
          Reporter: marek at mky.waw.pl
             Flags: maintainer-feedback?(osa at FreeBSD.org)
          Assignee: osa at FreeBSD.org

Overview:
I am using nginx 1.6.2 with php-fpm 5.3.35 and enabled HTTPS. All installed on
FreeBSD 10.1 / amd64. When I try to access the site using TLS1.0 or greater,
the server worker crashes.

Steps to Reproduce:
I reproduced this bug successfully on the Virtual Machine. Here is the steps:
- install FreeBSD (tested on 10.0 and 10.1)
- install packages: nginx php5 curl
- configure nginx to work with php-fpm (I used this tutorial:
http://wiki.nginx.org/PHPFcgiExample)
- create any .php page, I used simple index.php with phpinfo():

<?php
phpinfo();
?>

- create self signed or get CA signed certificate (no matter for this)
- launch the HTTPS enabled site
- test with curl (see below)

Actual Results:
I tested this site using curl with several SSL parameters:

1. curl -k --sslv3 https://testpage.server.domain/
Result: 
- curl showed generated page from phpinfo()

2. curl -k --tlsv1.0 https://testpage.server.domain/
Result: 
- curl: (52) Empty reply from server
- dmesg: pid 59695 (nginx), uid 80: exited on signal 11

3. curl -k --tlsv1.1 https://testpage.server.domain/
Result:
- same as above

4. curl -k --tlsv1.2 https://testpage.server.domain/
Result:
- same as above

Expected Results:
Any test mentioned above should not crash the nginx.

Build Date & Hardware:
FreeBSD 10.1-RELEASE #0 r274401: Tue Nov 11 21:02:49 UTC 2014    
root at releng1.nyi.freebsd.org:/usr/obj/usr/src/sys/GENERIC  amd64
All packages from latest pkg repository:
curl-7.39.0_1                  Non-interactive tool to get files from FTP,
GOPHER, HTTP(S) servers
nginx-1.6.2_1,2                Robust and small WWW server
php5-5.4.35                    PHP Scripting Language

Additional Builds and Platforms:
Virtual Machine on Microsoft Hyper-V. Same FreeBSD and the packages.

Additional Information:
1. I was unable to get core, after nginx crashes. I tried to incerase
worker_limit_core in nginx.conf to 20480M but with no success:

worker_rlimit_core  20480M;
working_directory   /var/crash/;

# fstat /var/crash
USER     CMD          PID   FD MOUNT      INUM MODE         SZ|DV R/W NAME
www      nginx      96008   wd /var/crash      4 drwxrwxrwx       2  r 
/var/crash

After nginx worker crashes, there is no core in /var/crash

2. There is no access log or error log when nginx worker crashes.

3. The server works correctly with static html content (all the tests mentioned
above have passed).

--- Comment #1 from Bugzilla Automation <bugzilla at FreeBSD.org> ---
Auto-assigned to maintainer osa at FreeBSD.org

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-ports-bugs mailing list