34039 – SSLSessionCache dbm:[...] crashes Apache

Bug 34039 - SSLSessionCache dbm:[...] crashes Apache

Summary: SSLSessionCache dbm:[...] crashes Apache

Status:	RESOLVED DUPLICATE of bug 25667

Alias:	None

Product:	Apache httpd-2
Classification:	Unclassified
Component:	mod_ssl (show other bugs)
Version:	2.0.52
Hardware:	Sun Solaris

Importance:	P3 blocker (vote)
Target Milestone:	---
Assignee:	Apache HTTPD Bugs Mailing List

URL:
Keywords:

Depends on:
Blocks:

Reported:	2005-03-16 17:55 UTC by Markus Wernig
Modified:	2005-10-25 04:36 UTC (History)
CC List:	0 users

Attachments
httpd config file (main + vhost 2.0.52) The calls we see when the file explodes are to /some/WLSservice (see bottom of file) (6.68 KB, text/plain) 2005-03-22 18:05 UTC, Markus Wernig	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Markus Wernig 2005-03-16 17:55:28 UTC

Apache 1.3.33 with mod_ssl
Apache 2.0.52 --with-ssl

Symptom: The dbm file that is configured with the SSLSessionCache directive
suddenly starts to grow exponentially and finally reaches up to 900 MB.
At this state the parent process is still accepting new https/SSL requests and
forks off children for each new one. But the SSL handshake never happens, and
the children just keep hanging there, doing nothing. Finally the MAX_CLIENT
limit is reached, and the server is dead for all practical purposes.

We see this at different occasions, with all Apache versions.
Case 1: We see a load peak (~8 SSL requests per second) over a period of about 1
hour, then the load decreases. About one hour after the peak when the load
reaches about 5 requests/sec the file explodes and the server hangs.
Case 2: Same as above, but time difference is about 2 hours.
Case 3: A sudden surge of SSL requests (avg. ~0.6 requests/sec) to an otherwise
idle server causes the same effect, the SessionCache file exploding (from ~100K
during the day to finally 860 MB). Below is an example file size history, with
snapshots being taken every minute. In this case there were two ssl request
"waves", one from 22:02 to 22:06, the other one from 22:44 to ?? (server crashed
at ~22:49) 

--- BEGIN HISTORY ---
22:02:38 110592         
22:03:38 1451008         
22:04:38 1451008         
22:05:38 1451008         
22:06:38 1451008                 
...        
22:43:38 1451008         
22:44:38 1451008         
22:45:38 54164480         
22:46:38 54164480         
22:47:38 77381632         
22:48:38 861713408

-- END HISTORY ---

regards /markus

Comment 1 Markus Wernig 2005-03-17 04:24:37 UTC

Annotation:
There is one difference between the setups of the two versions here:
Apache 1.3.33 does BasicAuth, while Apache 2.0.52 does Client certificate
validation.
We've just finished testing against 1.3.33, and when turning off the BasicAuth,
the problem does not occur, not even under high load (500 parallel sessions).

/m

Comment 2 Joe Orton 2005-03-19 20:19:08 UTC

Please give the configuration for the SSL vhost.

Comment 3 Markus Wernig 2005-03-22 18:05:41 UTC

Created attachment 14539 [details]
httpd config file (main + vhost 2.0.52)
The calls we see when the file explodes are to /some/WLSservice (see bottom of file)

I've sanitized the file some and removed config details for a second vhost on
the same box that runs on port 443. The vhost that keeps crashing (and for
which we see the described behaviour in relation to the requests) runs on port
444.

Comment 4 Joe Orton 2005-10-25 12:36:08 UTC

This is probably the same as 25667.  Use shmcb not dbm.

*** This bug has been marked as a duplicate of 25667 ***