Bug 784928
Summary: | httpd (and php-ldap) fail to create new outgoing TLS sessions | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | George Shammas <gs1445> | ||||
Component: | openldap | Assignee: | Jan Synacek <jsynacek> | ||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | BaseOS QE Security Team <qe-baseos-security> | ||||
Severity: | high | Docs Contact: | |||||
Priority: | high | ||||||
Version: | 6.2 | CC: | brian.keffer, ddumas, jsynacek, kdudka, ngupta, prc | ||||
Target Milestone: | rc | Keywords: | Regression | ||||
Target Release: | --- | ||||||
Hardware: | x86_64 | ||||||
OS: | All | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2013-03-20 18:48:17 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | |||||||
Bug Blocks: | 782183, 836160, 840699 | ||||||
Attachments: |
|
Description
George Shammas
2012-01-26 16:59:03 UTC
Rich Graves mailing list thread, which linked to, gave me two more testing ideas, both with interesting results. 1. I adjusted the MaxRequestsPerChild from the default of 4000 to 200 and waited for the problem to occur. Then I stressed the server to see if when a new thread spawned it would take the problem with it. And it did. After about 10 seconds, all the old apache threads died and respawned and everything even at 400 requests a second no more threads would error.If I waited for the problem again (without restarted httpd) and the same result happened. Once a thread reached its maxed requests and respawned, the problem goes away. This leads me to believe that its a time based problem. 2. If I further lower MaxRequestsPerChild from 200 to 10. The problem is not noticeable. Threads respawn too quickly to get diseased by it. However the side effect of this is that the server's max requests per second dropped from 400 to 50. So not an ideal solution. Given the indication this is a regression since 6.0, and the error message: "" error: could not initialize moznss security context - error -5925:The one-time function was previously called and failed. Its error code is no longer available "" I'd presume this is a problem with the switch to Mozilla NSS in openldap; re-assigning accordingly. Can you provide a minimal repro case? Created attachment 558850 [details] php ldap test I have not been able to reproduce it outside of Apache with mod_php. Even apache with php-cgi works. I have attached a simple php script, that avoids being cached, and errors when it doesn't work. Outputs as much data as it can, however the error that ldap returns is '', which isn't very useful. Also this bug is actually a dup of https://bugzilla.redhat.com/show_bug.cgi?format=multiple&id=738456 which also has no solution. (In reply to comment #6) > Also this bug is actually a dup of > https://bugzilla.redhat.com/show_bug.cgi?format=multiple&id=738456 Could you please check whether libcurl-7.19.7-26.el6_2.4 fixes this issue? http://rhn.redhat.com/errata/RHBA-2012-0430.html @George: ping If not, please, can you also try with following scratch build: http://people.redhat.com/jvcelak/bz707599/ Cleanup: possible duplicate bug https://bugzilla.redhat.com/show_bug.cgi?id=738456 is resolved. This is issue seems to be resolved as per Comment #16. Closing. |