https://bz.apache.org/bugzilla/show_bug.cgi?id=61013
Bug ID: 61013
Summary: ocsp problems cause processes to be "stuck" and not
process future clients
Product: Apache httpd-2
Version: 2.4.25
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: mod_ssl
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
Using apache 2.4.25, openssl 1.0.2k and config:
SSLUseStapling on
SSLStaplingResponderTimeout 5
SSLStaplingReturnResponderErrors off
SSLStaplingCache shmcb:/var/cache/httpd/ocsp(128000)
and for one site I'm getting:
"AH01980: bad response from OCSP server: (none) ssl"
I see httpd process "stuck" in R or G state in server-status
strace shows that it is waiting on:
fcntl(14, F_SETLKW, {l_type=F_WRLCK, l_whence=SEEK_SET, l_start=0, l_len=0}
where descriptor 14 is /var/run/httpd/ssl-stapling-refresh.10132 (deleted)
After some time there is more and more such "stuck" processes up to MaxClients
limit and when that happens apache obiously stops serving (other) pages.
That's a major problem here. Disabling sslusestapling makes problem go away.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
