I've been battling with this for a couple of days but i think i finally narrowed it down ...
Centos7 , OLS 1.4.27 , I tied both rpm installs and build from source, same issue.
https access to a vhost which has OCSP Stapling on, will work ok for the first few requests and i can see the entry being created in cachedata but after a few requests the children processes die with signal 11. Dont seem to crash with the OCSP Stapling option off.
I have the same setup with LiteSpeed 5 and do not have this issue.
----- backtrace ---
Core was generated by `openlitespee'.
Program terminated with signal 11, Segmentation fault.
#0 setCallback (this=0x53, callback=0x0) at ./adns/adns.h:52
52 void setCallback(lookup_pf callback) { cb = callback; }
(gdb) bt
#0 setCallback (this=0x53, callback=0x0) at ./adns/adns.h:52
#1 HttpFetch::~HttpFetch (this=0x2976d10, __in_chrg=<optimized out>) at util/httpfetch.cpp:82
#2 0x0000000000531ad0 in SslOcspStapling::createRequest (this=this@entry=0x2912a60) at sslocspstapling.cpp:333
#3 0x00000000005325f3 in SslOcspStapling::update (this=this@entry=0x2912a60) at sslocspstapling.cpp:227
#4 0x000000000053262f in SslOcspStapling::callback (this=0x2912a60, ssl=0x2974980) at sslocspstapling.cpp:102
#5 0x000000000055abd8 in ssl_check_clienthello_tlsext_late ()
#6 0x0000000000574625 in ssl3_get_client_hello ()
#7 0x0000000000579057 in ssl3_accept ()
#8 0x0000000000554e2c in ssl23_accept ()
#9 0x000000000052ea98 in SslConnection::accept (this=0x2959d58) at sslconnection.cpp:323
#10 0x00000000004de045 in NtwkIOLink::acceptSSL (this=this@entry=0x2959c90) at ntwkiolink.cpp:1571
#11 0x00000000004de23c in NtwkIOLink::SSLAgain (this=this@entry=0x2959c90) at ntwkiolink.cpp:1622
#12 0x00000000004de3ab in NtwkIOLink:nReadSSL (pThis=0x2959c90) at ntwkiolink.cpp:737
#13 0x00000000004dc3c5 in NtwkIOLink::handleEvents (this=0x2959c90, evt=<optimized out>) at ntwkiolink.cpp:397
#14 0x00000000004dfeb8 in HttpListener::addConnection (this=this@entry=0x28dc890,
pCur=pCur@entry=0xa0cf60 <HttpListener::handleEvents(short)::conns>, iCount=iCount@entry=0x7fffbd39c548) at httplistener.cpp:511
#15 0x00000000004e02d2 in HttpListener::handleEvents (this=0x28dc890, event=<optimized out>) at httplistener.cpp:328
#16 0x000000000053dfae in epoll::waitAndProcessEvents (this=0x2920f10, iTimeoutMilliSec=100) at epoll.cpp:214
#17 0x00000000004d0891 in EventDispatcher::run (this=this@entry=0x2857e68) at eventdispatcher.cpp:231
#18 0x00000000004b1620 in HttpServerImpl::start (this=0x2857e40) at httpserver.cpp:467
#19 0x00000000004ba7b9 in HttpServer::start (this=<optimized out>) at httpserver.cpp:3705
#20 0x000000000048e840 in LshttpdMain::main (this=this@entry=0x2857bf0, argc=argc@entry=1, argv=argv@entry=0x7fffbd39c708) at lshttpdmain.cpp:945
#21 0x000000000048e777 in main (argc=1, argv=0x7fffbd39c708) at main.cpp:109
(gdb)
------ vhost conf -----
vhssl {
keyFile $SERVER_ROOT/conf/cert/server.key
certFile $SERVER_ROOT/conf/cert/server.crt
certChain 1
CACertFile $SERVER_ROOT/conf/cert/server.ca
sslProtocol 14
enableECDHE 1
enableDHE 1
DHParam $SERVER_ROOT/conf/cert/dhparams.pem
renegProtection 1
sslSessionCache 1
sslSessionTickets 1
enableStapling 1
ocspRespMaxAge 3600
clientVerify 0
}
---- server conf ----
...
SSLStrongDhKey 1
sslEnableMultiCerts 0
SSLCryptoDevice null
sslSessionCache 1
sslSessionCacheSize 1000000
sslSessionCacheTimeout 3600
sslSessionTickets 1
sslSessionTicketLifetime 216000
}
Centos7 , OLS 1.4.27 , I tied both rpm installs and build from source, same issue.
https access to a vhost which has OCSP Stapling on, will work ok for the first few requests and i can see the entry being created in cachedata but after a few requests the children processes die with signal 11. Dont seem to crash with the OCSP Stapling option off.
I have the same setup with LiteSpeed 5 and do not have this issue.
----- backtrace ---
Core was generated by `openlitespee'.
Program terminated with signal 11, Segmentation fault.
#0 setCallback (this=0x53, callback=0x0) at ./adns/adns.h:52
52 void setCallback(lookup_pf callback) { cb = callback; }
(gdb) bt
#0 setCallback (this=0x53, callback=0x0) at ./adns/adns.h:52
#1 HttpFetch::~HttpFetch (this=0x2976d10, __in_chrg=<optimized out>) at util/httpfetch.cpp:82
#2 0x0000000000531ad0 in SslOcspStapling::createRequest (this=this@entry=0x2912a60) at sslocspstapling.cpp:333
#3 0x00000000005325f3 in SslOcspStapling::update (this=this@entry=0x2912a60) at sslocspstapling.cpp:227
#4 0x000000000053262f in SslOcspStapling::callback (this=0x2912a60, ssl=0x2974980) at sslocspstapling.cpp:102
#5 0x000000000055abd8 in ssl_check_clienthello_tlsext_late ()
#6 0x0000000000574625 in ssl3_get_client_hello ()
#7 0x0000000000579057 in ssl3_accept ()
#8 0x0000000000554e2c in ssl23_accept ()
#9 0x000000000052ea98 in SslConnection::accept (this=0x2959d58) at sslconnection.cpp:323
#10 0x00000000004de045 in NtwkIOLink::acceptSSL (this=this@entry=0x2959c90) at ntwkiolink.cpp:1571
#11 0x00000000004de23c in NtwkIOLink::SSLAgain (this=this@entry=0x2959c90) at ntwkiolink.cpp:1622
#12 0x00000000004de3ab in NtwkIOLink:nReadSSL (pThis=0x2959c90) at ntwkiolink.cpp:737
#13 0x00000000004dc3c5 in NtwkIOLink::handleEvents (this=0x2959c90, evt=<optimized out>) at ntwkiolink.cpp:397
#14 0x00000000004dfeb8 in HttpListener::addConnection (this=this@entry=0x28dc890,
pCur=pCur@entry=0xa0cf60 <HttpListener::handleEvents(short)::conns>, iCount=iCount@entry=0x7fffbd39c548) at httplistener.cpp:511
#15 0x00000000004e02d2 in HttpListener::handleEvents (this=0x28dc890, event=<optimized out>) at httplistener.cpp:328
#16 0x000000000053dfae in epoll::waitAndProcessEvents (this=0x2920f10, iTimeoutMilliSec=100) at epoll.cpp:214
#17 0x00000000004d0891 in EventDispatcher::run (this=this@entry=0x2857e68) at eventdispatcher.cpp:231
#18 0x00000000004b1620 in HttpServerImpl::start (this=0x2857e40) at httpserver.cpp:467
#19 0x00000000004ba7b9 in HttpServer::start (this=<optimized out>) at httpserver.cpp:3705
#20 0x000000000048e840 in LshttpdMain::main (this=this@entry=0x2857bf0, argc=argc@entry=1, argv=argv@entry=0x7fffbd39c708) at lshttpdmain.cpp:945
#21 0x000000000048e777 in main (argc=1, argv=0x7fffbd39c708) at main.cpp:109
(gdb)
------ vhost conf -----
vhssl {
keyFile $SERVER_ROOT/conf/cert/server.key
certFile $SERVER_ROOT/conf/cert/server.crt
certChain 1
CACertFile $SERVER_ROOT/conf/cert/server.ca
sslProtocol 14
enableECDHE 1
enableDHE 1
DHParam $SERVER_ROOT/conf/cert/dhparams.pem
renegProtection 1
sslSessionCache 1
sslSessionTickets 1
enableStapling 1
ocspRespMaxAge 3600
clientVerify 0
}
---- server conf ----
...
SSLStrongDhKey 1
sslEnableMultiCerts 0
SSLCryptoDevice null
sslSessionCache 1
sslSessionCacheSize 1000000
sslSessionCacheTimeout 3600
sslSessionTickets 1
sslSessionTicketLifetime 216000
}