[Dovecot] SSL hangs? Try this
Since apparently 1.0 RC5 didn't fix the SSL hangs for everyone, could you try if replacing src/login-common/ssl-proxy-openssl.c with this helps:
http://dovecot.org/tmp/ssl-proxy-openssl.c
It's basically the old proxying but with some new changes, plus hopefully also fixing the original rarely occurring hang which my rewrite was intended to fix.
On Fri, Aug 04, 2006 at 12:36:42AM +0300, Timo Sirainen wrote:
Since apparently 1.0 RC5 didn't fix the SSL hangs for everyone, could you try if replacing src/login-common/ssl-proxy-openssl.c with this helps:
http://dovecot.org/tmp/ssl-proxy-openssl.c
It's basically the old proxying but with some new changes, plus hopefully also fixing the original rarely occurring hang which my rewrite was intended to fix.
Seems to fix the problem for me, thanks!
GeertOn Mon, Aug 07, 2006 at 08:38:16AM +0200, Geert Hendrickx wrote:
On Fri, Aug 04, 2006 at 12:36:42AM +0300, Timo Sirainen wrote:
Since apparently 1.0 RC5 didn't fix the SSL hangs for everyone, could you try if replacing src/login-common/ssl-proxy-openssl.c with this helps:
http://dovecot.org/tmp/ssl-proxy-openssl.c
It's basically the old proxying but with some new changes, plus hopefully also fixing the original rarely occurring hang which my rewrite was intended to fix.
Seems to fix the problem for me, thanks!
Hm, after a full working day, it seems that we still had the problem, so I reverted to rc1 once more. The problem seems to appear only after some period of time.
Now I'm suspecting it is a totally different problem: the default polling method changed in rc2. I think I was having the "stale imap processes" problem, mentioned elsewhere on this list, and that was causing timeouts for clients connecting after the process limit was hit. I'll recompile dovecot 1.0rc6 with --with-ioloop=kqueue, as suggested elsewhere on this list, and try again. I should have mentioned I'm using NetBSD...
GeertOn Tue, Aug 08, 2006 at 05:48:08PM +0200, Geert Hendrickx wrote:
Now I'm suspecting it is a totally different problem: the default polling method changed in rc2. I think I was having the "stale imap processes" problem, mentioned elsewhere on this list, and that was causing timeouts for clients connecting after the process limit was hit. I'll recompile dovecot 1.0rc6 with --with-ioloop=kqueue, as suggested elsewhere on this list, and try again. I should have mentioned I'm using NetBSD...
--with-ioloop=kqueue (actually, --with-ioloop=best) seems to have solved the problem for me!
So I have added --with-ioloop=best to NetBSD's pkgsrc package for dovecot.
Why isn't --with-ioloop=best the default btw? I have seen complaints from (Free|Open)BSD users on this list, they have all used --with-ioloop=kqueue to solve their problem.
GeertOn Wed, Aug 09, 2006 at 04:32:47PM +0200, Geert Hendrickx wrote:
On Tue, Aug 08, 2006 at 05:48:08PM +0200, Geert Hendrickx wrote:
Now I'm suspecting it is a totally different problem: the default polling method changed in rc2. I think I was having the "stale imap processes" problem, mentioned elsewhere on this list, and that was causing timeouts for clients connecting after the process limit was hit. I'll recompile dovecot 1.0rc6 with --with-ioloop=kqueue, as suggested elsewhere on this list, and try again. I should have mentioned I'm using NetBSD...
--with-ioloop=kqueue (actually, --with-ioloop=best) seems to have solved the problem for me!
So I have added --with-ioloop=best to NetBSD's pkgsrc package for dovecot.
Why isn't --with-ioloop=best the default btw? I have seen complaints from (Free|Open)BSD users on this list, they have all used --with-ioloop=kqueue to solve their problem.
Geert
Because it is a workaround instead of a proper fix. Using kqueue does not solve the problem in all cases either.
On Wed, 2006-08-09 at 10:54 -0400, Brad wrote:
On Wed, Aug 09, 2006 at 04:32:47PM +0200, Geert Hendrickx wrote:
On Tue, Aug 08, 2006 at 05:48:08PM +0200, Geert Hendrickx wrote:
Now I'm suspecting it is a totally different problem: the default polling method changed in rc2. I think I was having the "stale imap processes" problem, mentioned elsewhere on this list, and that was causing timeouts for clients connecting after the process limit was hit. I'll recompile dovecot 1.0rc6 with --with-ioloop=kqueue, as suggested elsewhere on this list, and try again. I should have mentioned I'm using NetBSD...
--with-ioloop=kqueue (actually, --with-ioloop=best) seems to have solved the problem for me!
So I have added --with-ioloop=best to NetBSD's pkgsrc package for dovecot.
Why isn't --with-ioloop=best the default btw? I have seen complaints from (Free|Open)BSD users on this list, they have all used --with-ioloop=kqueue to solve their problem.
Geert
Because it is a workaround instead of a proper fix. Using kqueue does not solve the problem in all cases either.
I'm on FreeBSD, I followed John Wong's suggestion, and did --with-notify=pool - which I think was a typo equivalent to 'none', but I have no file notification method now. Where before it was kqueue. This seems to work fine for me.
So unless I missed some posts, maybe the question is: How did the file notification get to be kqueue, when my I/O loop was poll, and the defaults for notify are either dnotify or none?
Rick
On Wed, 2006-08-09 at 16:32 +0200, Geert Hendrickx wrote:
Why isn't --with-ioloop=best the default btw?
Because kqueue gives "Unrecognized event: kevent bug" errors to some people. And epoll has been also broken for some people. poll/select is known to work.
I have seen complaints from (Free|Open)BSD users on this list, they have all used --with-ioloop=kqueue to solve their problem.
I'd rather want to know why exactly it's hanging, if it's not because of SSL. If someone can reproduce this easily and is willing to debug it, I'd like to know.
participants (4)
-
Brad
-
Geert Hendrickx
-
Rick Romero
-
Timo Sirainen