-
Bug
-
Resolution: Unresolved
-
Undefined
-
None
-
rhel-9.2.0
-
None
-
Moderate
-
rhel-sst-cs-stacks
-
ssg_core_services
-
None
-
False
-
-
None
-
None
-
None
-
None
-
---
-
-
Unspecified
-
None
Description of problem:
When using nginx as reverse-proxy the error "error:0A000126:SSL routines::unexpected eof while reading" occurs for every request.
Clients show different error-messages:
- curl: transfer closed with outstanding read data remaining
- Firefox: NS_NET_ERROR_PARTIAL_TRANSFER
- Chrome, Edge: net::ERR_INCOMPLETE_CHUNKED_ENCODING
Version-Release number of selected component (if applicable):
1.20.1
How reproducible:
Use nginx as reverse-proxy and fetch a page
Steps to Reproduce:
1. dnf install -y nginx
2. cat >/etc/nginx/default.d/proxy.conf <<END
location / {
proxy_pass https://www.google.com;
proxy_pass_request_headers off;
proxy_pass_request_body off;
}
END
3. systemctl start nginx
4. curl -sSo /dev/null localhost
5. tail /var/log/nginx/error.log
Actual results:
curl: (18) transfer closed with outstanding read data remaining
2023/05/10 10:22:35 [crit] 128#128: *9 SSL_read() failed (SSL: error:0A000126:SSL routines::unexpected eof while reading) while reading upstream, client: 127.0.0.1, server: _, request: "GET / HTTP/1.1", upstream: "https://x.x.x.x:443/", host: "localhost"
Expected results:
No error-message
Additional info:
OpenSSL 3.0 raises unexpected EOF as error (https://github.com/openssl/openssl/issues/18866#issuecomment-1194219601), but offers a setting to ignore this. nginx 1.20.2 has already integrated this:
https://github.com/nginx/nginx/compare/release-1.20.1...release-1.20.2
So nginx has to be updated from 1.20.1 to 1.20.2.
A test by adding the changes to 1.20.2 was successfully:
dnf remove -y nginx
dnf groupinstall -y "Development Tools"
dnf install -y yum-utils rpm-build
dnf download --source nginx
rpm i nginx*.src.rpm
curl -o /root/rpmbuild/SOURCES/0008-update-to-1.20.2.patch https://github.com/nginx/nginx/compare/release-1.20.1...release-1.20.2.patch
sed -i 's/Patch6.*/&\nPatch7: 0008-update-to-1.20.2.patch/' /root/rpmbuild/SPECS/nginx.spec
echo Skip .hgtags
sed -i '/8747718e7751a9aac300595a96920141e3cc5078/,/From /
echo Skip misc/GNUmakefile
sed -i '/9b2488b2c350588423899f12fc062a35d5e86cad/,/From /{//!d;}
' /root/rpmbuild/SOURCES/0008-update-to-1.20.2.patch
echo Skip docs/xml/nginx/changes.xml
sed -i '/656597b6e248868d56ed25559846ab5c58f8f3ac/,/From /
' /root/rpmbuild/SOURCES/0008-update-to-1.20.2.patch
dnf builddep -y /root/rpmbuild/SPECS/nginx.spec
rpmbuild -bb /root/rpmbuild/SPECS/nginx.spec
dnf install y /root/rpmbuild/RPMS/x86_64/nginx*.rpm
curl -sSo /dev/null localhost
- external trackers