月度归档:2022年08月

CentOS 6.x 上 PHP 5.2 请求https报 segment fault

php调用curl访问https地址时,php-fpm进程crash后重启,nginx报502错误
php-fpm日志报错:

[NOTICE] fpm_got_signal(), line 48: received SIGCHLD
[WARNING] fpm_children_bury(), line 215: child 4270 (pool default) exited on signal 11 SIGSEGV (core dumped) after 1816.499155 seconds from start
[NOTICE] fpm_children_make(), line 352: child 4444 (pool default) started

dmesg报错:

[1125726.463591] php-cgi[4517]: segfault at 8048 ip 000000319301cefc sp 00007ffc8430fac0 error 4 in libsqlite3.so.0.8.6[3193000000+8b000]

复现代码:

$urlEndPoint = "https://www.google.com/search";
$headerArray = array();
$ch = curl_init();
curl_setopt($ch,CURLOPT_POST,true);

curl_setopt($ch,CURLOPT_URL, $urlEndPoint);
/*curl_setopt($ch,CURLOPT_HTTPHEADER, $headerArray);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postArray); */

curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch,CURLOPT_HEADER, true);
curl_setopt($ch,CURLOPT_FOLLOWLOCATION, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0');
curl_setopt($ch, CURLOPT_VERBOSE, true);

if (!$result = curl_exec($ch)) {
print (curl_error($ch));
}

curl_close ($ch);

echo print_r($result,true);

复现结果:

[root@172-105-209-168 ~]# php test1.php
* About to connect() to www.google.com port 443 (#0)
* Trying 142.251.42.196... * connected
* Connected to www.google.com (142.251.42.196) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
Segmentation fault (core dumped)

排错后确定,是nss的问题,准确说应该是/etc/pki/nssdb这个数据库文件的问题。

Quick fix: 重装一遍nss
如果在nssdb中有自定义证书,需要先备份

yum -y reinstall nss

CentOS 6 太老了,官方的和很多第三方的yum源已经移除 CentOS 6,需要找个能用的:

https://www.mark-gilbert.co.uk/fixing-yum-repos-on-centos-6-now-its-eol/