From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on dcvr.yhbt.net X-Spam-Level: X-Spam-ASN: X-Spam-Status: No, score=-3.1 required=3.0 tests=ALL_TRUSTED,AWL,BAYES_00, RP_MATCHES_RCVD shortcircuit=no autolearn=unavailable version=3.3.2 X-Original-To: yahns-public@yhbt.net Received: from localhost (dcvr.yhbt.net [127.0.0.1]) by dcvr.yhbt.net (Postfix) with ESMTP id 6D02D202EC for ; Fri, 12 Feb 2016 01:47:25 +0000 (UTC) From: Eric Wong To: yahns-public@yhbt.net Subject: [PATCH 3/3] avoid race conditions in OpenSSL::SSL::SSLContext#setup Date: Fri, 12 Feb 2016 01:47:13 +0000 Message-Id: <20160212014713.32163-4-e@80x24.org> In-Reply-To: <20160212014713.32163-1-e@80x24.org> References: <20160212014713.32163-1-e@80x24.org> List-Id: By explicitly calling OpenSSL::SSL::SSLContext#setup before accepting connections. We cannot rely on "setup" being called implicitly because any callbacks configured or objects configured by the client may not be thread-safe. We also avoid calling "setup" in the master process (if yahns is configured to use worker processeses) in case the setup code starts any TCP connections (e.g. to memcached for session caching). --- lib/yahns/server.rb | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/lib/yahns/server.rb b/lib/yahns/server.rb index b7a7554..09ddbef 100644 --- a/lib/yahns/server.rb +++ b/lib/yahns/server.rb @@ -380,7 +380,14 @@ def fdmap_init ctx.queue = queues[qegg] ||= qegg_vivify(qegg, fdmap) ctx = ctx.dup ctx.__send__(:include, l.expire_mod) - ctx.__send__(:include, Yahns::OpenSSLClient) if opts[:ssl_ctx] + if ssl_ctx = opts[:ssl_ctx] + ctx.__send__(:include, Yahns::OpenSSLClient) + + # call OpenSSL::SSL::SSLContext#setup explicitly here to detect + # errors and avoid race conditions. We avoid calling this in the + # parent process since + ssl_ctx.setup + end ctx_list << ctx # acceptors feed the the queues l.spawn_acceptor(opts[:threads] || 1, @logger, ctx) -- EW