about summary refs log tree commit homepage
diff options
context:
space:
mode:
authorEric Wong <e@80x24.org>2016-02-12 00:59:11 +0000
committerEric Wong <e@80x24.org>2016-02-12 00:59:11 +0000
commitf79a43a96dbda5e4e6692778bb3f10ee8874c7c8 (patch)
treeb60bac388e6d954a06baa31234f7411f797c96ed
parentf6dd9694b43c2625f514e89856834a633b70f91b (diff)
downloadyahns-f79a43a96dbda5e4e6692778bb3f10ee8874c7c8.tar.gz
By explicitly calling OpenSSL::SSL::SSLContext#setup before
accepting connections.  We cannot rely on "setup" being called
implicitly because any callbacks configured or objects
configured by the client may not be thread-safe.

We also avoid calling "setup" in the master process (if yahns is
configured to use worker processeses) in case the setup code
starts any TCP connections (e.g. to memcached for session
caching).
-rw-r--r--lib/yahns/server.rb9
1 files changed, 8 insertions, 1 deletions
diff --git a/lib/yahns/server.rb b/lib/yahns/server.rb
index b7a7554..09ddbef 100644
--- a/lib/yahns/server.rb
+++ b/lib/yahns/server.rb
@@ -380,7 +380,14 @@ class Yahns::Server # :nodoc:
       ctx.queue = queues[qegg] ||= qegg_vivify(qegg, fdmap)
       ctx = ctx.dup
       ctx.__send__(:include, l.expire_mod)
-      ctx.__send__(:include, Yahns::OpenSSLClient) if opts[:ssl_ctx]
+      if ssl_ctx = opts[:ssl_ctx]
+        ctx.__send__(:include, Yahns::OpenSSLClient)
+
+        # call OpenSSL::SSL::SSLContext#setup explicitly here to detect
+        # errors and avoid race conditions.  We avoid calling this in the
+        # parent process since
+        ssl_ctx.setup
+      end
       ctx_list << ctx
       # acceptors feed the the queues
       l.spawn_acceptor(opts[:threads] || 1, @logger, ctx)