diff options
author | Eric Wong <e@80x24.org> | 2016-02-12 00:59:11 +0000 |
---|---|---|
committer | Eric Wong <e@80x24.org> | 2016-02-12 00:59:11 +0000 |
commit | f79a43a96dbda5e4e6692778bb3f10ee8874c7c8 (patch) | |
tree | b60bac388e6d954a06baa31234f7411f797c96ed | |
parent | f6dd9694b43c2625f514e89856834a633b70f91b (diff) | |
download | yahns-f79a43a96dbda5e4e6692778bb3f10ee8874c7c8.tar.gz |
By explicitly calling OpenSSL::SSL::SSLContext#setup before accepting connections. We cannot rely on "setup" being called implicitly because any callbacks configured or objects configured by the client may not be thread-safe. We also avoid calling "setup" in the master process (if yahns is configured to use worker processeses) in case the setup code starts any TCP connections (e.g. to memcached for session caching).
-rw-r--r-- | lib/yahns/server.rb | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/lib/yahns/server.rb b/lib/yahns/server.rb index b7a7554..09ddbef 100644 --- a/lib/yahns/server.rb +++ b/lib/yahns/server.rb @@ -380,7 +380,14 @@ class Yahns::Server # :nodoc: ctx.queue = queues[qegg] ||= qegg_vivify(qegg, fdmap) ctx = ctx.dup ctx.__send__(:include, l.expire_mod) - ctx.__send__(:include, Yahns::OpenSSLClient) if opts[:ssl_ctx] + if ssl_ctx = opts[:ssl_ctx] + ctx.__send__(:include, Yahns::OpenSSLClient) + + # call OpenSSL::SSL::SSLContext#setup explicitly here to detect + # errors and avoid race conditions. We avoid calling this in the + # parent process since + ssl_ctx.setup + end ctx_list << ctx # acceptors feed the the queues l.spawn_acceptor(opts[:threads] || 1, @logger, ctx) |