From 417ed338179d9856334e9b738abd71952581785a Mon Sep 17 00:00:00 2001 From: Thomas Neuman <[email protected]> Date: Mon, 23 Nov 2020 21:02:08 +0000 Subject: [PATCH branch-2.11] stream-ssl: Make 'stream_ssl_set_key_and_cert' atomic
When attempting to set the SSL key and cert via this function, first we check whether both the private key and certificate have been changed, via a pair of calls to 'update_ssl_config'. However, these calls modify the config which are being checked for changes. In order for updates to be recognized atomically with respect to the two files, we need to revert any changes made during the check. Signed-off-by: Thomas Neuman <[email protected]> --- lib/stream-ssl.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/lib/stream-ssl.c b/lib/stream-ssl.c index 343dced58..7bcc37864 100644 --- a/lib/stream-ssl.c +++ b/lib/stream-ssl.c @@ -1161,10 +1161,15 @@ void stream_ssl_set_key_and_cert(const char *private_key_file, const char *certificate_file) { - if (update_ssl_config(&private_key, private_key_file) - && update_ssl_config(&certificate, certificate_file)) { - stream_ssl_set_certificate_file__(certificate_file); - stream_ssl_set_private_key_file__(private_key_file); + struct timespec orig_mtime = private_key.mtime; + if (update_ssl_config(&private_key, private_key_file)) { + if (update_ssl_config(&certificate, certificate_file)) { + stream_ssl_set_certificate_file__(certificate_file); + stream_ssl_set_private_key_file__(private_key_file); + } else { + // Revert the change performed by 'update_ssl_config'. + private_key.mtime = orig_mtime; + } } } -- 2.22.3 _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
