Just bumping this patch. If someone is able to provide feedback, that
would be much appreciated. Thanks!
On 11/23/20 2:23 PM, Thomas Neuman wrote:
From 417ed338179d9856334e9b738abd71952581785a Mon Sep 17 00:00:00 2001
From: Thomas Neuman<[email protected]>
Date: Mon, 23 Nov 2020 21:02:08 +0000
Subject: [PATCH branch-2.11] stream-ssl: Make 'stream_ssl_set_key_and_cert'
atomic
When attempting to set the SSL key and cert via this function,
first we check whether both the private key and certificate have
been changed, via a pair of calls to 'update_ssl_config'. However,
these calls modify the config which are being checked for changes.
In order for updates to be recognized atomically with respect to
the two files, we need to revert any changes made during the check.
Signed-off-by: Thomas Neuman<[email protected]>
---
lib/stream-ssl.c | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/lib/stream-ssl.c b/lib/stream-ssl.c
index 343dced58..7bcc37864 100644
--- a/lib/stream-ssl.c
+++ b/lib/stream-ssl.c
@@ -1161,10 +1161,15 @@ void
stream_ssl_set_key_and_cert(const char *private_key_file,
const char *certificate_file)
{
- if (update_ssl_config(&private_key, private_key_file)
- && update_ssl_config(&certificate, certificate_file)) {
- stream_ssl_set_certificate_file__(certificate_file);
- stream_ssl_set_private_key_file__(private_key_file);
+ struct timespec orig_mtime = private_key.mtime;
+ if (update_ssl_config(&private_key, private_key_file)) {
+ if (update_ssl_config(&certificate, certificate_file)) {
+ stream_ssl_set_certificate_file__(certificate_file);
+ stream_ssl_set_private_key_file__(private_key_file);
+ } else {
+ // Revert the change performed by 'update_ssl_config'.
+ private_key.mtime = orig_mtime;
+ }
}
}
--
2.22.3
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
