>From the description of this interface, one of the problems it tries to solve is when one of the files is changed before the other:
* But, if the private * key is changed before the certificate (e.g. someone "scp"s or "mv"s the new * private key in place before the certificate), then OpenSSL would reject that * change, and then the change of certificate would succeed, but there would be * no associated private key (because it had only changed once and therefore * there was no point in re-reading it). * This function avoids both problems by, whenever either the certificate or * the private key file changes, re-reading both of them ... However, in the implement it used "&&" instead of "||", and so it was in fact re-reading both of them only when both are changed. This patch fixes it by using "||". Reported-by: Girish Moodalbail <[email protected]> Reported-at: https://mail.openvswitch.org/pipermail/ovs-discuss/2020-December/050859.html Signed-off-by: Han Zhou <[email protected]> --- lib/stream-ssl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/stream-ssl.c b/lib/stream-ssl.c index 078fcbc3a..e67ccb4bd 100644 --- a/lib/stream-ssl.c +++ b/lib/stream-ssl.c @@ -1215,7 +1215,7 @@ stream_ssl_set_key_and_cert(const char *private_key_file, const char *certificate_file) { if (update_ssl_config(&private_key, private_key_file) - && update_ssl_config(&certificate, certificate_file)) { + || update_ssl_config(&certificate, certificate_file)) { stream_ssl_set_certificate_file__(certificate_file); stream_ssl_set_private_key_file__(private_key_file); } -- 2.30.2 _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
