By explicitly calling OpenSSL::SSL::SSLContext#setup before
accepting connections. We cannot rely on "setup" being called
implicitly because any callbacks configured or objects
configured by the client may not be thread-safe.
We also avoid calling "setup" in the master process (if yahns is
configured to use worker processeses) in case the setup code
starts any TCP connections (e.g. to memcached for session
caching).
---
lib/yahns/server.rb | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/lib/yahns/server.rb b/lib/yahns/server.rb
index b7a7554..09ddbef 100644
--- a/lib/yahns/server.rb
+++ b/lib/yahns/server.rb
@@ -380,7 +380,14 @@ def fdmap_init
ctx.queue = queues[qegg] ||= qegg_vivify(qegg, fdmap)
ctx = ctx.dup
ctx.__send__(:include, l.expire_mod)
- ctx.__send__(:include, Yahns::OpenSSLClient) if opts[:ssl_ctx]
+ if ssl_ctx = opts[:ssl_ctx]
+ ctx.__send__(:include, Yahns::OpenSSLClient)
+
+ # call OpenSSL::SSL::SSLContext#setup explicitly here to detect
+ # errors and avoid race conditions. We avoid calling this in the
+ # parent process since
+ ssl_ctx.setup
+ end
ctx_list << ctx
# acceptors feed the the queues
l.spawn_acceptor(opts[:threads] || 1, @logger, ctx)
--
EW
--
unsubscribe: [email protected]
archive: http://yhbt.net/yahns-public/
