Message ID | 310a47ca-7f78-b5d1-1d3f-7e52ea0f5dd8@nutanix.com |
---|---|
State | Superseded |
Headers | show |
Series | [ovs-dev,branch-2.11] stream-ssl: Make 'stream_ssl_set_key_and_cert' atomic | expand |
Just bumping this patch. If someone is able to provide feedback, that would be much appreciated. Thanks! On 11/23/20 2:23 PM, Thomas Neuman wrote: > From 417ed338179d9856334e9b738abd71952581785a Mon Sep 17 00:00:00 2001 > From: Thomas Neuman<thomas.neuman@nutanix.com> > Date: Mon, 23 Nov 2020 21:02:08 +0000 > Subject: [PATCH branch-2.11] stream-ssl: Make 'stream_ssl_set_key_and_cert' > atomic > > When attempting to set the SSL key and cert via this function, > first we check whether both the private key and certificate have > been changed, via a pair of calls to 'update_ssl_config'. However, > these calls modify the config which are being checked for changes. > In order for updates to be recognized atomically with respect to > the two files, we need to revert any changes made during the check. > > Signed-off-by: Thomas Neuman<thomas.neuman@nutanix.com> > --- > lib/stream-ssl.c | 13 +++++++++---- > 1 file changed, 9 insertions(+), 4 deletions(-) > > diff --git a/lib/stream-ssl.c b/lib/stream-ssl.c > index 343dced58..7bcc37864 100644 > --- a/lib/stream-ssl.c > +++ b/lib/stream-ssl.c > @@ -1161,10 +1161,15 @@ void > stream_ssl_set_key_and_cert(const char *private_key_file, > const char *certificate_file) > { > - if (update_ssl_config(&private_key, private_key_file) > - && update_ssl_config(&certificate, certificate_file)) { > - stream_ssl_set_certificate_file__(certificate_file); > - stream_ssl_set_private_key_file__(private_key_file); > + struct timespec orig_mtime = private_key.mtime; > + if (update_ssl_config(&private_key, private_key_file)) { > + if (update_ssl_config(&certificate, certificate_file)) { > + stream_ssl_set_certificate_file__(certificate_file); > + stream_ssl_set_private_key_file__(private_key_file); > + } else { > + // Revert the change performed by 'update_ssl_config'. > + private_key.mtime = orig_mtime; > + } > } > } > > -- > 2.22.3
diff --git a/lib/stream-ssl.c b/lib/stream-ssl.c index 343dced58..7bcc37864 100644 --- a/lib/stream-ssl.c +++ b/lib/stream-ssl.c @@ -1161,10 +1161,15 @@ void stream_ssl_set_key_and_cert(const char *private_key_file, const char *certificate_file) { - if (update_ssl_config(&private_key, private_key_file) - && update_ssl_config(&certificate, certificate_file)) { - stream_ssl_set_certificate_file__(certificate_file); - stream_ssl_set_private_key_file__(private_key_file); + struct timespec orig_mtime = private_key.mtime; + if (update_ssl_config(&private_key, private_key_file)) { + if (update_ssl_config(&certificate, certificate_file)) { + stream_ssl_set_certificate_file__(certificate_file); + stream_ssl_set_private_key_file__(private_key_file); + } else { + // Revert the change performed by 'update_ssl_config'. + private_key.mtime = orig_mtime; + } } }