diff mbox series

[ovs-dev,branch-2.11] stream-ssl: Make 'stream_ssl_set_key_and_cert' atomic

Message ID 310a47ca-7f78-b5d1-1d3f-7e52ea0f5dd8@nutanix.com
State New
Headers show
Series [ovs-dev,branch-2.11] stream-ssl: Make 'stream_ssl_set_key_and_cert' atomic | expand

Commit Message

Thomas Neuman Nov. 23, 2020, 10:23 p.m. UTC
From 417ed338179d9856334e9b738abd71952581785a Mon Sep 17 00:00:00 2001
From: Thomas Neuman <thomas.neuman@nutanix.com>
Date: Mon, 23 Nov 2020 21:02:08 +0000
Subject: [PATCH branch-2.11] stream-ssl: Make 'stream_ssl_set_key_and_cert'
  atomic

When attempting to set the SSL key and cert via this function,
first we check whether both the private key and certificate have
been changed, via a pair of calls to 'update_ssl_config'. However,
these calls modify the config which are being checked for changes.
In order for updates to be recognized atomically with respect to
the two files, we need to revert any changes made during the check.

Signed-off-by: Thomas Neuman <thomas.neuman@nutanix.com>
---
  lib/stream-ssl.c | 13 +++++++++----
  1 file changed, 9 insertions(+), 4 deletions(-)

--
2.22.3

Comments

Thomas Neuman Dec. 9, 2020, 11:55 p.m. UTC | #1
Just bumping this patch. If someone is able to provide feedback, that 
would be much appreciated. Thanks!


On 11/23/20 2:23 PM, Thomas Neuman wrote:
>  From 417ed338179d9856334e9b738abd71952581785a Mon Sep 17 00:00:00 2001
> From: Thomas Neuman<thomas.neuman@nutanix.com>
> Date: Mon, 23 Nov 2020 21:02:08 +0000
> Subject: [PATCH branch-2.11] stream-ssl: Make 'stream_ssl_set_key_and_cert'
>   atomic
>
> When attempting to set the SSL key and cert via this function,
> first we check whether both the private key and certificate have
> been changed, via a pair of calls to 'update_ssl_config'. However,
> these calls modify the config which are being checked for changes.
> In order for updates to be recognized atomically with respect to
> the two files, we need to revert any changes made during the check.
>
> Signed-off-by: Thomas Neuman<thomas.neuman@nutanix.com>
> ---
>   lib/stream-ssl.c | 13 +++++++++----
>   1 file changed, 9 insertions(+), 4 deletions(-)
>
> diff --git a/lib/stream-ssl.c b/lib/stream-ssl.c
> index 343dced58..7bcc37864 100644
> --- a/lib/stream-ssl.c
> +++ b/lib/stream-ssl.c
> @@ -1161,10 +1161,15 @@ void
>   stream_ssl_set_key_and_cert(const char *private_key_file,
>                               const char *certificate_file)
>   {
> -    if (update_ssl_config(&private_key, private_key_file)
> -        && update_ssl_config(&certificate, certificate_file)) {
> -        stream_ssl_set_certificate_file__(certificate_file);
> -        stream_ssl_set_private_key_file__(private_key_file);
> +    struct timespec orig_mtime = private_key.mtime;
> +    if (update_ssl_config(&private_key, private_key_file)) {
> +        if (update_ssl_config(&certificate, certificate_file)) {
> +            stream_ssl_set_certificate_file__(certificate_file);
> +            stream_ssl_set_private_key_file__(private_key_file);
> +        } else {
> +            // Revert the change performed by 'update_ssl_config'.
> +            private_key.mtime = orig_mtime;
> +        }
>       }
>   }
>
> --
> 2.22.3
diff mbox series

Patch

diff --git a/lib/stream-ssl.c b/lib/stream-ssl.c
index 343dced58..7bcc37864 100644
--- a/lib/stream-ssl.c
+++ b/lib/stream-ssl.c
@@ -1161,10 +1161,15 @@  void
  stream_ssl_set_key_and_cert(const char *private_key_file,
                              const char *certificate_file)
  {
-    if (update_ssl_config(&private_key, private_key_file)
-        && update_ssl_config(&certificate, certificate_file)) {
-        stream_ssl_set_certificate_file__(certificate_file);
-        stream_ssl_set_private_key_file__(private_key_file);
+    struct timespec orig_mtime = private_key.mtime;
+    if (update_ssl_config(&private_key, private_key_file)) {
+        if (update_ssl_config(&certificate, certificate_file)) {
+            stream_ssl_set_certificate_file__(certificate_file);
+            stream_ssl_set_private_key_file__(private_key_file);
+        } else {
+            // Revert the change performed by 'update_ssl_config'.
+            private_key.mtime = orig_mtime;
+        }
      }
  }