commit 16f45c87d5f9bf57fa4e7e71546bce352a727425
author Christopher Faulet <cfaulet@haproxy.com> Fri Feb 16 11:23:49 2018 +0100
committer Willy Tarreau <w@1wt.eu> Mon Feb 19 14:15:38 2018 +0100
tree cde3e079194089520ec2924e080a60e3924018dc
parent 9ad9f3517ee9e4289a003941a49cf52bd06314e3

BUG/MINOR: ssl/threads: Make management of the TLS ticket keys files thread-safe

A TLS ticket keys file can be updated on the CLI and used in same time. So we
need to protect it to be sure all accesses are thread-safe. Because updates are
infrequent, a R/W lock has been used.

This patch must be backported in 1.8

include/proto/ssl_sock.h

diff --git a/include/proto/ssl_sock.h b/include/proto/ssl_sock.h
index ce76849..ef03de6 100644
--- a/include/proto/ssl_sock.h
+++ b/include/proto/ssl_sock.h
@@ -61,6 +61,7 @@
 int ssl_sock_update_ocsp_response(struct chunk *ocsp_response, char **err);
 #endif
 #if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
+void ssl_sock_update_tlskey_ref(struct tls_keys_ref *ref, struct chunk *tlskey);
 int ssl_sock_update_tlskey(char *filename, struct chunk *tlskey, char **err);
 struct tls_keys_ref *tlskeys_ref_lookup(const char *filename);
 struct tls_keys_ref *tlskeys_ref_lookupid(int unique_id);