BUG/MINOR: ssl/threads: Make management of the TLS ticket keys files thread-safe
A TLS ticket keys file can be updated on the CLI and used in same time. So we
need to protect it to be sure all accesses are thread-safe. Because updates are
infrequent, a R/W lock has been used.
This patch must be backported in 1.8
diff --git a/include/types/ssl_sock.h b/include/types/ssl_sock.h
index 5bd76ba..c31a496 100644
--- a/include/types/ssl_sock.h
+++ b/include/types/ssl_sock.h
@@ -25,6 +25,8 @@
#include <openssl/ssl.h>
#include <ebmbtree.h>
+#include <common/hathreads.h>
+
struct sni_ctx {
SSL_CTX *ctx; /* context associated to the certificate */
int order; /* load order for the certificate */
@@ -54,6 +56,7 @@
int unique_id; /* Each pattern reference have unique id. */
struct tls_sess_key *tlskeys;
int tls_ticket_enc_index;
+ __decl_hathreads(HA_RWLOCK_T lock); /* lock used to protect the ref */
};
/* shared ssl session */