BUG/MINOR: ssl/threads: Make management of the TLS ticket keys files thread-safe A TLS ticket keys file can be updated on the CLI and used in same time. So we need to protect it to be sure all accesses are thread-safe. Because updates are infrequent, a R/W lock has been used. This patch must be backported in 1.8

commit: 16f45c87d5f9bf57fa4e7e71546bce352a727425 [log] [tgz]
author: Christopher Faulet <cfaulet@haproxy.com> Fri Feb 16 11:23:49 2018 +0100
committer: Willy Tarreau <w@1wt.eu> Mon Feb 19 14:15:38 2018 +0100
tree: cde3e079194089520ec2924e080a60e3924018dc
parent: 9ad9f3517ee9e4289a003941a49cf52bd06314e3 [diff] [blame]
diff --git a/include/types/ssl_sock.h b/include/types/ssl_sock.h
index 5bd76ba..c31a496 100644
--- a/include/types/ssl_sock.h
+++ b/include/types/ssl_sock.h

@@ -25,6 +25,8 @@
 #include <openssl/ssl.h>
 #include <ebmbtree.h>
 
+#include <common/hathreads.h>
+
 struct sni_ctx {
 	SSL_CTX *ctx;             /* context associated to the certificate */
 	int order;                /* load order for the certificate */
@@ -54,6 +56,7 @@
 	int unique_id; /* Each pattern reference have unique id. */
 	struct tls_sess_key *tlskeys;
 	int tls_ticket_enc_index;
+	__decl_hathreads(HA_RWLOCK_T lock); /* lock used to protect the ref */
 };
 
 /* shared ssl session */
commit	16f45c87d5f9bf57fa4e7e71546bce352a727425	[log] [tgz]
author	Christopher Faulet <cfaulet@haproxy.com>	Fri Feb 16 11:23:49 2018 +0100
committer	Willy Tarreau <w@1wt.eu>	Mon Feb 19 14:15:38 2018 +0100
tree	cde3e079194089520ec2924e080a60e3924018dc
parent	9ad9f3517ee9e4289a003941a49cf52bd06314e3 [diff] [blame]