[ovs-dev] [PATCH branch-2.11] stream-ssl: Make 'stream_ssl_set_key_and_cert' atomic

Thomas Neuman thomas.neuman at nutanix.com
Mon Nov 23 22:23:25 UTC 2020


 From 417ed338179d9856334e9b738abd71952581785a Mon Sep 17 00:00:00 2001
From: Thomas Neuman <thomas.neuman at nutanix.com>
Date: Mon, 23 Nov 2020 21:02:08 +0000
Subject: [PATCH branch-2.11] stream-ssl: Make 'stream_ssl_set_key_and_cert'
  atomic

When attempting to set the SSL key and cert via this function,
first we check whether both the private key and certificate have
been changed, via a pair of calls to 'update_ssl_config'. However,
these calls modify the config which are being checked for changes.
In order for updates to be recognized atomically with respect to
the two files, we need to revert any changes made during the check.

Signed-off-by: Thomas Neuman <thomas.neuman at nutanix.com>
---
  lib/stream-ssl.c | 13 +++++++++----
  1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/lib/stream-ssl.c b/lib/stream-ssl.c
index 343dced58..7bcc37864 100644
--- a/lib/stream-ssl.c
+++ b/lib/stream-ssl.c
@@ -1161,10 +1161,15 @@ void
  stream_ssl_set_key_and_cert(const char *private_key_file,
                              const char *certificate_file)
  {
-    if (update_ssl_config(&private_key, private_key_file)
-        && update_ssl_config(&certificate, certificate_file)) {
-        stream_ssl_set_certificate_file__(certificate_file);
-        stream_ssl_set_private_key_file__(private_key_file);
+    struct timespec orig_mtime = private_key.mtime;
+    if (update_ssl_config(&private_key, private_key_file)) {
+        if (update_ssl_config(&certificate, certificate_file)) {
+            stream_ssl_set_certificate_file__(certificate_file);
+            stream_ssl_set_private_key_file__(private_key_file);
+        } else {
+            // Revert the change performed by 'update_ssl_config'.
+            private_key.mtime = orig_mtime;
+        }
      }
  }

--
2.22.3



More information about the dev mailing list