TLS cleanup

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

TLS cleanup

Dan Pascu

I noticed that tls_conn_clean() is not called with a lock. All other SSL operations that reads/writes to the connection will lock it with conn->write_lock. tls_conn_clean() ends up calling SSL_shutdown() which will write to the connection as SSL shutdown implies an exchange with the other endpoint.

It also seems that conn->write_lock is destroyed right before calling conn_clean(), so at the moment it can't even be used.

Can someone with a better understanding of the way SSL code interacts with the multi-process nature of opensips take a look and check if we really do not need to call tls_conn_clean() with a lock?

--
Dan





_______________________________________________
Devel mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/devel
Reply | Threaded
Open this post in threaded view
|

Re: TLS cleanup

Răzvan Crainea-2
Hi, Dan!

When the code hits the _tcpconn_rm function, the connection is taken out
of the connections hash, therefore there's no one who can come to fetch
the connection and do anything with it.
That's why, I'd argue it is safe to run the tls_conn_clean() out of the
write lock.

Best regards,
Răzvan

On 1/13/20 3:14 PM, Dan Pascu wrote:

>
> I noticed that tls_conn_clean() is not called with a lock. All other SSL operations that reads/writes to the connection will lock it with conn->write_lock. tls_conn_clean() ends up calling SSL_shutdown() which will write to the connection as SSL shutdown implies an exchange with the other endpoint.
>
> It also seems that conn->write_lock is destroyed right before calling conn_clean(), so at the moment it can't even be used.
>
> Can someone with a better understanding of the way SSL code interacts with the multi-process nature of opensips take a look and check if we really do not need to call tls_conn_clean() with a lock?
>
> --
> Dan
>
>
>
>
>
> _______________________________________________
> Devel mailing list
> [hidden email]
> http://lists.opensips.org/cgi-bin/mailman/listinfo/devel
>

--
Răzvan Crainea
OpenSIPS Core Developer
   http://www.opensips-solutions.com

_______________________________________________
Devel mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/devel