trafficserver-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From shinr...@apache.org
Subject [3/3] trafficserver git commit: TS-3554: Memory load reloading ssl_multicert.config
Date Thu, 23 Apr 2015 19:43:17 GMT
TS-3554: Memory load reloading ssl_multicert.config


Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo
Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/98c87ee5
Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/98c87ee5
Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/98c87ee5

Branch: refs/heads/master
Commit: 98c87ee51b2ad91787b7a9fa2827cab1c03b3d22
Parents: cd4209b
Author: shinrich <shinrich@yahoo-inc.com>
Authored: Thu Apr 23 14:42:39 2015 -0500
Committer: shinrich <shinrich@yahoo-inc.com>
Committed: Thu Apr 23 14:42:39 2015 -0500

----------------------------------------------------------------------
 CHANGES                 |  2 ++
 iocore/net/SSLConfig.cc | 10 +++++++---
 iocore/net/SSLUtils.cc  |  6 +++---
 mgmt/ProxyConfig.cc     |  3 +++
 4 files changed, 15 insertions(+), 6 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/trafficserver/blob/98c87ee5/CHANGES
----------------------------------------------------------------------
diff --git a/CHANGES b/CHANGES
index 1596245..16f365d 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,8 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache Traffic Server 6.0.0
 
+  *) [TS-3554] Memory leak on ssl_multicert.config reload.
+
   *) [TS-3551] Fix LogUtils.cc compile on Illumos.
 
   *) [TS-3548] Fix psiginfo usage on Illumos.

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/98c87ee5/iocore/net/SSLConfig.cc
----------------------------------------------------------------------
diff --git a/iocore/net/SSLConfig.cc b/iocore/net/SSLConfig.cc
index 0fc56d7..74908d3 100644
--- a/iocore/net/SSLConfig.cc
+++ b/iocore/net/SSLConfig.cc
@@ -334,7 +334,7 @@ SSLCertificateConfig::startup()
 
   // Exit if there are problems on the certificate loading and the
   // proxy.config.ssl.server.multicert.exit_on_load_fail is true
-  SSLConfigParams *params = SSLConfig::acquire();
+  SSLConfig::scoped_config params;
   if (!reconfigure() && params->configExitOnLoadError) {
     Error("Problems loading ssl certificate file, %s.  Exiting.", params->configFilePath);
     _exit(1);
@@ -358,11 +358,15 @@ SSLCertificateConfig::reconfigure()
   }
 
   SSLParseCertificateConfiguration(params, lookup);
-  configid = configProcessor.set(configid, lookup);
+  // If there are errors in the certificate configs and we had wanted to exit on error
+  // we won't want to reset the config
+  if (lookup->is_valid || !params->configExitOnLoadError) {
+    configid = configProcessor.set(configid, lookup);
+  }
+
   if (!lookup->is_valid) {
     retStatus = false;
   }
-
   return retStatus;
 }
 

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/98c87ee5/iocore/net/SSLUtils.cc
----------------------------------------------------------------------
diff --git a/iocore/net/SSLUtils.cc b/iocore/net/SSLUtils.cc
index 75a44a7..3648630 100644
--- a/iocore/net/SSLUtils.cc
+++ b/iocore/net/SSLUtils.cc
@@ -267,7 +267,7 @@ set_context_cert(SSL *ssl)
 {
   SSL_CTX *ctx = NULL;
   SSLCertContext *cc = NULL;
-  SSLCertLookup *lookup = SSLCertificateConfig::acquire();
+  SSLCertificateConfig::scoped_config lookup;
   const char *servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
   SSLNetVConnection *netvc = (SSLNetVConnection *)SSL_get_app_data(ssl);
   bool found = true;
@@ -326,7 +326,6 @@ set_context_cert(SSL *ssl)
     goto done;
   }
 done:
-  SSLCertificateConfig::release(lookup);
   return retval;
 }
 
@@ -1886,7 +1885,7 @@ static int
 ssl_callback_session_ticket(SSL *ssl, unsigned char *keyname, unsigned char *iv, EVP_CIPHER_CTX
*cipher_ctx, HMAC_CTX *hctx,
                             int enc)
 {
-  SSLCertLookup *lookup = SSLCertificateConfig::acquire();
+  SSLCertificateConfig::scoped_config lookup;
   SSLNetVConnection *netvc = (SSLNetVConnection *)SSL_get_app_data(ssl);
 
   // Get the IP address to look up the keyblock
@@ -1901,6 +1900,7 @@ ssl_callback_session_ticket(SSL *ssl, unsigned char *keyname, unsigned
char *iv,
   if (cc == NULL || cc->keyblock == NULL) {
     // No, key specified.  Must fail out at this point.
     // Alternatively we could generate a random key
+    
     return -1;
   }
   ssl_ticket_key_block *keyblock = cc->keyblock;

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/98c87ee5/mgmt/ProxyConfig.cc
----------------------------------------------------------------------
diff --git a/mgmt/ProxyConfig.cc b/mgmt/ProxyConfig.cc
index bd06063..6ee1687 100644
--- a/mgmt/ProxyConfig.cc
+++ b/mgmt/ProxyConfig.cc
@@ -154,6 +154,8 @@ ConfigProcessor::set(unsigned int id, ConfigInfo *info, unsigned timeout_secs)
     old_info = infos[idx];
   } while (!ink_atomic_cas(&infos[idx], old_info, info));
 
+  Debug("config", "Set for slot %d 0x%" PRId64 " was 0x%" PRId64 " with ref count %d", id,
(int64_t)info, (int64_t)old_info, (old_info) ? old_info->refcount():0);
+
   if (old_info) {
     // The ConfigInfoReleaser now takes our refcount, but
     // someother thread might also have one ...
@@ -204,6 +206,7 @@ ConfigProcessor::release(unsigned int id, ConfigInfo *info)
 
   if (info->refcount_dec() == 0) {
     // When we release, we should already have replaced this object in the index.
+    Debug("config", "Release config %d 0x%" PRId64,  id, (int64_t)info);
     ink_release_assert(info != this->infos[idx]);
     delete info;
   }


Mime
View raw message