From: | Stephen Frost <sfrost(at)snowman(dot)net> |
---|---|
To: | pgsql-committers(at)postgresql(dot)org |
Subject: | pgsql: Add locking around SSL_context usage in libpq |
Date: | 2013-08-01 05:33:12 |
Message-ID: | E1V4lVg-0006BY-Jj@gemulon.postgresql.org |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-committers |
Add locking around SSL_context usage in libpq
I've been working with Nick Phillips on an issue he ran into when
trying to use threads with SSL client certificates. As it turns out,
the call in initialize_SSL() to SSL_CTX_use_certificate_chain_file()
will modify our SSL_context without any protection from other threads
also calling that function or being at some other point and trying to
read from SSL_context.
To protect against this, I've written up the attached (based on an
initial patch from Nick and much subsequent discussion) which puts
locks around SSL_CTX_use_certificate_chain_file() and all of the other
users of SSL_context which weren't already protected.
Nick Phillips, much reworked by Stephen Frost
Back-patch to 9.0 where we started loading the cert directly instead of
using a callback.
Branch
------
master
Details
-------
http://git.postgresql.org/pg/commitdiff/aad2a630b1b163038ea904e16a59e409020f5828
Modified Files
--------------
src/interfaces/libpq/fe-secure.c | 56 ++++++++++++++++++++++++++++++++++++--
1 file changed, 53 insertions(+), 3 deletions(-)
From | Date | Subject | |
---|---|---|---|
Next Message | Robert Haas | 2013-08-01 14:54:29 | pgsql: Remove SnapshotNow and HeapTupleSatisfiesNow. |
Previous Message | Stephen Frost | 2013-08-01 05:13:37 | pgsql: Allow a context to be passed in for error handling |