Summary:
The current behaviour of SSLContext is subject to a bug where an instance going
out of scope at the wrong time can decrement the global refcount to 0, causing
the destructor to destroy the SSL context. Instead, this requires callers to
explicitly uninitialize the SSLContext instance and assume the risk of wrongly
destroying the global SSL context.
Test Plan:
Tested with mcrouter
Reviewed By: subodh@fb.com
Subscribers: afrind, ssl-diffs@, folly-diffs@, yfeldblum, chalfant, dihde, melitam
FB internal diff:
D1949649
Tasks:
6358211
Signature: t1:
1949649:
1427854689:
aea2dc801f63256ff64188b0f7a15121dcecee69
int SSLContext::sNextProtocolsExDataIndex_ = -1;
#endif
-#ifndef SSLCONTEXT_NO_REFCOUNT
-uint64_t SSLContext::count_ = 0;
-#endif
-
// SSLContext implementation
SSLContext::SSLContext(SSLVersion version) {
{
std::lock_guard<std::mutex> g(mutex_);
-#ifndef SSLCONTEXT_NO_REFCOUNT
- count_++;
-#endif
initializeOpenSSLLocked();
}
#ifdef OPENSSL_NPN_NEGOTIATED
deleteNextProtocolsStrings();
#endif
-
-#ifndef SSLCONTEXT_NO_REFCOUNT
- {
- std::lock_guard<std::mutex> g(mutex_);
- if (!--count_) {
- cleanupOpenSSLLocked();
- }
- }
-#endif
}
void SSLContext::ciphers(const std::string& ciphers) {
static std::mutex mutex_;
static bool initialized_;
-#ifndef SSLCONTEXT_NO_REFCOUNT
- static uint64_t count_;
-#endif
-
#ifdef OPENSSL_NPN_NEGOTIATED
/**
* Wire-format list of advertised protocols for use in NPN.