From: Joel Goguen Date: Wed, 1 Apr 2015 15:11:44 +0000 (-0700) Subject: Move OpenSSL uninitialization to a separate function X-Git-Tag: v0.33.0~12 X-Git-Url: http://plrg.eecs.uci.edu/git/?a=commitdiff_plain;h=3fc4180172fb801a2be7522fe64a0f7746ce71b3;p=folly.git Move OpenSSL uninitialization to a separate function Summary: The current behaviour of SSLContext is subject to a bug where an instance going out of scope at the wrong time can decrement the global refcount to 0, causing the destructor to destroy the SSL context. Instead, this requires callers to explicitly uninitialize the SSLContext instance and assume the risk of wrongly destroying the global SSL context. Test Plan: Tested with mcrouter Reviewed By: subodh@fb.com Subscribers: afrind, ssl-diffs@, folly-diffs@, yfeldblum, chalfant, dihde, melitam FB internal diff: D1949649 Tasks: 6358211 Signature: t1:1949649:1427854689:aea2dc801f63256ff64188b0f7a15121dcecee69 --- diff --git a/folly/io/async/SSLContext.cpp b/folly/io/async/SSLContext.cpp index 895e7a39..c05fe330 100644 --- a/folly/io/async/SSLContext.cpp +++ b/folly/io/async/SSLContext.cpp @@ -40,17 +40,10 @@ std::mutex SSLContext::mutex_; int SSLContext::sNextProtocolsExDataIndex_ = -1; #endif -#ifndef SSLCONTEXT_NO_REFCOUNT -uint64_t SSLContext::count_ = 0; -#endif - // SSLContext implementation SSLContext::SSLContext(SSLVersion version) { { std::lock_guard g(mutex_); -#ifndef SSLCONTEXT_NO_REFCOUNT - count_++; -#endif initializeOpenSSLLocked(); } @@ -93,15 +86,6 @@ SSLContext::~SSLContext() { #ifdef OPENSSL_NPN_NEGOTIATED deleteNextProtocolsStrings(); #endif - -#ifndef SSLCONTEXT_NO_REFCOUNT - { - std::lock_guard g(mutex_); - if (!--count_) { - cleanupOpenSSLLocked(); - } - } -#endif } void SSLContext::ciphers(const std::string& ciphers) { diff --git a/folly/io/async/SSLContext.h b/folly/io/async/SSLContext.h index 3cabea22..6947ac7f 100644 --- a/folly/io/async/SSLContext.h +++ b/folly/io/async/SSLContext.h @@ -425,10 +425,6 @@ class SSLContext { static std::mutex mutex_; static bool initialized_; -#ifndef SSLCONTEXT_NO_REFCOUNT - static uint64_t count_; -#endif - #ifdef OPENSSL_NPN_NEGOTIATED /** * Wire-format list of advertised protocols for use in NPN.