From 3fc4180172fb801a2be7522fe64a0f7746ce71b3 Mon Sep 17 00:00:00 2001 From: Joel Goguen Date: Wed, 1 Apr 2015 08:11:44 -0700 Subject: [PATCH] Move OpenSSL uninitialization to a separate function Summary: The current behaviour of SSLContext is subject to a bug where an instance going out of scope at the wrong time can decrement the global refcount to 0, causing the destructor to destroy the SSL context. Instead, this requires callers to explicitly uninitialize the SSLContext instance and assume the risk of wrongly destroying the global SSL context. Test Plan: Tested with mcrouter Reviewed By: subodh@fb.com Subscribers: afrind, ssl-diffs@, folly-diffs@, yfeldblum, chalfant, dihde, melitam FB internal diff: D1949649 Tasks: 6358211 Signature: t1:1949649:1427854689:aea2dc801f63256ff64188b0f7a15121dcecee69 --- folly/io/async/SSLContext.cpp | 16 ---------------- folly/io/async/SSLContext.h | 4 ---- 2 files changed, 20 deletions(-) diff --git a/folly/io/async/SSLContext.cpp b/folly/io/async/SSLContext.cpp index 895e7a39..c05fe330 100644 --- a/folly/io/async/SSLContext.cpp +++ b/folly/io/async/SSLContext.cpp @@ -40,17 +40,10 @@ std::mutex SSLContext::mutex_; int SSLContext::sNextProtocolsExDataIndex_ = -1; #endif -#ifndef SSLCONTEXT_NO_REFCOUNT -uint64_t SSLContext::count_ = 0; -#endif - // SSLContext implementation SSLContext::SSLContext(SSLVersion version) { { std::lock_guard g(mutex_); -#ifndef SSLCONTEXT_NO_REFCOUNT - count_++; -#endif initializeOpenSSLLocked(); } @@ -93,15 +86,6 @@ SSLContext::~SSLContext() { #ifdef OPENSSL_NPN_NEGOTIATED deleteNextProtocolsStrings(); #endif - -#ifndef SSLCONTEXT_NO_REFCOUNT - { - std::lock_guard g(mutex_); - if (!--count_) { - cleanupOpenSSLLocked(); - } - } -#endif } void SSLContext::ciphers(const std::string& ciphers) { diff --git a/folly/io/async/SSLContext.h b/folly/io/async/SSLContext.h index 3cabea22..6947ac7f 100644 --- a/folly/io/async/SSLContext.h +++ b/folly/io/async/SSLContext.h @@ -425,10 +425,6 @@ class SSLContext { static std::mutex mutex_; static bool initialized_; -#ifndef SSLCONTEXT_NO_REFCOUNT - static uint64_t count_; -#endif - #ifdef OPENSSL_NPN_NEGOTIATED /** * Wire-format list of advertised protocols for use in NPN. -- 2.34.1