Summary:
Add a method where users can determine if a SSL lock is disabled.
This can help when it comes to making decisions about things like whether reusing SSL Contexts is safe in multithreaded programs.
Reviewed By: siyengar
Differential Revision:
D4875780
fbshipit-source-id:
91e9259fee25856be1b77823559d16d0679bde5b
lockTypes() = inLockTypes;
}
lockTypes() = inLockTypes;
}
+bool SSLContext::isSSLLockDisabled(int lockId) {
+ const auto& sslLocks = lockTypes();
+ const auto it = sslLocks.find(lockId);
+ return it != sslLocks.end() &&
+ it->second == SSLContext::SSLLockType::LOCK_NONE;
+}
+
#if defined(SSL_MODE_HANDSHAKE_CUTTHROUGH)
void SSLContext::enableFalseStart() {
SSL_CTX_set_mode(ctx_, SSL_MODE_HANDSHAKE_CUTTHROUGH);
#if defined(SSL_MODE_HANDSHAKE_CUTTHROUGH)
void SSLContext::enableFalseStart() {
SSL_CTX_set_mode(ctx_, SSL_MODE_HANDSHAKE_CUTTHROUGH);
*/
static void setSSLLockTypes(std::map<int, SSLLockType> lockTypes);
*/
static void setSSLLockTypes(std::map<int, SSLLockType> lockTypes);
+ /**
+ * Determine if the SSL lock with the specified id (i.e.
+ * CRYPTO_LOCK_SSL_SESSION) is disabled. This should be called after
+ * initializeOpenSSL. This will only check if the specified lock has been
+ * explicitly set to LOCK_NONE.
+ *
+ * This is not safe to call while setSSLLockTypes is being called.
+ */
+ static bool isSSLLockDisabled(int lockId);
+
/**
* Examine OpenSSL's error stack, and return a string description of the
* errors.
/**
* Examine OpenSSL's error stack, and return a string description of the
* errors.
EXPECT_TRUE(f.within(std::chrono::seconds(3)).get());
}
EXPECT_TRUE(f.within(std::chrono::seconds(3)).get());
}
+TEST(AsyncSSLSocketTest2, SSLContextLocks) {
+ SSLContext::initializeOpenSSL();
+// these are checks based on the locks that are set in the main below
+#ifdef CRYPTO_LOCK_EVP_PKEY
+ EXPECT_TRUE(SSLContext::isSSLLockDisabled(CRYPTO_LOCK_EVP_PKEY));
+#endif
+#ifdef CRYPTO_LOCK_SSL_SESSION
+ EXPECT_FALSE(SSLContext::isSSLLockDisabled(CRYPTO_LOCK_SSL_SESSION));
+#endif
+#ifdef CRYPTO_LOCK_ERR
+ EXPECT_FALSE(SSLContext::isSSLLockDisabled(CRYPTO_LOCK_ERR));
+#endif
+}
+
} // folly
int main(int argc, char *argv[]) {
} // folly
int main(int argc, char *argv[]) {