Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-57601

OCSPFetcher must verify that the SSLConnectionContext that owns SSLManagerOpenSSL is still valid

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 5.0.0-rc5, 5.1.0-rc0
    • Component/s: None
    • Labels:
    • Backwards Compatibility:
      Fully Compatible
    • Operating System:
      ALL
    • Backport Requested:
      v5.0, v4.4
    • Sprint:
      Sharding 2021-06-14, Sharding 2021-06-28
    • Linked BF Score:
      150

      Description

      While OCSPFetcher periodic job owns the refcount to 
      SSLManagerOpenSSL there is a possibility of race that the SSLConnectionContext that owns this manager is already deleted. Indeed, the SSLConnectionContext is passed as shared pointer in many places and its exact deletion moment is hard to predict. At the same time the SSLManagerOpenSSL may outlive the SSLConnectionContext that owns it because the refcount to it is owned by the OCSPFetcher callback itself.

      The fetcher shutdown() is invoked from ~SSLManagerOpenSSL() -> stopJobs(), but as described above the manager itself is owned by the OCSPFetcher so it will not shutdown itself at all.

       

        Attachments

          Activity

            People

            Assignee:
            andrew.shuvalov Andrew Shuvalov
            Reporter:
            andrew.shuvalov Andrew Shuvalov
            Participants:
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: