Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-57601

OCSPFetcher must verify that the SSLConnectionContext that owns SSLManagerOpenSSL is still valid

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Major - P3
    • Resolution: Fixed
    • None
    • 5.0.0-rc5, 5.1.0-rc0
    • None
    • Fully Compatible
    • ALL
    • v5.0, v4.4
    • Sharding 2021-06-14, Sharding 2021-06-28
    • 150

    Description

      While OCSPFetcher periodic job owns the refcount to 
      SSLManagerOpenSSL there is a possibility of race that the SSLConnectionContext that owns this manager is already deleted. Indeed, the SSLConnectionContext is passed as shared pointer in many places and its exact deletion moment is hard to predict. At the same time the SSLManagerOpenSSL may outlive the SSLConnectionContext that owns it because the refcount to it is owned by the OCSPFetcher callback itself.

      The fetcher shutdown() is invoked from ~SSLManagerOpenSSL() -> stopJobs(), but as described above the manager itself is owned by the OCSPFetcher so it will not shutdown itself at all.

       

      Attachments

        Activity

          People

            andrew.shuvalov@mongodb.com Andrew Shuvalov
            andrew.shuvalov@mongodb.com Andrew Shuvalov
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: