Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-57601

OCSPFetcher must verify that the SSLConnectionContext that owns SSLManagerOpenSSL is still valid

    • Type: Icon: Bug Bug
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 5.0.0-rc5, 5.1.0-rc0
    • Affects Version/s: None
    • Component/s: None
    • Labels:
    • Fully Compatible
    • ALL
    • v5.0, v4.4
    • Sharding 2021-06-14, Sharding 2021-06-28
    • 150

      While OCSPFetcher periodic job owns the refcount to 
      SSLManagerOpenSSL there is a possibility of race that the SSLConnectionContext that owns this manager is already deleted. Indeed, the SSLConnectionContext is passed as shared pointer in many places and its exact deletion moment is hard to predict. At the same time the SSLManagerOpenSSL may outlive the SSLConnectionContext that owns it because the refcount to it is owned by the OCSPFetcher callback itself.

      The fetcher shutdown() is invoked from ~SSLManagerOpenSSL() -> stopJobs(), but as described above the manager itself is owned by the OCSPFetcher so it will not shutdown itself at all.


            andrew.shuvalov@mongodb.com Andrew Shuvalov (Inactive)
            andrew.shuvalov@mongodb.com Andrew Shuvalov (Inactive)
            0 Vote for this issue
            5 Start watching this issue