[SERVER-54328] Refactor creation of transient SSLConnectionContext to own its own instance of SSLManagerInterface Created: 05/Feb/21 Updated: 29/Oct/23 Resolved: 14/Feb/21 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | 5.0.0 |
| Type: | Task | Priority: | Major - P3 |
| Reporter: | Andrew Shuvalov (Inactive) | Assignee: | Andrew Shuvalov (Inactive) |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | pm-1791_milestone-P | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||
| Backwards Compatibility: | Fully Compatible | ||||||||||||||||
| Sprint: | Sharding 2021-02-22 | ||||||||||||||||
| Participants: | |||||||||||||||||
| Linked BF Score: | 36 | ||||||||||||||||
| Description |
|
At this point we have a bug when all existing instances of the SSLConnectionContext share the same SSLManagerInterface instance in `manager` field. This is not correct, because each instance of SSLManagerInterface (SSLManagerOpenSSL) owns its own copy of SSLConfiguration as `_sslConfiguration`. SSLConfiguration must not be shared between the global manager and each transient manager instance created with specific transient params for inter-cluster communications. The SSLManagerCoordinator should be enhanced to create a non-global instance of SSLManagerInterface. The `SSLManagerOpenSSL::initSSLContext()` and all methods it invokes should be refactored to be stateless and const. Thanks mark.benvenuto for explaining the problem. |
| Comments |
| Comment by Githook User [ 12/Feb/21 ] |
|
Author: {'name': 'Andrew Shuvalov', 'email': 'andrew.shuvalov@mongodb.com', 'username': 'shuvalov-mdb'}Message: |
| Comment by Githook User [ 11/Feb/21 ] |
|
Author: {'name': 'Gregory Wlodarek', 'email': 'gregory.wlodarek@mongodb.com', 'username': 'GWlodarek'}Message: Revert " This reverts commit 8e1cd3402cc0c27d1332ac78a93919bd17d3d556. |
| Comment by Githook User [ 11/Feb/21 ] |
|
Author: {'name': 'Gregory Wlodarek', 'email': 'gregory.wlodarek@mongodb.com', 'username': 'GWlodarek'}Message: Revert " This reverts commit b731eff97e575dfc6673065eb61cf26bd7644f58. |
| Comment by Andrew Shuvalov (Inactive) [ 11/Feb/21 ] |
|
It is essentially a bugfix, must be included. |
| Comment by Githook User [ 11/Feb/21 ] |
|
Author: {'name': 'Andrew Shuvalov', 'email': 'andrew.shuvalov@mongodb.com', 'username': 'shuvalov-mdb'}Message: |
| Comment by Githook User [ 11/Feb/21 ] |
|
Author: {'name': 'Andrew Shuvalov', 'email': 'andrew.shuvalov@mongodb.com', 'username': 'shuvalov-mdb'}Message: |
| Comment by Andrew Shuvalov (Inactive) [ 05/Feb/21 ] |
|
Added to Sprint because this is a blocker for the 2 other bugs. |