[SERVER-54328] Refactor creation of transient SSLConnectionContext to own its own instance of SSLManagerInterface Created: 05/Feb/21  Updated: 29/Oct/23  Resolved: 14/Feb/21

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: 5.0.0

Type: Task Priority: Major - P3
Reporter: Andrew Shuvalov (Inactive) Assignee: Andrew Shuvalov (Inactive)
Resolution: Fixed Votes: 0
Labels: pm-1791_milestone-P
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
is depended on by SERVER-54090 SSLConfiguration use after free when ... Closed
is depended on by SERVER-53168 Support 50 concurrent migrations on a... Closed
Problem/Incident
Backwards Compatibility: Fully Compatible
Sprint: Sharding 2021-02-22
Participants:
Linked BF Score: 36

 Description   

At this point we have a bug when all existing instances of the SSLConnectionContext share the same SSLManagerInterface instance in `manager` field. This is not correct, because each instance of SSLManagerInterface (SSLManagerOpenSSL) owns its own copy of SSLConfiguration as `_sslConfiguration`.

SSLConfiguration must not be shared between the global manager and each transient manager instance created with specific transient params for inter-cluster communications.

The SSLManagerCoordinator should be enhanced to create a non-global instance of SSLManagerInterface. The `SSLManagerOpenSSL::initSSLContext()` and all methods it invokes should be refactored to be stateless and const.

Thanks mark.benvenuto for explaining the problem.



 Comments   
Comment by Githook User [ 12/Feb/21 ]

Author:

{'name': 'Andrew Shuvalov', 'email': 'andrew.shuvalov@mongodb.com', 'username': 'shuvalov-mdb'}

Message: SERVER-54328: Refactor creation of transient SSLConnectionContext to own its own instance of SSLManagerInterface
Branch: master
https://github.com/mongodb/mongo/commit/7a265353d9fd5c6bc1975a513db6a060aa2d9fda

Comment by Githook User [ 11/Feb/21 ]

Author:

{'name': 'Gregory Wlodarek', 'email': 'gregory.wlodarek@mongodb.com', 'username': 'GWlodarek'}

Message: Revert "SERVER-54328: Refactor creation of transient SSLConnectionContext to own its own instance of SSLManagerInterface"

This reverts commit 8e1cd3402cc0c27d1332ac78a93919bd17d3d556.
Branch: master
https://github.com/mongodb/mongo/commit/3b4f12abc5d118ea461c4613b7d2475f6c4284cf

Comment by Githook User [ 11/Feb/21 ]

Author:

{'name': 'Gregory Wlodarek', 'email': 'gregory.wlodarek@mongodb.com', 'username': 'GWlodarek'}

Message: Revert "SERVER-54328: Refactor creation of transient SSLConnectionContext to own its own instance of SSLManagerInterface"

This reverts commit b731eff97e575dfc6673065eb61cf26bd7644f58.
Branch: master
https://github.com/mongodb/mongo/commit/330a7b661f2d2f49b638f63508af1b4a2974534a

Comment by Andrew Shuvalov (Inactive) [ 11/Feb/21 ]

It is essentially a bugfix, must be included.

Comment by Githook User [ 11/Feb/21 ]

Author:

{'name': 'Andrew Shuvalov', 'email': 'andrew.shuvalov@mongodb.com', 'username': 'shuvalov-mdb'}

Message: SERVER-54328: Refactor creation of transient SSLConnectionContext to own its own instance of SSLManagerInterface
Branch: master
https://github.com/mongodb/mongo/commit/b731eff97e575dfc6673065eb61cf26bd7644f58

Comment by Githook User [ 11/Feb/21 ]

Author:

{'name': 'Andrew Shuvalov', 'email': 'andrew.shuvalov@mongodb.com', 'username': 'shuvalov-mdb'}

Message: SERVER-54328: Refactor creation of transient SSLConnectionContext to own its own instance of SSLManagerInterface
Branch: master
https://github.com/mongodb/mongo/commit/8e1cd3402cc0c27d1332ac78a93919bd17d3d556

Comment by Andrew Shuvalov (Inactive) [ 05/Feb/21 ]

Added to Sprint because this is a blocker for the 2 other bugs.

Generated at Thu Feb 08 05:33:14 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.