[SERVER-62970] Separate SSL socket construction from handshake Created: 25/Jan/22  Updated: 29/Oct/23  Resolved: 15/Feb/22

Status: Closed
Project: Core Server
Component/s: Internal Code
Affects Version/s: None
Fix Version/s: 5.3.0

Type: Improvement Priority: Major - P3
Reporter: Amirsaman Memaripour Assignee: Daniel Morilha (Inactive)
Resolution: Fixed Votes: 1
Labels: servicearch-wfbf-day
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
is related to SERVER-62665 Ensure `TransportLayerASIO::TimerServ... Closed
Backwards Compatibility: Fully Compatible
Sprint: Service Arch 2022-2-21
Participants:
Story Points: 2

 Description   

The API that ASIOSession exposes to perform SSL handshake (i.e., handshakeSSLForEgressWithLock) comprises two steps:

  • Constructing a SSL socket from the existing socket.
  • Initiating handshake and returning a future.

To support concurrent accesses to the socket object (e.g., from timers that enforce a timeout for the SSL handshake), the first step is done while holding a mutex:

Future<void> TransportLayerASIO::ASIOSession::handshakeSSLForEgressWithLock(
    stdx::unique_lock<Latch> lk, const HostAndPort& target, const ReactorHandle& reactor) {
    ...
    _sslSocket.emplace(std::move(_socket), *_sslContext->egress, removeFQDNRoot(target.host()));
    lk.unlock();
    ...
    return doHandshake().then([this, target, reactor] {
        ...
    });
}

Separating these steps and ensuring the SSL socket is constructed before setting up timers would obviate the need for having the mutex.



 Comments   
Comment by Githook User [ 17/Feb/22 ]

Author:

{'name': 'Daniel Vitor Morilha', 'email': 'daniel.morilha@mongodb.com', 'username': 'daniel-mdb'}

Message: SERVER-62970 Separate SSL socket construction from handshake
Branch: master
https://github.com/mongodb/mongo/commit/c92b95b22c3290a6235f7952c598c8c5feae669e

Comment by Daniel Morilha (Inactive) [ 11/Feb/22 ]

pulling this ticket into the sprint

Generated at Thu Feb 08 05:56:33 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.