[OpenSIPS-Devel] TLS cleanup

Răzvan Crainea razvan at opensips.org
Tue Jan 14 06:54:36 EST 2020


Hi, Dan!

When the code hits the _tcpconn_rm function, the connection is taken out 
of the connections hash, therefore there's no one who can come to fetch 
the connection and do anything with it.
That's why, I'd argue it is safe to run the tls_conn_clean() out of the 
write lock.

Best regards,
Răzvan

On 1/13/20 3:14 PM, Dan Pascu wrote:
> 
> I noticed that tls_conn_clean() is not called with a lock. All other SSL operations that reads/writes to the connection will lock it with conn->write_lock. tls_conn_clean() ends up calling SSL_shutdown() which will write to the connection as SSL shutdown implies an exchange with the other endpoint.
> 
> It also seems that conn->write_lock is destroyed right before calling conn_clean(), so at the moment it can't even be used.
> 
> Can someone with a better understanding of the way SSL code interacts with the multi-process nature of opensips take a look and check if we really do not need to call tls_conn_clean() with a lock?
> 
> --
> Dan
> 
> 
> 
> 
> 
> _______________________________________________
> Devel mailing list
> Devel at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/devel
> 

-- 
Răzvan Crainea
OpenSIPS Core Developer
   http://www.opensips-solutions.com



More information about the Devel mailing list