Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

dnsdist: Use per-thread credentials for GnuTLS client connections #10841

Merged
merged 1 commit into from Oct 18, 2021

Conversation

rgacogne
Copy link
Member

Short description

It looks like there is a race in some versions when the credentials are shared between several threads opening TLS client connections, so for now we make sure these objects are not shared.
Also make sure that the SSL_CTX object for OpenSSL client connections is alive as long as there is still a connection using it, even if the backend is removed.

Checklist

I have:

  • read the CONTRIBUTING.md document
  • compiled this code
  • tested this code
  • included documentation (including possible behaviour changes)
  • documented the code
  • added or modified regression test(s)
  • added or modified unit test(s)

It looks like there is a race in some versions when the credentials
are shared between several threads opening TLS client connections.
@rgacogne rgacogne added this to the dnsdist-1.7.0-alpha2 milestone Oct 13, 2021
@rgacogne rgacogne merged commit f521631 into PowerDNS:master Oct 18, 2021
@rgacogne rgacogne deleted the ddist-gnutls-client-creds branch October 18, 2021 10:16
@rgacogne
Copy link
Member Author

For the record, the issue in GnuTLS has been fixed in 3.7.3, see https://gitlab.com/gnutls/gnutls/-/issues/1277

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants