From e4659ac4acd5e7a69884a74edc51206257e1576d Mon Sep 17 00:00:00 2001 From: Steve Watanabe Date: Wed, 19 Oct 2022 12:16:45 -0700 Subject: [PATCH] MB-53540 [BP] pass PKey to ns_ssl_services_setup process as a fun ...so it doesn't show up in the logs if the process crashes This is a backport of MB-51603 Change-Id: I92c7a4f6ef0d6ccd665bba77219a814b42ecc758 Reviewed-on: https://review.couchbase.org/c/ns_server/+/181555 Well-Formed: Restriction Checker Reviewed-by: Timofey Barmin Tested-by: Build Bot --- src/ns_ssl_services_setup.erl | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/src/ns_ssl_services_setup.erl b/src/ns_ssl_services_setup.erl index 13ddec9c1c..3f79ec56fd 100644 --- a/src/ns_ssl_services_setup.erl +++ b/src/ns_ssl_services_setup.erl @@ -433,7 +433,9 @@ sync() -> ok = gen_server:call(?MODULE, ping, infinity). set_node_certificate_chain(Props, CAChain, Cert, PKey) -> - gen_server:call(?MODULE, {set_node_certificate_chain, Props, CAChain, Cert, PKey}, infinity). + gen_server:call( + ?MODULE, {set_node_certificate_chain, Props, CAChain, Cert, + fun () -> PKey end}, infinity). build_hash(Data) -> crypto:hash(sha256, term_to_binary(Data)). @@ -501,7 +503,8 @@ config_change_detector_loop({{security_settings, ns_server}, _}, Parent) -> config_change_detector_loop(_OtherEvent, Parent) -> Parent. -handle_call({set_node_certificate_chain, Props, CAChain, Cert, PKey}, _From, State) -> +handle_call({set_node_certificate_chain, Props, CAChain, Cert, PKeyFun}, + _From, State) -> CAChainFile = user_set_ca_chain_path(), CanUpdateChain = case file:read_file(CAChainFile) of @@ -515,7 +518,7 @@ handle_call({set_node_certificate_chain, Props, CAChain, Cert, PKey}, _From, Sta ok = misc:atomic_write_file(CAChainFile, CAChain), ok = misc:atomic_write_file(user_set_cert_path(), Cert), - ok = misc:atomic_write_file(user_set_key_path(), PKey), + ok = misc:atomic_write_file(user_set_key_path(), PKeyFun()), ns_config:set({node, node(), cert}, Props), self() ! cert_and_pkey_changed,