2019-11-18
2019-11-18 15:05:26 by Henrik Grubbström (Grubba) <grubba@grubba.org>
-
4be1bab6519c8d0038bb40874d9182ce45557690
(26 lines)
(+15/-11)
[
Show
| Annotate
]
Branch: 6f7e7292686ee9d340eda4aa326e5574f9f6e52c
StartTLSProtocol: Get rid of race on certificate change.
2500:
} while (0)
#if constant(SSL.Constants.PROTOCOL_TLS_MAX)
- protected void set_version()
+ protected void set_version(SSLContext|void ctx)
{
-
+ if (!ctx) ctx = this_program::ctx;
ctx->min_version = query("ssl_min_version");
}
#endif
- protected void filter_preferred_suites()
+ protected void filter_preferred_suites(SSLContext|void ctx)
{
-
+ if (!ctx) ctx = this_program::ctx;
#if constant(SSL.ServerConnection)
int mode = query("ssl_suite_filter");
int bits = query("ssl_key_bits");
2537: Inside #if constant(SSL.ServerConnection)
suites = ctx->preferred_suites;
if (ctx->min_version < query("ssl_min_version")) {
- set_version();
+ set_version(ctx);
}
} else {
suites = ctx->get_suites(bits, 1);
// Make sure the min version is restored in case we've
// switched from Suite B.
- set_version();
+ set_version(ctx);
}
if (mode & 4) {
// Ephemeral suites only.
2633:
// FIXME: Only do this if there are certs loaded?
// We must reset the set of certificates.
- // NB: Race condition here where the new SSLContext is
- // live before it has been configured completely.
- ctx = SSLContext();
- set_version();
- filter_preferred_suites();
+ SSLContext ctx = SSLContext();
+ ctx->random = Crypto.Random.random_string;
+ set_version(ctx);
+ filter_preferred_suites(ctx);
foreach(keypairs, int keypair_id) {
array(Crypto.Sign.State|array(string)) keypair =
2661:
}
#endif
+ this_program::ctx = ctx;
+
if (!bound) {
bind (ignore_eaddrinuse);
if (old_cert_failure && bound)
2944:
::setup(pn, i);
#if constant(SSL.Constants.PROTOCOL_TLS_MAX)
- set_version();
+ set_version(ctx);
#endif
- filter_preferred_suites();
+ filter_preferred_suites(ctx);
certificates_changed (0, ignore_eaddrinuse);