From: Ben Pfaff <blp@nicira.com>
Date: Thu, 18 Mar 2010 23:08:32 +0000 (-0700)
Subject: stream-ssl: Permit race in bootstrapping CA certificate.
X-Git-Url: https://pintos-os.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=deb1f4336ce5a795e21997e2c394347c00063800;p=openvswitch

stream-ssl: Permit race in bootstrapping CA certificate.

If two processes were both configured to bootstrap the CA certificate, then
one of them would succeed in writing it to a file and use it, and the other
one would fail to use it because the file was created behind its back.
This commit fixes the problem by making the bootstrap code accept a CA
certificate file that exists at the time that bootstrapping tries to create
it.
---

diff --git a/lib/stream-ssl.c b/lib/stream-ssl.c
index 51ce3063..004a5e4f 100644
--- a/lib/stream-ssl.c
+++ b/lib/stream-ssl.c
@@ -327,9 +327,16 @@ do_ca_cert_bootstrap(struct stream *stream)
 
     fd = open(ca_cert_file, O_CREAT | O_EXCL | O_WRONLY, 0444);
     if (fd < 0) {
-        VLOG_ERR("could not bootstrap CA cert: creating %s failed: %s",
-                 ca_cert_file, strerror(errno));
-        return errno;
+        if (errno == EEXIST) {
+            VLOG_INFO("reading CA cert %s created by another process",
+                      ca_cert_file);
+            stream_ssl_set_ca_cert_file(ca_cert_file, true);
+            return EPROTO;
+        } else {
+            VLOG_ERR("could not bootstrap CA cert: creating %s failed: %s",
+                     ca_cert_file, strerror(errno));
+            return errno;
+        }
     }
 
     file = fdopen(fd, "w");