From deb1f4336ce5a795e21997e2c394347c00063800 Mon Sep 17 00:00:00 2001 From: Ben Pfaff Date: Thu, 18 Mar 2010 16:08:32 -0700 Subject: [PATCH] stream-ssl: Permit race in bootstrapping CA certificate. If two processes were both configured to bootstrap the CA certificate, then one of them would succeed in writing it to a file and use it, and the other one would fail to use it because the file was created behind its back. This commit fixes the problem by making the bootstrap code accept a CA certificate file that exists at the time that bootstrapping tries to create it. --- lib/stream-ssl.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/lib/stream-ssl.c b/lib/stream-ssl.c index 51ce3063..004a5e4f 100644 --- a/lib/stream-ssl.c +++ b/lib/stream-ssl.c @@ -327,9 +327,16 @@ do_ca_cert_bootstrap(struct stream *stream) fd = open(ca_cert_file, O_CREAT | O_EXCL | O_WRONLY, 0444); if (fd < 0) { - VLOG_ERR("could not bootstrap CA cert: creating %s failed: %s", - ca_cert_file, strerror(errno)); - return errno; + if (errno == EEXIST) { + VLOG_INFO("reading CA cert %s created by another process", + ca_cert_file); + stream_ssl_set_ca_cert_file(ca_cert_file, true); + return EPROTO; + } else { + VLOG_ERR("could not bootstrap CA cert: creating %s failed: %s", + ca_cert_file, strerror(errno)); + return errno; + } } file = fdopen(fd, "w"); -- 2.30.2