Skip to content

Commit 8f87184

Browse files
thevar1ablethevar1able
authored
Merge pull request ClickHouse#80229 from ClickHouse/revert-79383-poco-backport-openssl-buf-fix
Revert "Backport Poco fix for concurrent SecureStreamSocket access"
2 parents 9ee265d + 02884b7 commit 8f87184

File tree

2 files changed

+7
-41
lines changed

2 files changed

+7
-41
lines changed

base/poco/NetSSL_OpenSSL/include/Poco/Net/SecureSocketImpl.h

Lines changed: 1 addition & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -236,21 +236,16 @@ namespace Net
236236
/// to be able to re-use it again.
237237

238238
private:
239-
using MutexT = Poco::FastMutex;
240-
using LockT = MutexT::ScopedLock;
241-
using UnLockT = Poco::ScopedLockWithUnlock<MutexT>;
242-
243239
SecureSocketImpl(const SecureSocketImpl &);
244240
SecureSocketImpl & operator=(const SecureSocketImpl &);
245241

246242
mutable std::recursive_mutex _mutex;
247-
std::atomic<SSL *> _pSSL;
243+
SSL * _pSSL; // GUARDED_BY _mutex
248244
Poco::AutoPtr<SocketImpl> _pSocket;
249245
Context::Ptr _pContext;
250246
bool _needHandshake;
251247
std::string _peerHostName;
252248
Session::Ptr _pSession;
253-
mutable MutexT _ssl_mutex;
254249

255250
friend class SecureStreamSocketImpl;
256251

base/poco/NetSSL_OpenSSL/src/SecureSocketImpl.cpp

Lines changed: 6 additions & 35 deletions
Original file line numberDiff line numberDiff line change
@@ -103,8 +103,6 @@ void SecureSocketImpl::acceptSSL()
103103
std::lock_guard<std::recursive_mutex> lock(_mutex);
104104
poco_assert (!_pSSL);
105105

106-
LockT l(_ssl_mutex);
107-
108106
BIO* pBIO = BIO_new(BIO_s_socket());
109107
if (!pBIO) throw SSLException("Cannot create BIO object");
110108
BIO_set_fd(pBIO, static_cast<int>(_pSocket->sockfd()), BIO_NOCLOSE);
@@ -171,8 +169,6 @@ void SecureSocketImpl::connectSSL(bool performHandshake)
171169
poco_assert (!_pSSL);
172170
poco_assert (_pSocket->initialized());
173171

174-
LockT l(_ssl_mutex);
175-
176172
BIO* pBIO = BIO_new(BIO_s_socket());
177173
if (!pBIO) throw SSLException("Cannot create SSL BIO object");
178174
BIO_set_fd(pBIO, static_cast<int>(_pSocket->sockfd()), BIO_NOCLOSE);
@@ -250,8 +246,6 @@ void SecureSocketImpl::shutdown()
250246
std::lock_guard<std::recursive_mutex> lock(_mutex);
251247
if (_pSSL)
252248
{
253-
UnLockT l(_ssl_mutex);
254-
255249
// Don't shut down the socket more than once.
256250
int shutdownState = SSL_get_shutdown(_pSSL);
257251
bool shutdownSent = (shutdownState & SSL_SENT_SHUTDOWN) == SSL_SENT_SHUTDOWN;
@@ -266,7 +260,6 @@ void SecureSocketImpl::shutdown()
266260
// done with it.
267261
int rc = SSL_shutdown(_pSSL);
268262
if (rc < 0) handleError(rc);
269-
l.unlock();
270263
if (_pSocket->getBlocking())
271264
{
272265
_pSocket->shutdown();
@@ -297,9 +290,6 @@ int SecureSocketImpl::sendBytes(const void* buffer, int length, int flags)
297290
poco_check_ptr (_pSSL);
298291

299292
int rc;
300-
301-
LockT l(_ssl_mutex);
302-
303293
if (_needHandshake)
304294
{
305295
rc = completeHandshake();
@@ -341,8 +331,6 @@ int SecureSocketImpl::receiveBytes(void* buffer, int length, int flags)
341331
poco_assert (_pSocket->initialized());
342332
poco_check_ptr (_pSSL);
343333

344-
LockT l(_ssl_mutex);
345-
346334
/// Special case: just check that we can read from socket
347335
if ((flags & MSG_DONTWAIT) && (flags & MSG_PEEK))
348336
return _pSocket->receiveBytes(buffer, length, flags);
@@ -380,8 +368,6 @@ int SecureSocketImpl::available() const
380368
std::lock_guard<std::recursive_mutex> lock(_mutex);
381369
poco_check_ptr (_pSSL);
382370

383-
LockT l(_ssl_mutex);
384-
385371
return SSL_pending(_pSSL);
386372
}
387373

@@ -478,20 +464,10 @@ bool SecureSocketImpl::isLocalHost(const std::string& hostName)
478464
X509* SecureSocketImpl::peerCertificate() const
479465
{
480466
std::lock_guard<std::recursive_mutex> lock(_mutex);
481-
LockT l(_ssl_mutex);
482-
483-
X509* pCert = nullptr;
484-
485467
if (_pSSL)
486-
{
487-
pCert = ::SSL_get_peer_certificate(_pSSL);
488-
489-
if (X509_V_OK != SSL_get_verify_result(_pSSL))
490-
throw CertificateValidationException("SecureSocketImpl::peerCertificate(): "
491-
"Certificate verification error " + Utility::getLastError());
492-
}
493-
494-
return pCert;
468+
return SSL_get1_peer_certificate(_pSSL);
469+
else
470+
return 0;
495471
}
496472

497473
Poco::Timespan SecureSocketImpl::getMaxTimeoutOrLimit()
@@ -632,8 +608,6 @@ void SecureSocketImpl::reset()
632608
close();
633609
if (_pSSL)
634610
{
635-
LockT l(_ssl_mutex);
636-
637611
SSL_free(_pSSL);
638612
_pSSL = nullptr;
639613
}
@@ -678,12 +652,9 @@ bool SecureSocketImpl::sessionWasReused()
678652
{
679653
std::lock_guard<std::recursive_mutex> lock(_mutex);
680654
if (_pSSL)
681-
{
682-
LockT l(_ssl_mutex);
683-
return ::SSL_session_reused(_pSSL) != 0;
684-
}
685-
686-
return false;
655+
return SSL_session_reused(_pSSL) != 0;
656+
else
657+
return false;
687658
}
688659

689660
void SecureSocketImpl::setBlocking(bool flag)

0 commit comments

Comments
 (0)