mirror of
https://github.com/ClickHouse/ClickHouse.git
synced 2024-09-20 00:30:49 +00:00
Disable session caching to work around tsan races
This commit is contained in:
parent
7964f7187c
commit
d30b48f54e
@ -125,7 +125,7 @@ void SSLManager::initializeClient(PrivateKeyPassphraseHandlerPtr ptrPassphraseHa
|
|||||||
Context::Ptr SSLManager::defaultServerContext()
|
Context::Ptr SSLManager::defaultServerContext()
|
||||||
{
|
{
|
||||||
Poco::FastMutex::ScopedLock lock(_mutex);
|
Poco::FastMutex::ScopedLock lock(_mutex);
|
||||||
|
|
||||||
if (!_ptrDefaultServerContext)
|
if (!_ptrDefaultServerContext)
|
||||||
initDefaultContext(true);
|
initDefaultContext(true);
|
||||||
|
|
||||||
@ -150,7 +150,7 @@ Context::Ptr SSLManager::defaultClientContext()
|
|||||||
_ptrDefaultClientContext->disableProtocols(Context::PROTO_SSLV2 | Context::PROTO_SSLV3);
|
_ptrDefaultClientContext->disableProtocols(Context::PROTO_SSLV2 | Context::PROTO_SSLV3);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return _ptrDefaultClientContext;
|
return _ptrDefaultClientContext;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -256,7 +256,7 @@ void SSLManager::initDefaultContext(bool server)
|
|||||||
Context::Params params;
|
Context::Params params;
|
||||||
// mandatory options
|
// mandatory options
|
||||||
params.privateKeyFile = config.getString(prefix + CFG_PRIV_KEY_FILE, "");
|
params.privateKeyFile = config.getString(prefix + CFG_PRIV_KEY_FILE, "");
|
||||||
params.certificateFile = config.getString(prefix + CFG_CERTIFICATE_FILE, params.privateKeyFile);
|
params.certificateFile = config.getString(prefix + CFG_CERTIFICATE_FILE, params.privateKeyFile);
|
||||||
params.caLocation = config.getString(prefix + CFG_CA_LOCATION, "");
|
params.caLocation = config.getString(prefix + CFG_CA_LOCATION, "");
|
||||||
|
|
||||||
if (server && params.certificateFile.empty() && params.privateKeyFile.empty())
|
if (server && params.certificateFile.empty() && params.privateKeyFile.empty())
|
||||||
@ -283,7 +283,7 @@ void SSLManager::initDefaultContext(bool server)
|
|||||||
params.ecdhCurve = config.getString(prefix + CFG_ECDH_CURVE, "");
|
params.ecdhCurve = config.getString(prefix + CFG_ECDH_CURVE, "");
|
||||||
|
|
||||||
Context::Usage usage;
|
Context::Usage usage;
|
||||||
|
|
||||||
if (server)
|
if (server)
|
||||||
{
|
{
|
||||||
if (requireTLSv1_2)
|
if (requireTLSv1_2)
|
||||||
@ -308,7 +308,7 @@ void SSLManager::initDefaultContext(bool server)
|
|||||||
usage = Context::CLIENT_USE;
|
usage = Context::CLIENT_USE;
|
||||||
_ptrDefaultClientContext = new Context(usage, params);
|
_ptrDefaultClientContext = new Context(usage, params);
|
||||||
}
|
}
|
||||||
|
|
||||||
std::string disabledProtocolsList = config.getString(prefix + CFG_DISABLE_PROTOCOLS, "");
|
std::string disabledProtocolsList = config.getString(prefix + CFG_DISABLE_PROTOCOLS, "");
|
||||||
Poco::StringTokenizer dpTok(disabledProtocolsList, ";,", Poco::StringTokenizer::TOK_TRIM | Poco::StringTokenizer::TOK_IGNORE_EMPTY);
|
Poco::StringTokenizer dpTok(disabledProtocolsList, ";,", Poco::StringTokenizer::TOK_TRIM | Poco::StringTokenizer::TOK_IGNORE_EMPTY);
|
||||||
int disabledProtocols = 0;
|
int disabledProtocols = 0;
|
||||||
@ -329,27 +329,28 @@ void SSLManager::initDefaultContext(bool server)
|
|||||||
_ptrDefaultServerContext->disableProtocols(disabledProtocols);
|
_ptrDefaultServerContext->disableProtocols(disabledProtocols);
|
||||||
else
|
else
|
||||||
_ptrDefaultClientContext->disableProtocols(disabledProtocols);
|
_ptrDefaultClientContext->disableProtocols(disabledProtocols);
|
||||||
|
|
||||||
bool cacheSessions = config.getBool(prefix + CFG_CACHE_SESSIONS, false);
|
/// Temporarily disabled during the transition from boringssl to OpenSSL due to tsan issues.
|
||||||
if (server)
|
/// bool cacheSessions = config.getBool(prefix + CFG_CACHE_SESSIONS, false);
|
||||||
{
|
/// if (server)
|
||||||
std::string sessionIdContext = config.getString(prefix + CFG_SESSION_ID_CONTEXT, config.getString("application.name", ""));
|
/// {
|
||||||
_ptrDefaultServerContext->enableSessionCache(cacheSessions, sessionIdContext);
|
/// std::string sessionIdContext = config.getString(prefix + CFG_SESSION_ID_CONTEXT, config.getString("application.name", ""));
|
||||||
if (config.hasProperty(prefix + CFG_SESSION_CACHE_SIZE))
|
/// _ptrDefaultServerContext->enableSessionCache(cacheSessions, sessionIdContext);
|
||||||
{
|
/// if (config.hasProperty(prefix + CFG_SESSION_CACHE_SIZE))
|
||||||
int cacheSize = config.getInt(prefix + CFG_SESSION_CACHE_SIZE);
|
/// {
|
||||||
_ptrDefaultServerContext->setSessionCacheSize(cacheSize);
|
/// int cacheSize = config.getInt(prefix + CFG_SESSION_CACHE_SIZE);
|
||||||
}
|
/// _ptrDefaultServerContext->setSessionCacheSize(cacheSize);
|
||||||
if (config.hasProperty(prefix + CFG_SESSION_TIMEOUT))
|
/// }
|
||||||
{
|
/// if (config.hasProperty(prefix + CFG_SESSION_TIMEOUT))
|
||||||
int timeout = config.getInt(prefix + CFG_SESSION_TIMEOUT);
|
/// {
|
||||||
_ptrDefaultServerContext->setSessionTimeout(timeout);
|
/// int timeout = config.getInt(prefix + CFG_SESSION_TIMEOUT);
|
||||||
}
|
/// _ptrDefaultServerContext->setSessionTimeout(timeout);
|
||||||
}
|
/// }
|
||||||
else
|
/// }
|
||||||
{
|
/// else
|
||||||
_ptrDefaultClientContext->enableSessionCache(cacheSessions);
|
/// {
|
||||||
}
|
/// _ptrDefaultClientContext->enableSessionCache(cacheSessions);
|
||||||
|
/// }
|
||||||
bool extendedVerification = config.getBool(prefix + CFG_EXTENDED_VERIFICATION, false);
|
bool extendedVerification = config.getBool(prefix + CFG_EXTENDED_VERIFICATION, false);
|
||||||
if (server)
|
if (server)
|
||||||
_ptrDefaultServerContext->enableExtendedCertificateVerification(extendedVerification);
|
_ptrDefaultServerContext->enableExtendedCertificateVerification(extendedVerification);
|
||||||
@ -378,7 +379,7 @@ void SSLManager::initPassphraseHandler(bool server)
|
|||||||
{
|
{
|
||||||
if (server && _ptrServerPassphraseHandler) return;
|
if (server && _ptrServerPassphraseHandler) return;
|
||||||
if (!server && _ptrClientPassphraseHandler) return;
|
if (!server && _ptrClientPassphraseHandler) return;
|
||||||
|
|
||||||
std::string prefix = server ? CFG_SERVER_PREFIX : CFG_CLIENT_PREFIX;
|
std::string prefix = server ? CFG_SERVER_PREFIX : CFG_CLIENT_PREFIX;
|
||||||
Poco::Util::AbstractConfiguration& config = appConfig();
|
Poco::Util::AbstractConfiguration& config = appConfig();
|
||||||
|
|
||||||
@ -399,7 +400,7 @@ void SSLManager::initPassphraseHandler(bool server)
|
|||||||
}
|
}
|
||||||
else throw Poco::Util::UnknownOptionException(std::string("No passphrase handler known with the name ") + className);
|
else throw Poco::Util::UnknownOptionException(std::string("No passphrase handler known with the name ") + className);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
void SSLManager::initCertificateHandler(bool server)
|
void SSLManager::initCertificateHandler(bool server)
|
||||||
{
|
{
|
||||||
|
@ -8,4 +8,5 @@
|
|||||||
</invalidCertificateHandler>
|
</invalidCertificateHandler>
|
||||||
</client>
|
</client>
|
||||||
</openSSL>
|
</openSSL>
|
||||||
</clickhouse>
|
</clickhouse>
|
||||||
|
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
#!/usr/bin/env bash
|
#!/usr/bin/env bash
|
||||||
# Tags: no-fasttest
|
# Tags: no-fasttest, no-tsan
|
||||||
|
|
||||||
CURDIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)
|
CURDIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)
|
||||||
# shellcheck source=../shell_config.sh
|
# shellcheck source=../shell_config.sh
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
#!/usr/bin/env bash
|
#!/usr/bin/env bash
|
||||||
# Tags: deadlock
|
# Tags: deadlock, no-tsan
|
||||||
|
|
||||||
CURDIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)
|
CURDIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)
|
||||||
# shellcheck source=../shell_config.sh
|
# shellcheck source=../shell_config.sh
|
||||||
|
Loading…
Reference in New Issue
Block a user