thevar1able/ClickHouse
1
0
Fork 0
mirror of https://github.com/ClickHouse/ClickHouse.git synced 2024-09-20 00:30:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

Disable session caching to work around tsan races

Browse Source
This commit is contained in:
Robert Schulze 2024-03-26 14:24:03 +00:00
parent 7964f7187c
commit d30b48f54e
No known key found for this signature in database
GPG Key ID: 26703B55FB13728A
4 changed files with 33 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
base/poco/NetSSL_OpenSSL/src/SSLManager.cpp
View File

@ -125,7 +125,7 @@ void SSLManager::initializeClient(PrivateKeyPassphraseHandlerPtr ptrPassphraseHa
Context::Ptr SSLManager::defaultServerContext() Context::Ptr SSLManager::defaultServerContext()
{ {
Poco::FastMutex::ScopedLock lock(_mutex); Poco::FastMutex::ScopedLock lock(_mutex);
if (!_ptrDefaultServerContext) if (!_ptrDefaultServerContext)
initDefaultContext(true); initDefaultContext(true);
@ -150,7 +150,7 @@ Context::Ptr SSLManager::defaultClientContext()
_ptrDefaultClientContext->disableProtocols(Context::PROTO_SSLV2 | Context::PROTO_SSLV3); _ptrDefaultClientContext->disableProtocols(Context::PROTO_SSLV2 | Context::PROTO_SSLV3);
} }
} }
return _ptrDefaultClientContext; return _ptrDefaultClientContext;
} }
@ -256,7 +256,7 @@ void SSLManager::initDefaultContext(bool server)
Context::Params params; Context::Params params;
// mandatory options // mandatory options
params.privateKeyFile = config.getString(prefix + CFG_PRIV_KEY_FILE, ""); params.privateKeyFile = config.getString(prefix + CFG_PRIV_KEY_FILE, "");
params.certificateFile = config.getString(prefix + CFG_CERTIFICATE_FILE, params.privateKeyFile); params.certificateFile = config.getString(prefix + CFG_CERTIFICATE_FILE, params.privateKeyFile);
params.caLocation = config.getString(prefix + CFG_CA_LOCATION, ""); params.caLocation = config.getString(prefix + CFG_CA_LOCATION, "");
if (server && params.certificateFile.empty() && params.privateKeyFile.empty()) if (server && params.certificateFile.empty() && params.privateKeyFile.empty())
@ -283,7 +283,7 @@ void SSLManager::initDefaultContext(bool server)
params.ecdhCurve = config.getString(prefix + CFG_ECDH_CURVE, ""); params.ecdhCurve = config.getString(prefix + CFG_ECDH_CURVE, "");
Context::Usage usage; Context::Usage usage;
if (server) if (server)
{ {
if (requireTLSv1_2) if (requireTLSv1_2)
@ -308,7 +308,7 @@ void SSLManager::initDefaultContext(bool server)
usage = Context::CLIENT_USE; usage = Context::CLIENT_USE;
_ptrDefaultClientContext = new Context(usage, params); _ptrDefaultClientContext = new Context(usage, params);
} }
std::string disabledProtocolsList = config.getString(prefix + CFG_DISABLE_PROTOCOLS, ""); std::string disabledProtocolsList = config.getString(prefix + CFG_DISABLE_PROTOCOLS, "");
Poco::StringTokenizer dpTok(disabledProtocolsList, ";,", Poco::StringTokenizer::TOK_TRIM | Poco::StringTokenizer::TOK_IGNORE_EMPTY); Poco::StringTokenizer dpTok(disabledProtocolsList, ";,", Poco::StringTokenizer::TOK_TRIM | Poco::StringTokenizer::TOK_IGNORE_EMPTY);
int disabledProtocols = 0; int disabledProtocols = 0;
@ -329,27 +329,28 @@ void SSLManager::initDefaultContext(bool server)
_ptrDefaultServerContext->disableProtocols(disabledProtocols); _ptrDefaultServerContext->disableProtocols(disabledProtocols);
else else
_ptrDefaultClientContext->disableProtocols(disabledProtocols); _ptrDefaultClientContext->disableProtocols(disabledProtocols);
bool cacheSessions = config.getBool(prefix + CFG_CACHE_SESSIONS, false); /// Temporarily disabled during the transition from boringssl to OpenSSL due to tsan issues.
if (server) /// bool cacheSessions = config.getBool(prefix + CFG_CACHE_SESSIONS, false);
{ /// if (server)
std::string sessionIdContext = config.getString(prefix + CFG_SESSION_ID_CONTEXT, config.getString("application.name", "")); /// {
_ptrDefaultServerContext->enableSessionCache(cacheSessions, sessionIdContext); /// std::string sessionIdContext = config.getString(prefix + CFG_SESSION_ID_CONTEXT, config.getString("application.name", ""));
if (config.hasProperty(prefix + CFG_SESSION_CACHE_SIZE)) /// _ptrDefaultServerContext->enableSessionCache(cacheSessions, sessionIdContext);
{ /// if (config.hasProperty(prefix + CFG_SESSION_CACHE_SIZE))
int cacheSize = config.getInt(prefix + CFG_SESSION_CACHE_SIZE); /// {
_ptrDefaultServerContext->setSessionCacheSize(cacheSize); /// int cacheSize = config.getInt(prefix + CFG_SESSION_CACHE_SIZE);
} /// _ptrDefaultServerContext->setSessionCacheSize(cacheSize);
if (config.hasProperty(prefix + CFG_SESSION_TIMEOUT)) /// }
{ /// if (config.hasProperty(prefix + CFG_SESSION_TIMEOUT))
int timeout = config.getInt(prefix + CFG_SESSION_TIMEOUT); /// {
_ptrDefaultServerContext->setSessionTimeout(timeout); /// int timeout = config.getInt(prefix + CFG_SESSION_TIMEOUT);
} /// _ptrDefaultServerContext->setSessionTimeout(timeout);
} /// }
else /// }
{ /// else
_ptrDefaultClientContext->enableSessionCache(cacheSessions); /// {
} /// _ptrDefaultClientContext->enableSessionCache(cacheSessions);
/// }
bool extendedVerification = config.getBool(prefix + CFG_EXTENDED_VERIFICATION, false); bool extendedVerification = config.getBool(prefix + CFG_EXTENDED_VERIFICATION, false);
if (server) if (server)
_ptrDefaultServerContext->enableExtendedCertificateVerification(extendedVerification); _ptrDefaultServerContext->enableExtendedCertificateVerification(extendedVerification);
@ -378,7 +379,7 @@ void SSLManager::initPassphraseHandler(bool server)
{ {
if (server && _ptrServerPassphraseHandler) return; if (server && _ptrServerPassphraseHandler) return;
if (!server && _ptrClientPassphraseHandler) return; if (!server && _ptrClientPassphraseHandler) return;
std::string prefix = server ? CFG_SERVER_PREFIX : CFG_CLIENT_PREFIX; std::string prefix = server ? CFG_SERVER_PREFIX : CFG_CLIENT_PREFIX;
Poco::Util::AbstractConfiguration& config = appConfig(); Poco::Util::AbstractConfiguration& config = appConfig();
@ -399,7 +400,7 @@ void SSLManager::initPassphraseHandler(bool server)
} }
else throw Poco::Util::UnknownOptionException(std::string("No passphrase handler known with the name ") + className); else throw Poco::Util::UnknownOptionException(std::string("No passphrase handler known with the name ") + className);
} }
void SSLManager::initCertificateHandler(bool server) void SSLManager::initCertificateHandler(bool server)
{ {

3
tests/integration/test_dictionaries_all_layouts_separate_sources/configs/disable_ssl_verification.xml
View File

@ -8,4 +8,5 @@
</invalidCertificateHandler> </invalidCertificateHandler>
</client> </client>
</openSSL> </openSSL>
</clickhouse> </clickhouse>

2
tests/queries/0_stateless/01393_benchmark_secure_port.sh
View File

@ -1,5 +1,5 @@
#!/usr/bin/env bash #!/usr/bin/env bash
# Tags: no-fasttest # Tags: no-fasttest, no-tsan
CURDIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd) CURDIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)
# shellcheck source=../shell_config.sh # shellcheck source=../shell_config.sh

2
tests/queries/0_stateless/01683_text_log_deadlock.sh
View File

@ -1,5 +1,5 @@
#!/usr/bin/env bash #!/usr/bin/env bash
# Tags: deadlock # Tags: deadlock, no-tsan
CURDIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd) CURDIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)
# shellcheck source=../shell_config.sh # shellcheck source=../shell_config.sh