Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-62970

Separate SSL socket construction from handshake

    • Fully Compatible
    • Service Arch 2022-2-21
    • 2

      The API that ASIOSession exposes to perform SSL handshake (i.e., handshakeSSLForEgressWithLock) comprises two steps:

      • Constructing a SSL socket from the existing socket.
      • Initiating handshake and returning a future.

      To support concurrent accesses to the socket object (e.g., from timers that enforce a timeout for the SSL handshake), the first step is done while holding a mutex:

      Future<void> TransportLayerASIO::ASIOSession::handshakeSSLForEgressWithLock(
          stdx::unique_lock<Latch> lk, const HostAndPort& target, const ReactorHandle& reactor) {
          ...
          _sslSocket.emplace(std::move(_socket), *_sslContext->egress, removeFQDNRoot(target.host()));
          lk.unlock();
          ...
          return doHandshake().then([this, target, reactor] {
              ...
          });
      }
      

      Separating these steps and ensuring the SSL socket is constructed before setting up timers would obviate the need for having the mutex.

            Assignee:
            daniel.morilha@mongodb.com Daniel Morilha (Inactive)
            Reporter:
            amirsaman.memaripour@mongodb.com Amirsaman Memaripour
            Votes:
            1 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: