Commit c0c7437f authored by Matthew Holt's avatar Matthew Holt

caddytls: Fix data race in test (close #1844)

The race was in the test only; not in the production code
parent 01f3593f
...@@ -21,6 +21,7 @@ import ( ...@@ -21,6 +21,7 @@ import (
"net" "net"
"os" "os"
"path/filepath" "path/filepath"
"sync"
"time" "time"
"golang.org/x/crypto/ocsp" "golang.org/x/crypto/ocsp"
...@@ -245,6 +246,7 @@ func RotateSessionTicketKeys(cfg *tls.Config) chan struct{} { ...@@ -245,6 +246,7 @@ func RotateSessionTicketKeys(cfg *tls.Config) chan struct{} {
var ( var (
runTLSTicketKeyRotation = standaloneTLSTicketKeyRotation runTLSTicketKeyRotation = standaloneTLSTicketKeyRotation
setSessionTicketKeysTestHook = func(keys [][32]byte) [][32]byte { return keys } setSessionTicketKeysTestHook = func(keys [][32]byte) [][32]byte { return keys }
setSessionTicketKeysTestHookMu sync.Mutex
) )
// standaloneTLSTicketKeyRotation governs over the array of TLS ticket keys used to de/crypt TLS tickets. // standaloneTLSTicketKeyRotation governs over the array of TLS ticket keys used to de/crypt TLS tickets.
...@@ -271,7 +273,10 @@ func standaloneTLSTicketKeyRotation(c *tls.Config, ticker *time.Ticker, exitChan ...@@ -271,7 +273,10 @@ func standaloneTLSTicketKeyRotation(c *tls.Config, ticker *time.Ticker, exitChan
c.SessionTicketsDisabled = true // bail if we don't have the entropy for the first one c.SessionTicketsDisabled = true // bail if we don't have the entropy for the first one
return return
} }
c.SetSessionTicketKeys(setSessionTicketKeysTestHook(keys)) setSessionTicketKeysTestHookMu.Lock()
setSessionTicketKeysHook := setSessionTicketKeysTestHook
setSessionTicketKeysTestHookMu.Unlock()
c.SetSessionTicketKeys(setSessionTicketKeysHook(keys))
for { for {
select { select {
...@@ -298,7 +303,7 @@ func standaloneTLSTicketKeyRotation(c *tls.Config, ticker *time.Ticker, exitChan ...@@ -298,7 +303,7 @@ func standaloneTLSTicketKeyRotation(c *tls.Config, ticker *time.Ticker, exitChan
keys[0] = newTicketKey keys[0] = newTicketKey
} }
// pushes the last key out, doesn't matter that we don't have a new one // pushes the last key out, doesn't matter that we don't have a new one
c.SetSessionTicketKeys(setSessionTicketKeysTestHook(keys)) c.SetSessionTicketKeys(setSessionTicketKeysHook(keys))
} }
} }
} }
......
...@@ -86,17 +86,20 @@ func TestStandaloneTLSTicketKeyRotation(t *testing.T) { ...@@ -86,17 +86,20 @@ func TestStandaloneTLSTicketKeyRotation(t *testing.T) {
tlsGovChan := make(chan struct{}) tlsGovChan := make(chan struct{})
defer close(tlsGovChan) defer close(tlsGovChan)
callSync := make(chan *syncPkt, 1) callSync := make(chan syncPkt)
defer close(callSync)
setSessionTicketKeysTestHookMu.Lock()
oldHook := setSessionTicketKeysTestHook oldHook := setSessionTicketKeysTestHook
defer func() { defer func() {
setSessionTicketKeysTestHookMu.Lock()
setSessionTicketKeysTestHook = oldHook setSessionTicketKeysTestHook = oldHook
setSessionTicketKeysTestHookMu.Unlock()
}() }()
setSessionTicketKeysTestHook = func(keys [][32]byte) [][32]byte { setSessionTicketKeysTestHook = func(keys [][32]byte) [][32]byte {
callSync <- &syncPkt{keys[0], len(keys)} callSync <- syncPkt{keys[0], len(keys)}
return keys return keys
} }
setSessionTicketKeysTestHookMu.Unlock()
c := new(tls.Config) c := new(tls.Config)
timer := time.NewTicker(time.Millisecond * 1) timer := time.NewTicker(time.Millisecond * 1)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment