afsocket: update the TLS verifier during reload to fix a crash

It is possible to keep TLS connections alive during reload. In that case the LogWriter instance is persisted in cfg persist. This LogWriter's signal slot connector wasn't updated based on the new configuration, which could cause a crash. The signal slot connector is updated, so the newly configured verifier is used, instead of the old one. Signed-off-by: Tamás Kosztyu <tamas.kosztyu@axoflow.com>
axoflow · Dec 16, 2024 · 4e7a66e · 4e7a66e
1 parent 8e76679
commit 4e7a66e
Showing 1 changed file with 34 additions and 0 deletions.
diff --git a/modules/afsocket/afinet-dest.c b/modules/afsocket/afinet-dest.c
@@ -28,6 +28,8 @@
 #include "gprocess.h"
 #include "compat/openssl_support.h"
 #include "afsocket-signals.h"
+#include "transport/transport-tls.h"
+#include "transport/transport-stack.h"
 
 #include <sys/types.h>
 #include <sys/socket.h>
@@ -228,6 +230,12 @@ afinet_dd_setup_tls_verifier(AFInetDestDriver *self)
   transport_mapper_inet_set_tls_verifier(transport_mapper_inet, verifier);
 }
 
+static AFInetDestDriverTLSVerifyData *
+_get_tls_verify_data (TLSVerifier *verifier)
+{
+  return (AFInetDestDriverTLSVerifyData *)verifier->verify_data;
+}
+
 void
 afinet_dd_enable_failover(LogDriver *s)
 {
@@ -697,6 +705,31 @@ afinet_dd_free(LogPipe *s)
   afsocket_dd_free(s);
 }
 
+static void
+afinet_dd_update_tls_verifier(AFSocketDestDriver *s, ReloadStoreItem *rsi)
+{
+  AFInetDestDriver *self = (AFInetDestDriver *) s;
+
+  LogWriter *writer = rsi->writer;
+
+  if (!writer)
+    return;
+
+  LogProtoClient *proto = log_writer_get_proto(writer);
+
+  if (!proto)
+    return;
+
+  LogTransport *transport = log_transport_stack_get_transport(&proto->transport_stack, LOG_TRANSPORT_TLS);
+
+  if (transport)
+    {
+      TLSSession *session = log_tansport_tls_get_session(transport);
+      AFInetDestDriverTLSVerifyData *verify_data = _get_tls_verify_data (session->verifier);
+      verify_data->signal_connector = self->super.super.super.super.signal_slot_connector;
+    }
+}
+
 static AFInetDestDriver *
 afinet_dd_new_instance(TransportMapper *transport_mapper, gchar *hostname, GlobalConfig *cfg)
 {
@@ -710,6 +743,7 @@ afinet_dd_new_instance(TransportMapper *transport_mapper, gchar *hostname, Globa
   self->super.construct_writer = afinet_dd_construct_writer;
   self->super.setup_addresses = afinet_dd_setup_addresses;
   self->super.get_dest_name = afinet_dd_get_dest_name;
+  self->super.on_connection_restore = afinet_dd_update_tls_verifier;
 
   self->primary = g_strdup(hostname);