summaryrefslogtreecommitdiffstats
path: root/libnetdata/socket
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2022-12-05 16:29:34 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2022-12-05 16:31:29 +0000
commit2d852004321781e79bb7f59bf61603d66000daae (patch)
tree0ecddb3a16d1eb813fd4a3f7f507417028d6a5bc /libnetdata/socket
parentReleasing debian version 1.37.0-1. (diff)
downloadnetdata-2d852004321781e79bb7f59bf61603d66000daae.tar.xz
netdata-2d852004321781e79bb7f59bf61603d66000daae.zip
Merging upstream version 1.37.1.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'libnetdata/socket')
-rw-r--r--libnetdata/socket/security.c38
1 files changed, 25 insertions, 13 deletions
diff --git a/libnetdata/socket/security.c b/libnetdata/socket/security.c
index f7b44049..88b3f6d9 100644
--- a/libnetdata/socket/security.c
+++ b/libnetdata/socket/security.c
@@ -204,31 +204,43 @@ static SSL_CTX * security_initialize_openssl_server() {
* NETDATA_SSL_CONTEXT_EXPORTING - Starts the OpenTSDB context
*/
void security_start_ssl(int selector) {
+ static SPINLOCK sp = NETDATA_SPINLOCK_INITIALIZER;
+ netdata_spinlock_lock(&sp);
+
switch (selector) {
case NETDATA_SSL_CONTEXT_SERVER: {
- struct stat statbuf;
- if (stat(netdata_ssl_security_key, &statbuf) || stat(netdata_ssl_security_cert, &statbuf)) {
- info("To use encryption it is necessary to set \"ssl certificate\" and \"ssl key\" in [web] !\n");
- return;
+ if(!netdata_ssl_srv_ctx) {
+ struct stat statbuf;
+ if (stat(netdata_ssl_security_key, &statbuf) || stat(netdata_ssl_security_cert, &statbuf))
+ info("To use encryption it is necessary to set \"ssl certificate\" and \"ssl key\" in [web] !\n");
+ else {
+ netdata_ssl_srv_ctx = security_initialize_openssl_server();
+ SSL_CTX_set_mode(netdata_ssl_srv_ctx, SSL_MODE_ENABLE_PARTIAL_WRITE);
+ }
}
-
- netdata_ssl_srv_ctx = security_initialize_openssl_server();
- SSL_CTX_set_mode(netdata_ssl_srv_ctx, SSL_MODE_ENABLE_PARTIAL_WRITE);
break;
}
+
case NETDATA_SSL_CONTEXT_STREAMING: {
- netdata_ssl_client_ctx = security_initialize_openssl_client();
- //This is necessary for the stream, because it is working sometimes with nonblock socket.
- //It returns the bitmask after to change, there is not any description of errors in the documentation
- SSL_CTX_set_mode(
- netdata_ssl_client_ctx, SSL_MODE_ENABLE_PARTIAL_WRITE |SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |SSL_MODE_AUTO_RETRY);
+ if(!netdata_ssl_client_ctx) {
+ netdata_ssl_client_ctx = security_initialize_openssl_client();
+ //This is necessary for the stream, because it is working sometimes with nonblock socket.
+ //It returns the bitmask after to change, there is not any description of errors in the documentation
+ SSL_CTX_set_mode(netdata_ssl_client_ctx,
+ SSL_MODE_ENABLE_PARTIAL_WRITE | SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
+ SSL_MODE_AUTO_RETRY);
+ }
break;
}
+
case NETDATA_SSL_CONTEXT_EXPORTING: {
- netdata_ssl_exporting_ctx = security_initialize_openssl_client();
+ if(!netdata_ssl_exporting_ctx)
+ netdata_ssl_exporting_ctx = security_initialize_openssl_client();
break;
}
}
+
+ netdata_spinlock_unlock(&sp);
}
/**