diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2022-12-05 16:29:34 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2022-12-05 16:31:29 +0000 |
commit | 2d852004321781e79bb7f59bf61603d66000daae (patch) | |
tree | 0ecddb3a16d1eb813fd4a3f7f507417028d6a5bc /libnetdata/socket | |
parent | Releasing debian version 1.37.0-1. (diff) | |
download | netdata-2d852004321781e79bb7f59bf61603d66000daae.tar.xz netdata-2d852004321781e79bb7f59bf61603d66000daae.zip |
Merging upstream version 1.37.1.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'libnetdata/socket')
-rw-r--r-- | libnetdata/socket/security.c | 38 |
1 files changed, 25 insertions, 13 deletions
diff --git a/libnetdata/socket/security.c b/libnetdata/socket/security.c index f7b44049..88b3f6d9 100644 --- a/libnetdata/socket/security.c +++ b/libnetdata/socket/security.c @@ -204,31 +204,43 @@ static SSL_CTX * security_initialize_openssl_server() { * NETDATA_SSL_CONTEXT_EXPORTING - Starts the OpenTSDB context */ void security_start_ssl(int selector) { + static SPINLOCK sp = NETDATA_SPINLOCK_INITIALIZER; + netdata_spinlock_lock(&sp); + switch (selector) { case NETDATA_SSL_CONTEXT_SERVER: { - struct stat statbuf; - if (stat(netdata_ssl_security_key, &statbuf) || stat(netdata_ssl_security_cert, &statbuf)) { - info("To use encryption it is necessary to set \"ssl certificate\" and \"ssl key\" in [web] !\n"); - return; + if(!netdata_ssl_srv_ctx) { + struct stat statbuf; + if (stat(netdata_ssl_security_key, &statbuf) || stat(netdata_ssl_security_cert, &statbuf)) + info("To use encryption it is necessary to set \"ssl certificate\" and \"ssl key\" in [web] !\n"); + else { + netdata_ssl_srv_ctx = security_initialize_openssl_server(); + SSL_CTX_set_mode(netdata_ssl_srv_ctx, SSL_MODE_ENABLE_PARTIAL_WRITE); + } } - - netdata_ssl_srv_ctx = security_initialize_openssl_server(); - SSL_CTX_set_mode(netdata_ssl_srv_ctx, SSL_MODE_ENABLE_PARTIAL_WRITE); break; } + case NETDATA_SSL_CONTEXT_STREAMING: { - netdata_ssl_client_ctx = security_initialize_openssl_client(); - //This is necessary for the stream, because it is working sometimes with nonblock socket. - //It returns the bitmask after to change, there is not any description of errors in the documentation - SSL_CTX_set_mode( - netdata_ssl_client_ctx, SSL_MODE_ENABLE_PARTIAL_WRITE |SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |SSL_MODE_AUTO_RETRY); + if(!netdata_ssl_client_ctx) { + netdata_ssl_client_ctx = security_initialize_openssl_client(); + //This is necessary for the stream, because it is working sometimes with nonblock socket. + //It returns the bitmask after to change, there is not any description of errors in the documentation + SSL_CTX_set_mode(netdata_ssl_client_ctx, + SSL_MODE_ENABLE_PARTIAL_WRITE | SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER | + SSL_MODE_AUTO_RETRY); + } break; } + case NETDATA_SSL_CONTEXT_EXPORTING: { - netdata_ssl_exporting_ctx = security_initialize_openssl_client(); + if(!netdata_ssl_exporting_ctx) + netdata_ssl_exporting_ctx = security_initialize_openssl_client(); break; } } + + netdata_spinlock_unlock(&sp); } /** |