From 402b0f39beae4a62bf608f0c59c957e8eddc2d7f Mon Sep 17 00:00:00 2001 From: Brian Neradt Date: Wed, 7 Jun 2023 22:27:29 +0000 Subject: [PATCH] Add a shutdown handler to the certifier plugin This adds a shutdown handler to the certifier plugin so that its SSL data can be cleaned up in a callback rather than on process shutdown. This also reverts commenting out the debug call from SslData which was commented out as a workaround to a crash which was happening on shutdown. Fixes #9794 --- plugins/certifier/certifier.cc | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/plugins/certifier/certifier.cc b/plugins/certifier/certifier.cc index 583df1c754a..7bc52977b02 100644 --- a/plugins/certifier/certifier.cc +++ b/plugins/certifier/certifier.cc @@ -102,9 +102,7 @@ class SslLRUList SslData *next = nullptr; SslData() = default; - ~SslData() - { /* TSDebug(PLUGIN_NAME, "Deleting ssl data for [%s]", commonName.c_str()); */ - } + ~SslData() { TSDebug(PLUGIN_NAME, "Deleting ssl data for [%s]", commonName.c_str()); } }; using scoped_SslData = std::unique_ptr; @@ -554,6 +552,15 @@ cert_retriever(TSCont contp, TSEvent event, void *edata) return TS_SUCCESS; } +static int +shutdown_handler(TSCont contp, TSEvent event, void *edata) +{ + if (event == TS_EVENT_LIFECYCLE_SHUTDOWN) { + ssl_list.reset(); + } + return 0; +} + void TSPluginInit(int argc, const char *argv[]) { @@ -561,6 +568,7 @@ TSPluginInit(int argc, const char *argv[]) // Initialization data and callback TSPluginRegistrationInfo info; TSCont cb_shadow = nullptr; + TSCont cb_shutdown = nullptr; info.plugin_name = "certifier"; info.vendor_name = "Apache Software Foundation"; info.support_email = "dev@trafficserver.apache.org"; @@ -618,6 +626,8 @@ TSPluginInit(int argc, const char *argv[]) TSError("[%s] Unable to initialize plugin (disabled). Failed to register plugin.", PLUGIN_NAME); } else if ((cb_shadow = TSContCreate(cert_retriever, nullptr)) == nullptr) { TSError("[%s] Unable to initialize plugin (disabled). Failed to create shadow cert cb.", PLUGIN_NAME); + } else if ((cb_shutdown = TSContCreate(shutdown_handler, nullptr)) == nullptr) { + TSError("[%s] Unable to initialize plugin (disabled). Failed to create shutdown cb.", PLUGIN_NAME); } else { if ((sign_enabled = cert && key && serial)) { // Dynamic cert generation enabled. Initialize CA key, cert and serial @@ -666,6 +676,7 @@ TSPluginInit(int argc, const char *argv[]) /// Add global hooks TSHttpHookAdd(TS_SSL_CERT_HOOK, cb_shadow); + TSLifecycleHookAdd(TS_LIFECYCLE_SHUTDOWN_HOOK, cb_shutdown); } return;