]> git.apps.os.sepia.ceph.com Git - ceph.git/commit
projects / ceph.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 788bbd9) | patch
rgw: setup locks for libopenssl
authorAbhishek Lekshmanan <abhishek@suse.com>
Fri, 2 Mar 2018 16:41:42 +0000 (17:41 +0100)
committerAbhishek Lekshmanan <abhishek@suse.com>
Tue, 6 Mar 2018 14:32:48 +0000 (15:32 +0100)
commit1e96259c4bff83ab062d463d196a016883c25e04
tree2272d3073e147f69c27f1f0193c75448a2e36a0etree | snapshot
parent788bbd9be22d33d460d3e0bcf76cbf2e55a822b2commit | diff
rgw: setup locks for libopenssl

openssl <= 1.02 requires explicit callbacks for locking which libcurl doesn't
set. This causes random segmentation faults when openssl uses its global
structures across multiple threads. Providing a simple mutex lock/unlock
functions as a callback. We determine whether openssl is used for libcurl via
curl-config utility which should be installed as a part of our curl development
headers package. We also additionally check that the openssl version is < 1.1.0
which alleviates the need for these callbacks. In this patchset we have done the
following:

- move all curl related global init functionality under rgw::curl namespace
  since libcurl may need to set up various ssl libraries etc during its init
- introduce WITH_CURL_OPENSSL in cmake
  this checks the backend curl is deployed with using curl-config. Since curl
  devel is expected to be installed anyway, this binary should be available and
  can help identify the ssl backend curl was compiled with.
- we only setup the locks if beast/civetweb aren't terminated with ssl, since
  these libraries setup the locks anyway and we want to prevent double
  initialization of openssl. Also we pass in ~CURL_GLOBAL_SSL making curl not
  initialize openssl if civetwb/beast is initializing them. Unfortunately this
  flag is a noop from curl >= 7.57 wherein both the libraries will end up
  initializing openssl anyway, which might override certain settings like error
  strings if using openssl < 1.1

https://curl.haxx.se/libcurl/c/threadsafe.html
https://www.openssl.org/docs/man1.0.2/crypto/threads.html#DESCRIPTION

Fixes: http://tracker.ceph.com/issues/22951
Signed-off-by: Abhishek Lekshmanan <abhishek@suse.com>
Signed-off-by: Jesse Williamson <jwilliamson@suse.com>
(cherry picked from commit 4e30277e4b38694e6f8d61925736cd7c2cff515f)

 Conflicts:
  - CMakeLists.txt
  libcryptopp drop in master conflict
  - src/rgw/rgw_main.cc
  conflict as we removed the ac related headers in Luminous

Conflicts:
  CMake isn't supported in jewel, while the CMake changes were cherried,
  CMakelists for rgw does not exist in jewel and this commit doesn't fix that.
  So though CMake changes are backported, cmake build is untested and expected
  to be broken
src/include/config-h.in.cmake
  src/rgw/rgw_main.cc
CMakeLists.txt diff | blob | history
src/include/config-h.in.cmake diff | blob | history
src/rgw/rgw_http_client_curl.cc [new file with mode: 0644] blob
src/rgw/rgw_http_client_curl.h [new file with mode: 0644] blob
src/rgw/rgw_main.cc diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.