diff --git a/src/brpc/socket.cpp b/src/brpc/socket.cpp index c603b0ecec..db12ac9f78 100644 --- a/src/brpc/socket.cpp +++ b/src/brpc/socket.cpp @@ -1505,6 +1505,7 @@ X509* Socket::GetPeerCertificate() const { if (ssl_state() != SSL_CONNECTED) { return NULL; } + BAIDU_SCOPED_LOCK(_ssl_session_mutex); return SSL_get_peer_certificate(_ssl_session); } @@ -1815,11 +1816,15 @@ ssize_t Socket::DoWrite(WriteRequest* req) { CHECK_EQ(SSL_CONNECTED, ssl_state()); if (_conn) { // TODO: Separate SSL stuff from SocketConnection + BAIDU_SCOPED_LOCK(_ssl_session_mutex); return _conn->CutMessageIntoSSLChannel(_ssl_session, data_list, ndata); } int ssl_error = 0; - ssize_t nw = butil::IOBuf::cut_multiple_into_SSL_channel( - _ssl_session, data_list, ndata, &ssl_error); + ssize_t nw = 0; + { + BAIDU_SCOPED_LOCK(_ssl_session_mutex); + nw = butil::IOBuf::cut_multiple_into_SSL_channel(_ssl_session, data_list, ndata, &ssl_error); + } switch (ssl_error) { case SSL_ERROR_NONE: break; @@ -1963,7 +1968,11 @@ ssize_t Socket::DoRead(size_t size_hint) { CHECK_EQ(SSL_CONNECTED, ssl_state()); int ssl_error = 0; - ssize_t nr = _read_buf.append_from_SSL_channel(_ssl_session, &ssl_error, size_hint); + ssize_t nr = 0; + { + BAIDU_SCOPED_LOCK(_ssl_session_mutex); + nr = _read_buf.append_from_SSL_channel(_ssl_session, &ssl_error, size_hint); + } switch (ssl_error) { case SSL_ERROR_NONE: // `nr' > 0 break; diff --git a/src/brpc/socket.h b/src/brpc/socket.h index 6f710ee2a9..b1afadc603 100644 --- a/src/brpc/socket.h +++ b/src/brpc/socket.h @@ -807,6 +807,9 @@ friend void DereferenceSocket(Socket*); AuthContext* _auth_context; SSLState _ssl_state; + // SSL objects cannot be read and written at the same time. + // Use mutex to protect SSL objects when ssl_state is SSL_CONNECTED. + mutable butil::Mutex _ssl_session_mutex; SSL* _ssl_session; // owner std::shared_ptr _ssl_ctx;