Skip to content

[thirdparty](patch)fix brpc core when enable ssl #55649

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
yiguolei merged 1 commit into from
Sep 5, 2025
Merged

[thirdparty](patch)fix brpc core when enable ssl #55649

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
70 changes: 70 additions & 0 deletions thirdparty/patches/brpc-1.6.0-fix-core-when-enable-SSL.patch
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,70 @@
From b4fecace384951638e0d092629e7ac922e9b609d Mon Sep 17 00:00:00 2001
From: warriorpaw <z.warriorpaw@gmail.com>
Date: Sun, 25 Jun 2023 14:29:06 +0800
Subject: [PATCH] fix core when enable SSL (#2180)

---
src/brpc/socket.cpp | 15 ++++++++++++---
src/brpc/socket.h | 3 +++
2 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/src/brpc/socket.cpp b/src/brpc/socket.cpp
index 259e09ca..e0a69422 100644
--- a/src/brpc/socket.cpp
+++ b/src/brpc/socket.cpp
@@ -1569,6 +1569,7 @@ X509* Socket::GetPeerCertificate() const {
if (ssl_state() != SSL_CONNECTED) {
return NULL;
}
+ BAIDU_SCOPED_LOCK(_ssl_session_mutex);
return SSL_get_peer_certificate(_ssl_session);
}

@@ -1879,11 +1880,15 @@ ssize_t Socket::DoWrite(WriteRequest* req) {
CHECK_EQ(SSL_CONNECTED, ssl_state());
if (_conn) {
// TODO: Separate SSL stuff from SocketConnection
+ BAIDU_SCOPED_LOCK(_ssl_session_mutex);
return _conn->CutMessageIntoSSLChannel(_ssl_session, data_list, ndata);
}
int ssl_error = 0;
- ssize_t nw = butil::IOBuf::cut_multiple_into_SSL_channel(
- _ssl_session, data_list, ndata, &ssl_error);
+ ssize_t nw = 0;
+ {
+ BAIDU_SCOPED_LOCK(_ssl_session_mutex);
+ nw = butil::IOBuf::cut_multiple_into_SSL_channel(_ssl_session, data_list, ndata, &ssl_error);
+ }
switch (ssl_error) {
case SSL_ERROR_NONE:
break;
@@ -2027,7 +2032,11 @@ ssize_t Socket::DoRead(size_t size_hint) {

CHECK_EQ(SSL_CONNECTED, ssl_state());
int ssl_error = 0;
- ssize_t nr = _read_buf.append_from_SSL_channel(_ssl_session, &ssl_error, size_hint);
+ ssize_t nr = 0;
+ {
+ BAIDU_SCOPED_LOCK(_ssl_session_mutex);
+ nr = _read_buf.append_from_SSL_channel(_ssl_session, &ssl_error, size_hint);
+ }
switch (ssl_error) {
case SSL_ERROR_NONE: // `nr' > 0
break;
diff --git a/src/brpc/socket.h b/src/brpc/socket.h
index cc77168f..bd753f60 100644
--- a/src/brpc/socket.h
+++ b/src/brpc/socket.h
@@ -827,6 +827,9 @@ private:
AuthContext* _auth_context;

SSLState _ssl_state;
+ // SSL objects cannot be read and written at the same time.
+ // Use mutex to protect SSL objects when ssl_state is SSL_CONNECTED.
+ mutable butil::Mutex _ssl_session_mutex;
SSL* _ssl_session; // owner
std::shared_ptr<SocketSSLContext> _ssl_ctx;

--
2.50.1

Loading