diff --git a/include/proxy/FetchSM.h b/include/proxy/FetchSM.h index d59457977f9..ef7585bc711 100644 --- a/include/proxy/FetchSM.h +++ b/include/proxy/FetchSM.h @@ -38,6 +38,12 @@ class FetchSM : public Continuation { public: FetchSM() {} + + /** Indicate whether FetchSM dependencies have been initialized by ATS. + * @return True if FetchSM dependencies have been initialized, false otherwise. + */ + static bool is_initialized(); + void init_comm() { diff --git a/include/proxy/PluginHttpConnect.h b/include/proxy/PluginHttpConnect.h index 10b0f2afb43..90c0104a648 100644 --- a/include/proxy/PluginHttpConnect.h +++ b/include/proxy/PluginHttpConnect.h @@ -25,4 +25,5 @@ #include "proxy/PluginVC.h" +bool PluginHttpConnectIsInitialized(); PluginVC *PluginHttpConnectInternal(TSHttpConnectOptions *options); diff --git a/src/iocore/cache/unit_tests/stub.cc b/src/iocore/cache/unit_tests/stub.cc index 38771f91945..7fb06a10a75 100644 --- a/src/iocore/cache/unit_tests/stub.cc +++ b/src/iocore/cache/unit_tests/stub.cc @@ -57,6 +57,11 @@ TSIOBufferReaderConsume(TSIOBufferReader /* readerp ATS_UNUSED */, int64_t /* nb #include "proxy/FetchSM.h" ClassAllocator FetchSMAllocator("unusedFetchSMAllocator"); +bool +FetchSM::is_initialized() +{ + return true; +} void FetchSM::ext_launch() { diff --git a/src/iocore/net/OCSPStapling.cc b/src/iocore/net/OCSPStapling.cc index a61f82cb13a..7946c78129b 100644 --- a/src/iocore/net/OCSPStapling.cc +++ b/src/iocore/net/OCSPStapling.cc @@ -1284,13 +1284,19 @@ stapling_refresh_response(certinfo *cinf, TS_OCSP_RESPONSE **prsp) return rv; } -void +OCSPStatus ocsp_update() { + if (!FetchSM::is_initialized()) { + Dbg(dbg_ctl_ssl_ocsp, "FetchSM is not yet initialized. Skipping OCSP update."); + return OCSPStatus::OCSP_FETCHSM_NOT_INITIALIZED; + } shared_SSL_CTX ctx; TS_OCSP_RESPONSE *resp = nullptr; time_t current_time; + Note("OCSP refresh started"); + SSLCertificateConfig::scoped_config certLookup; Dbg(dbg_ctl_ssl_ocsp, "updating OCSP data"); @@ -1332,6 +1338,8 @@ ocsp_update() } } } + Note("OCSP refresh finished"); + return OCSPStatus::OCSP_OK; } // RFC 6066 Section-8: Certificate Status Request diff --git a/src/iocore/net/P_OCSPStapling.h b/src/iocore/net/P_OCSPStapling.h index 9ca65e45784..71bfc792e69 100644 --- a/src/iocore/net/P_OCSPStapling.h +++ b/src/iocore/net/P_OCSPStapling.h @@ -25,6 +25,11 @@ void ssl_stapling_ex_init(); bool ssl_stapling_init_cert(SSL_CTX *ctx, X509 *cert, const char *certname, const char *rsp_file); -void ocsp_update(); + +enum class OCSPStatus { + OCSP_OK, + OCSP_FETCHSM_NOT_INITIALIZED, +}; +OCSPStatus ocsp_update(); int ssl_callback_ocsp_stapling(SSL *, void *); diff --git a/src/iocore/net/SSLNetProcessor.cc b/src/iocore/net/SSLNetProcessor.cc index 25521f9abc9..530e98926c7 100644 --- a/src/iocore/net/SSLNetProcessor.cc +++ b/src/iocore/net/SSLNetProcessor.cc @@ -38,9 +38,11 @@ struct OCSPContinuation : public Continuation { int mainEvent(int /* event ATS_UNUSED */, Event * /* e ATS_UNUSED */) { - Note("OCSP refresh started"); - ocsp_update(); - Note("OCSP refresh finished"); + if (ocsp_update() == OCSPStatus::OCSP_FETCHSM_NOT_INITIALIZED) { + Note("Delaying OCSP fetching until FetchSM is initialized."); + this_ethread()->schedule_in(this, HRTIME_SECONDS(1)); + return EVENT_CONT; + } return EVENT_CONT; } diff --git a/src/iocore/net/libinknet_stub.cc b/src/iocore/net/libinknet_stub.cc index 3b7f601f6f2..9d1c8b6441c 100644 --- a/src/iocore/net/libinknet_stub.cc +++ b/src/iocore/net/libinknet_stub.cc @@ -27,6 +27,11 @@ AppVersionInfo appVersionInfo; #include "proxy/FetchSM.h" ClassAllocator FetchSMAllocator("unusedFetchSMAllocator"); +bool +FetchSM::is_initialized() +{ + return true; +} void FetchSM::ext_launch() { diff --git a/src/proxy/FetchSM.cc b/src/proxy/FetchSM.cc index 8e0a364453d..6a4c6e9935f 100644 --- a/src/proxy/FetchSM.cc +++ b/src/proxy/FetchSM.cc @@ -40,6 +40,12 @@ DbgCtl dbg_ctl{DEBUG_TAG}; } // end anonymous namespace +bool +FetchSM::is_initialized() +{ + return PluginHttpConnectIsInitialized(); +} + void FetchSM::cleanUp() { diff --git a/src/proxy/PluginHttpConnect.cc b/src/proxy/PluginHttpConnect.cc index 9e8ea31697d..2869d78c11b 100644 --- a/src/proxy/PluginHttpConnect.cc +++ b/src/proxy/PluginHttpConnect.cc @@ -26,6 +26,12 @@ extern HttpSessionAccept *plugin_http_accept; +bool +PluginHttpConnectIsInitialized() +{ + return plugin_http_accept != nullptr; +} + PluginVC * PluginHttpConnectInternal(TSHttpConnectOptions *options) { diff --git a/src/traffic_quic/traffic_quic.cc b/src/traffic_quic/traffic_quic.cc index 069a231cc3e..0624828e143 100644 --- a/src/traffic_quic/traffic_quic.cc +++ b/src/traffic_quic/traffic_quic.cc @@ -347,6 +347,11 @@ PreWarmManager prewarmManager; #include "proxy/FetchSM.h" ClassAllocator FetchSMAllocator("unusedFetchSMAllocator"); +bool +FetchSM::is_initialized() +{ + return true; +} void FetchSM::ext_launch() {