Fix various issues found when tracing through the code

Signed-off-by: Gavin Halliday <[email protected]>
hpcc-systems · Nov 8, 2023 · 633ed1a · 633ed1a
1 parent 0228eb2
commit 633ed1a
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 1 deletion.
diff --git a/system/jlib/jsecrets.cpp b/system/jlib/jsecrets.cpp
@@ -49,6 +49,7 @@
 #include <openssl/x509v3.h>
 #endif
 
+//#define TRACE_SECRETS
 #include <vector>
 
 enum class CVaultKind { kv_v1, kv_v2 };
@@ -1211,6 +1212,8 @@ class CSecret final : public CInterfaceOf<ISyncedPropertyTree>
     }
     virtual unsigned getVersion() const override
     {
+        CriticalBlock block(secretCs);
+        checkStale();
         return secretHash;
     }
     virtual bool isValid() const override
@@ -1245,6 +1248,9 @@ void CSecret::checkStale() const
 {
     if (isStale())
     {
+#ifdef TRACE_SECRETS
+        DBGLOG("Secret %s/%s is stale updating from %u...", category.str(), name.str(), secretHash);
+#endif
         //MORE: This could block or fail - in roxie especially it would be better to return the old value
         try
         {
@@ -1368,6 +1374,8 @@ class CSyncedCertificateBase : public CInterfaceOf<ISyncedPropertyTree>
     }
     virtual unsigned getVersion() const override final
     {
+        CriticalBlock block(secretCs);
+        checkStale();
         //If information that is combined with the secret (e.g. trusted peers) can also change dynamically this would
         //need to be a separate hash calculated from the config tree
         return secretHash;
@@ -1401,7 +1409,6 @@ const IPropertyTree * CSyncedCertificateBase::getTree() const
 
 void CSyncedCertificateBase::checkStale() const
 {
-    CriticalBlock block(secretCs);
     if (secretHash != secret->getVersion())
         createConfig();
 }

diff --git a/system/security/securesocket/securesocket.cpp b/system/security/securesocket/securesocket.cpp
@@ -190,6 +190,7 @@ class CSecureSocket : implements ISecureSocket, public CInterface
         unsigned activeVersion = contextCallback->getVersion();
         if (activeVersion != contextVersion)
         {
+            DBGLOG("CSecureSocket: Updating secure socket context from version %u to %u", contextVersion, activeVersion);
             contextVersion = activeVersion;
             SSL_free(m_ssl);
             m_ssl = contextCallback->createActiveSSL();
@@ -1455,6 +1456,7 @@ class CSecureSocketContext : implements ISecureSocketContext, implements ISecure
             unsigned activeVersion = syncedConfig->getVersion();
             if (activeVersion != configVersion)
             {
+                DBGLOG("CSecureSocketContext: Updating secure socket context from version %u to %u", configVersion, activeVersion);
                 configVersion = activeVersion;
                 Owned<const IPropertyTree> config = syncedConfig->getTree();
                 createNewContext(config);