Gitweb:
https://git.exim.org/exim.git/commitdiff/ab61e5ff8fdbddafb2a05a3b7a427135701960d6
Commit: ab61e5ff8fdbddafb2a05a3b7a427135701960d6
Parent: 20395676aba7fa5eb9a2c5e0b9f582ec2b3e71e4
Author: Jeremy Harris <jgh146exb@???>
AuthorDate: Sun Jun 27 18:58:44 2021 +0100
Committer: Jeremy Harris <jgh146exb@???>
CommitDate: Sun Jun 27 21:03:02 2021 +0100
TLS: track changing fd of file-watcher when creds are releaded.
Broken-by: 5fd673807d
---
src/src/daemon.c | 9 ++++++++-
src/src/functions.h | 2 +-
src/src/tls.c | 14 ++++++++++++--
3 files changed, 21 insertions(+), 4 deletions(-)
diff --git a/src/src/daemon.c b/src/src/daemon.c
index b088e34..a4b1e26 100644
--- a/src/src/daemon.c
+++ b/src/src/daemon.c
@@ -2462,7 +2462,14 @@ for (;;)
#ifndef DISABLE_TLS
/* Create or rotate any required keys; handle (delayed) filewatch event */
- tls_daemon_tick();
+ for (int old_tfd = tls_daemon_tick(); old_tfd >= 0; )
+ {
+ FD_CLR(old_tfd, &select_listen);
+ if (old_tfd == listen_fd_max - 1) listen_fd_max = old_tfd;
+ if (tls_watch_fd >= 0)
+ add_listener_socket(tls_watch_fd, &select_listen, &listen_fd_max);
+ break;
+ }
#endif
errno = select_errno;
}
diff --git a/src/src/functions.h b/src/src/functions.h
index 6029ab4..e349721 100644
--- a/src/src/functions.h
+++ b/src/src/functions.h
@@ -58,7 +58,7 @@ extern void tls_client_creds_reload(BOOL);
extern void tls_close(void *, int);
extern BOOL tls_could_read(void);
extern void tls_daemon_init(void);
-extern void tls_daemon_tick(void);
+extern int tls_daemon_tick(void);
extern BOOL tls_dropprivs_validate_require_cipher(BOOL);
extern BOOL tls_export_cert(uschar *, size_t, void *);
extern int tls_feof(void);
diff --git a/src/src/tls.c b/src/src/tls.c
index 3de417e..0df9984 100644
--- a/src/src/tls.c
+++ b/src/src/tls.c
@@ -359,11 +359,18 @@ opt_unset_or_noexpand(const uschar * opt)
-/* Called every time round the daemon loop */
+/* Called every time round the daemon loop.
-void
+If we reloaded fd-watcher, return the old watch fd
+having modified the global for the new one. Otherwise
+return -1.
+*/
+
+int
tls_daemon_tick(void)
{
+int old_watch_fd = tls_watch_fd;
+
tls_per_lib_daemon_tick();
#if defined(EXIM_HAVE_INOTIFY) || defined(EXIM_HAVE_KEVENT)
if (tls_creds_expire && time(NULL) >= tls_creds_expire)
@@ -375,6 +382,7 @@ if (tls_creds_expire && time(NULL) >= tls_creds_expire)
DEBUG(D_tls) debug_printf("selfsign cert rotate\n");
tls_creds_expire = 0;
tls_daemon_creds_reload();
+ return old_watch_fd;
}
else if (tls_watch_trigger_time && time(NULL) >= tls_watch_trigger_time + 5)
{
@@ -386,8 +394,10 @@ else if (tls_watch_trigger_time && time(NULL) >= tls_watch_trigger_time + 5)
DEBUG(D_tls) debug_printf("watch triggered\n");
tls_watch_trigger_time = tls_creds_expire = 0;
tls_daemon_creds_reload();
+ return old_watch_fd;
}
#endif
+return -1;
}
/* Called once at daemon startup */
