mirror of
https://git.haproxy.org/git/haproxy.git/
synced 2026-02-10 03:41:24 +01:00
350f8b0c07
Each time a new SSL context is allocated, global.sslconns is incremented. If global.maxsslconn is reached, the allocation is cancelled. This procedure was not entirely thread-safe due to the check and increment operations conducted at different stage. This could lead to global.maxsslconn slightly exceeded when several threads allocate SSL context while sslconns is near the limit. To fix this, use a CAS operation in a do/while loop. This code is similar to the actconn/maxconn increment for connection. A new function increment_sslconn() is defined for this operation. For the moment, only SSL code is using it. However, it is expected that QUIC will also use it to count QUIC connections as SSL ones. This should be backported to all stable releases. Note that prior to the 2.6, sslconns was outside of global struct, so this commit should be slightly adjusted.