Use a separate (volatile) variable for certificate alias

If a connection is started while certificates are still loading and the
initiation is then canceled a deadlock could result if the daemon is
trying to enumerate the certificates just then.

diff --git a/src/frontends/android/src/org/strongswan/android/logic/CharonVpnService.java b/src/frontends/android/src/org/strongswan/android/logic/CharonVpnService.java
index 1d9881cb8a18c4d0fd78eb41efb244fbbca83829..58730c0085acdc6a18a12f369c118554659f81f4 100644 (file)
--- a/src/frontends/android/src/org/strongswan/android/logic/CharonVpnService.java
+++ b/src/frontends/android/src/org/strongswan/android/logic/CharonVpnService.java
@@ -46,6 +46,7 @@ public class CharonVpnService extends VpnService implements Runnable
        private VpnProfileDataSource mDataSource;
        private Thread mConnectionHandler;
        private VpnProfile mCurrentProfile;
+       private volatile String mCurrentCertificateAlias;
        private VpnProfile mNextProfile;
        private volatile boolean mProfileUpdated;
        private volatile boolean mTerminate;
@@ -189,6 +190,10 @@ public class CharonVpnService extends VpnService implements Runnable
                                                mCurrentProfile = mNextProfile;
                                                mNextProfile = null;
 
+                                               /* store this in a separate (volatile) variable to avoid
+                                                * a possible deadlock during deinitialization */
+                                               mCurrentCertificateAlias = mCurrentProfile.getCertificateAlias();
+
                                                setProfile(mCurrentProfile);
                                                setError(ErrorState.NO_ERROR);
                                                setState(State.CONNECTING);
@@ -350,7 +355,7 @@ public class CharonVpnService extends VpnService implements Runnable
         * @param hash optional alias (only hash part), if given matching certificates are returned
         * @return a list of DER encoded CA certificates
         */
-       private synchronized byte[][] getTrustedCertificates(String hash)
+       private byte[][] getTrustedCertificates(String hash)
        {
                ArrayList<byte[]> certs = new ArrayList<byte[]>();
                TrustedCertificateManager certman = TrustedCertificateManager.getInstance();
@@ -373,7 +378,7 @@ public class CharonVpnService extends VpnService implements Runnable
                        }
                        else
                        {
-                               String alias = this.mCurrentProfile.getCertificateAlias();
+                               String alias = this.mCurrentCertificateAlias;
                                if (alias != null)
                                {
                                        X509Certificate cert = certman.getCACertificateFromAlias(alias);