KNOT_DUMP_STYLE_DEFAULT@Base 3.4.0
knot_creds_cert@Base 3.4.0
knot_creds_free@Base 3.4.0
+ knot_creds_hash@Base 3.5.0
knot_creds_init@Base 3.4.0
knot_creds_init_peer@Base 3.4.0
knot_creds_update@Base 3.4.0
return pool;
}
-void conn_pool_deinit(conn_pool_t *pool)
+void conn_pool_purge(conn_pool_t *pool)
{
if (pool != NULL) {
- pthread_cancel(pool->closing_thread);
- pthread_join(pool->closing_thread, NULL);
-
conn_pool_fd_t fd;
knot_time_t unused;
while ((fd = get_old(pool, 0, &unused)) != CONN_POOL_FD_INVALID) {
pool->close_cb(fd);
}
+ }
+}
+void conn_pool_deinit(conn_pool_t *pool)
+{
+ if (pool != NULL) {
+ pthread_cancel(pool->closing_thread);
+ pthread_join(pool->closing_thread, NULL);
+ conn_pool_purge(pool);
pthread_mutex_destroy(&pool->mutex);
free(pool);
}
conn_pool_close_cb_t close_cb,
conn_pool_invalid_cb_t invalid_cb);
+/*!
+ * \brief Purges the pool.
+ *
+ * \param pool Connection pool.
+ */
+void conn_pool_purge(conn_pool_t *pool);
+
/*!
* \brief Deallocate the pool, close all connections, terminate closing thread.
*
}
global_sessticket_pool = new_pool;
}
+ } else if (server->quic_creds != NULL) {
+ static uint64_t hash = 0;
+ uint64_t curr_hash = knot_creds_hash(server->quic_creds);
+ if (hash != curr_hash) {
+ conn_pool_purge(global_sessticket_pool);
+ }
+ hash = curr_hash;
}
val = conf_get(conf, C_SRV, C_RMT_RETRY_DELAY);
{
return knot_tls_cert_check_hostnames(session, creds->peer_hostnames);
}
+
+_public_
+uint64_t knot_creds_hash(struct knot_creds *creds)
+{
+ return creds->creds_hash;
+}
int knot_tls_cert_check(struct gnutls_session_int *session,
struct knot_creds *creds);
+/*!
+ * \brief Returns hashed creds sources for creds change detection.
+ *
+ * \param creds TLS credentials.
+ *
+ * \return Hash of creds sources.
+ */
+uint64_t knot_creds_hash(struct knot_creds *creds);
+
/*! @} */
t.link(zones, master, slave)
-for z in zones:
- master.zones[z.name].zfile.update_soa(retry=10) # WARNING this inhibits the effect of some issue that QUIC communication fails sometimes. This SHOULD be removed and the QUIC issue fixed!
-
for z in rnd_zones:
master.dnssec(z).enable = True
else:
master.fill_cert_key()
slave.gen_confile()
- #slave.reload() doesn't work for hostname, restart instead till fixed
- slave.stop()
- slave.start()
+ slave.reload()
serials = upd_check_zones(master, slave, rnd_zones, serials)
# Check slave not authenticated due to bad cert-key
else:
slave.fill_cert_key()
master.gen_confile()
- #master.reload() doesn't work for hostname, restart instead till fixed
- master.stop()
- master.start()
+ master.reload()
serials = upd_check_zones(master, slave, rnd_zones, serials)
finally:
else:
master.fill_cert_key()
slave.gen_confile()
- #slave.reload() doesn't work for hostname, restart instead till fixed
- slave.stop()
- slave.start()
+ slave.reload()
serials = upd_check_zones(master, slave, rnd_zones, serials)
# Check slave not authenticated due to bad cert-key
else:
slave.fill_cert_key()
master.gen_confile()
- #master.reload() doesn't work for hostname, restart instead till fixed
- master.stop()
- master.start()
+ master.reload()
serials = upd_check_zones(master, slave, rnd_zones, serials)
finally:
projects / thirdparty / knot-dns.git / commitdiff
