From b0a1266835386590c65ec433759c5cc1063bd472 Mon Sep 17 00:00:00 2001 From: Valentin Bartenev Date: Mon, 15 Mar 2021 14:57:31 +0300 Subject: Fixed certificates loading on startup with some filesystems. It appears that readdir() on Linux detects file types unreliably, always setting the "d_type" field to DT_UNKNOWN for some less common filesystems. As a result, all files were skipped and no certificate bundles were found when the state directory was located on such filesystems. Skipping "." and ".." instead of any non-regular files should be enough, as no other non-regular files normally appear in this directory. This closes #368 issue on GitHub. --- docs/changes.xml | 7 +++++++ src/nxt_cert.c | 10 ++++++---- 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/docs/changes.xml b/docs/changes.xml index d9d25e5c..07decb2a 100644 --- a/docs/changes.xml +++ b/docs/changes.xml @@ -30,6 +30,13 @@ reconfiguring an application; the bug had appeared in 1.19.0. + + +persistent storage of certificates might've not worked with some filesystems in +Linux, and all uploaded certificate bundles were forgotten after restart. + + + diff --git a/src/nxt_cert.c b/src/nxt_cert.c index 9e825d80..357a9211 100644 --- a/src/nxt_cert.c +++ b/src/nxt_cert.c @@ -838,7 +838,12 @@ nxt_cert_store_load(nxt_task_t *task, nxt_mp_t *mp) break; } - if (de->d_type != DT_REG) { + nxt_debug(task, "readdir(\"%s\"): \"%s\"", rt->certs.start, de->d_name); + + name.length = nxt_strlen(de->d_name); + name.start = (u_char *) de->d_name; + + if (nxt_str_eq(&name, ".", 1) || nxt_str_eq(&name, "..", 2)) { continue; } @@ -849,9 +854,6 @@ nxt_cert_store_load(nxt_task_t *task, nxt_mp_t *mp) item->fd = -1; - name.length = nxt_strlen(de->d_name); - name.start = (u_char *) de->d_name; - size = rt->certs.length + name.length + 1; if (size > alloc) { -- cgit