Fix possible regression around TLS config changes. Add VOLATILE_CONFIG flag for volatile configurations. (#10713)
This fixes a possible regression in Redis 7.0.0, in which doing CONFIG SET on a TLS config would not reload the configuration in case the new config is the same file as before. A volatile configuration is a configuration value which is a reference to the configuration data and not the configuration data itself. In such a case Redis doesn't know if the config data changed under the hood and can't assume a change happens only when the config value changes. Therefore it needs to be applied even when setting a config value to the same value as it was before.
This commit is contained in:
parent
b414605285
commit
b16d1c2713
24
src/config.c
24
src/config.c
@ -1813,7 +1813,7 @@ static int boolConfigSet(standardConfig *config, sds *argv, int argc, const char
|
||||
*(config->data.yesno.config) = yn;
|
||||
return 1;
|
||||
}
|
||||
return 2;
|
||||
return (config->flags & VOLATILE_CONFIG) ? 1 : 2;
|
||||
}
|
||||
|
||||
static sds boolConfigGet(standardConfig *config) {
|
||||
@ -1855,7 +1855,7 @@ static int stringConfigSet(standardConfig *config, sds *argv, int argc, const ch
|
||||
zfree(prev);
|
||||
return 1;
|
||||
}
|
||||
return 2;
|
||||
return (config->flags & VOLATILE_CONFIG) ? 1 : 2;
|
||||
}
|
||||
|
||||
static sds stringConfigGet(standardConfig *config) {
|
||||
@ -1892,7 +1892,7 @@ static int sdsConfigSet(standardConfig *config, sds *argv, int argc, const char
|
||||
return 1;
|
||||
}
|
||||
if (config->flags & MODULE_CONFIG && prev) sdsfree(prev);
|
||||
return 2;
|
||||
return (config->flags & VOLATILE_CONFIG) ? 1 : 2;
|
||||
}
|
||||
|
||||
static sds sdsConfigGet(standardConfig *config) {
|
||||
@ -1976,7 +1976,7 @@ static int enumConfigSet(standardConfig *config, sds *argv, int argc, const char
|
||||
*(config->data.enumd.config) = enumval;
|
||||
return 1;
|
||||
}
|
||||
return 2;
|
||||
return (config->flags & VOLATILE_CONFIG) ? 1 : 2;
|
||||
}
|
||||
|
||||
static sds enumConfigGet(standardConfig *config) {
|
||||
@ -2172,7 +2172,7 @@ static int numericConfigSet(standardConfig *config, sds *argv, int argc, const c
|
||||
return setNumericType(config, ll, err);
|
||||
}
|
||||
|
||||
return 2;
|
||||
return (config->flags & VOLATILE_CONFIG) ? 1 : 2;
|
||||
}
|
||||
|
||||
static sds numericConfigGet(standardConfig *config) {
|
||||
@ -3097,15 +3097,15 @@ standardConfig static_configs[] = {
|
||||
createEnumConfig("tls-auth-clients", NULL, MODIFIABLE_CONFIG, tls_auth_clients_enum, server.tls_auth_clients, TLS_CLIENT_AUTH_YES, NULL, NULL),
|
||||
createBoolConfig("tls-prefer-server-ciphers", NULL, MODIFIABLE_CONFIG, server.tls_ctx_config.prefer_server_ciphers, 0, NULL, applyTlsCfg),
|
||||
createBoolConfig("tls-session-caching", NULL, MODIFIABLE_CONFIG, server.tls_ctx_config.session_caching, 1, NULL, applyTlsCfg),
|
||||
createStringConfig("tls-cert-file", NULL, MODIFIABLE_CONFIG, EMPTY_STRING_IS_NULL, server.tls_ctx_config.cert_file, NULL, NULL, applyTlsCfg),
|
||||
createStringConfig("tls-key-file", NULL, MODIFIABLE_CONFIG, EMPTY_STRING_IS_NULL, server.tls_ctx_config.key_file, NULL, NULL, applyTlsCfg),
|
||||
createStringConfig("tls-cert-file", NULL, VOLATILE_CONFIG | MODIFIABLE_CONFIG, EMPTY_STRING_IS_NULL, server.tls_ctx_config.cert_file, NULL, NULL, applyTlsCfg),
|
||||
createStringConfig("tls-key-file", NULL, VOLATILE_CONFIG | MODIFIABLE_CONFIG, EMPTY_STRING_IS_NULL, server.tls_ctx_config.key_file, NULL, NULL, applyTlsCfg),
|
||||
createStringConfig("tls-key-file-pass", NULL, MODIFIABLE_CONFIG, EMPTY_STRING_IS_NULL, server.tls_ctx_config.key_file_pass, NULL, NULL, applyTlsCfg),
|
||||
createStringConfig("tls-client-cert-file", NULL, MODIFIABLE_CONFIG, EMPTY_STRING_IS_NULL, server.tls_ctx_config.client_cert_file, NULL, NULL, applyTlsCfg),
|
||||
createStringConfig("tls-client-key-file", NULL, MODIFIABLE_CONFIG, EMPTY_STRING_IS_NULL, server.tls_ctx_config.client_key_file, NULL, NULL, applyTlsCfg),
|
||||
createStringConfig("tls-client-cert-file", NULL, VOLATILE_CONFIG | MODIFIABLE_CONFIG, EMPTY_STRING_IS_NULL, server.tls_ctx_config.client_cert_file, NULL, NULL, applyTlsCfg),
|
||||
createStringConfig("tls-client-key-file", NULL, VOLATILE_CONFIG | MODIFIABLE_CONFIG, EMPTY_STRING_IS_NULL, server.tls_ctx_config.client_key_file, NULL, NULL, applyTlsCfg),
|
||||
createStringConfig("tls-client-key-file-pass", NULL, MODIFIABLE_CONFIG, EMPTY_STRING_IS_NULL, server.tls_ctx_config.client_key_file_pass, NULL, NULL, applyTlsCfg),
|
||||
createStringConfig("tls-dh-params-file", NULL, MODIFIABLE_CONFIG, EMPTY_STRING_IS_NULL, server.tls_ctx_config.dh_params_file, NULL, NULL, applyTlsCfg),
|
||||
createStringConfig("tls-ca-cert-file", NULL, MODIFIABLE_CONFIG, EMPTY_STRING_IS_NULL, server.tls_ctx_config.ca_cert_file, NULL, NULL, applyTlsCfg),
|
||||
createStringConfig("tls-ca-cert-dir", NULL, MODIFIABLE_CONFIG, EMPTY_STRING_IS_NULL, server.tls_ctx_config.ca_cert_dir, NULL, NULL, applyTlsCfg),
|
||||
createStringConfig("tls-dh-params-file", NULL, VOLATILE_CONFIG | MODIFIABLE_CONFIG, EMPTY_STRING_IS_NULL, server.tls_ctx_config.dh_params_file, NULL, NULL, applyTlsCfg),
|
||||
createStringConfig("tls-ca-cert-file", NULL, VOLATILE_CONFIG | MODIFIABLE_CONFIG, EMPTY_STRING_IS_NULL, server.tls_ctx_config.ca_cert_file, NULL, NULL, applyTlsCfg),
|
||||
createStringConfig("tls-ca-cert-dir", NULL, VOLATILE_CONFIG | MODIFIABLE_CONFIG, EMPTY_STRING_IS_NULL, server.tls_ctx_config.ca_cert_dir, NULL, NULL, applyTlsCfg),
|
||||
createStringConfig("tls-protocols", NULL, MODIFIABLE_CONFIG, EMPTY_STRING_IS_NULL, server.tls_ctx_config.protocols, NULL, NULL, applyTlsCfg),
|
||||
createStringConfig("tls-ciphers", NULL, MODIFIABLE_CONFIG, EMPTY_STRING_IS_NULL, server.tls_ctx_config.ciphers, NULL, NULL, applyTlsCfg),
|
||||
createStringConfig("tls-ciphersuites", NULL, MODIFIABLE_CONFIG, EMPTY_STRING_IS_NULL, server.tls_ctx_config.ciphersuites, NULL, NULL, applyTlsCfg),
|
||||
|
@ -3014,6 +3014,10 @@ sds keyspaceEventsFlagsToString(int flags);
|
||||
#define DENY_LOADING_CONFIG (1ULL<<6) /* This config is forbidden during loading. */
|
||||
#define ALIAS_CONFIG (1ULL<<7) /* For configs with multiple names, this flag is set on the alias. */
|
||||
#define MODULE_CONFIG (1ULL<<8) /* This config is a module config */
|
||||
#define VOLATILE_CONFIG (1ULL<<9) /* The config is a reference to the config data and not the config data itself (ex.
|
||||
* a file name containing more configuration like a tls key). In this case we want
|
||||
* to apply the configuration change even if the new config value is the same as
|
||||
* the old. */
|
||||
|
||||
#define INTEGER_CONFIG 0 /* No flags means a simple integer configuration */
|
||||
#define MEMORY_CONFIG (1<<0) /* Indicates if this value can be loaded as a memory value */
|
||||
|
Loading…
x
Reference in New Issue
Block a user