void call_func() { call_once(of, init_count); }
inline void call_once(void (*func)(),once_flag& flag) { call_once(flag,func); }
/** * Once per rd_kafka_t handle initialization of OpenSSL * * Locality: application thread * * NOTE: rd_kafka_wrlock() MUST be held */ int rd_kafka_transport_ssl_ctx_init (rd_kafka_t *rk, char *errstr, size_t errstr_size) { int r; SSL_CTX *ctx; call_once(&rd_kafka_ssl_init_once, rd_kafka_transport_ssl_init); ctx = SSL_CTX_new(SSLv23_client_method()); if (!ctx) goto fail; /* Key file password callback */ SSL_CTX_set_default_passwd_cb(ctx, rd_kafka_transport_ssl_passwd_cb); SSL_CTX_set_default_passwd_cb_userdata(ctx, rk); /* Ciphers */ if (rk->rk_conf.ssl.cipher_suites) { rd_kafka_dbg(rk, SECURITY, "SSL", "Setting cipher list: %s", rk->rk_conf.ssl.cipher_suites); if (!SSL_CTX_set_cipher_list(ctx, rk->rk_conf.ssl.cipher_suites)) { rd_snprintf(errstr, errstr_size, "No recognized ciphers"); goto fail; } } if (rk->rk_conf.ssl.ca_location) { /* CA certificate location, either file or directory. */ int is_dir = rd_kafka_path_is_dir(rk->rk_conf.ssl.ca_location); rd_kafka_dbg(rk, SECURITY, "SSL", "Loading CA certificate(s) from %s %s", is_dir ? "directory":"file", rk->rk_conf.ssl.ca_location); r = SSL_CTX_load_verify_locations(ctx, !is_dir ? rk->rk_conf.ssl. ca_location : NULL, is_dir ? rk->rk_conf.ssl. ca_location : NULL); if (r != 1) goto fail; } if (rk->rk_conf.ssl.crl_location) { rd_kafka_dbg(rk, SECURITY, "SSL", "Loading CRL from file %s", rk->rk_conf.ssl.crl_location); r = SSL_CTX_load_verify_locations(ctx, rk->rk_conf.ssl.crl_location, NULL); if (r != 1) goto fail; rd_kafka_dbg(rk, SECURITY, "SSL", "Enabling CRL checks"); X509_STORE_set_flags(SSL_CTX_get_cert_store(ctx), X509_V_FLAG_CRL_CHECK); } if (rk->rk_conf.ssl.cert_location) { rd_kafka_dbg(rk, SECURITY, "SSL", "Loading certificate from file %s", rk->rk_conf.ssl.cert_location); r = SSL_CTX_use_certificate_chain_file(ctx, rk->rk_conf.ssl.cert_location); if (r != 1) goto fail; } if (rk->rk_conf.ssl.key_location) { rd_kafka_dbg(rk, SECURITY, "SSL", "Loading private key file from %s", rk->rk_conf.ssl.key_location); r = SSL_CTX_use_PrivateKey_file(ctx, rk->rk_conf.ssl.key_location, SSL_FILETYPE_PEM); if (r != 1) goto fail; } SSL_CTX_set_mode(ctx, SSL_MODE_ENABLE_PARTIAL_WRITE); rk->rk_conf.ssl.ctx = ctx; return 0; fail: rd_kafka_ssl_error(rk, NULL, errstr, errstr_size); SSL_CTX_free(ctx); return -1; }