From: Kevin Kane Date: Mon, 24 Apr 2017 21:11:17 +0000 (-0700) Subject: [IOT-2101] Don't automatically assert roles accessing DOXM X-Git-Tag: 1.3.0~264 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=82ee4e19c4f34d0d787ca6968f06e8203cd46215;p=platform%2Fupstream%2Fiotivity.git [IOT-2101] Don't automatically assert roles accessing DOXM During OTM, the DOXM resource is accessed while the SSL lock is held. Attempting to assert roles causes this lock to be acquired again, and recursive locking is not supported. Therefore, don't automatically assert roles when accessing DOXM. Since this resource seems to only be accessed either anonymously or with an owner PSK, this shouldn't be needed, anyway. Change-Id: I4b04d24544a5049d3a91827753d565e118cbf9d5 Signed-off-by: Kevin Kane Reviewed-on: https://gerrit.iotivity.org/gerrit/19237 Tested-by: jenkins-iotivity Reviewed-by: Phil Coval Reviewed-by: Alex Kelley Reviewed-by: Way Vadhanasin Reviewed-by: Nathan Heldt-Sheller --- diff --git a/resource/csdk/connectivity/src/adapter_util/ca_adapter_net_ssl.c b/resource/csdk/connectivity/src/adapter_util/ca_adapter_net_ssl.c index 4a93e4b..b82e21f 100644 --- a/resource/csdk/connectivity/src/adapter_util/ca_adapter_net_ssl.c +++ b/resource/csdk/connectivity/src/adapter_util/ca_adapter_net_ssl.c @@ -824,6 +824,7 @@ CAResult_t GetCASecureEndpointData(const CAEndpoint_t* peer, CASecureEndpoint_t* { OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__); + oc_mutex_assert_owner(g_sslContextMutex, false); oc_mutex_lock(g_sslContextMutex); if (NULL == g_caSslContext) { diff --git a/resource/csdk/stack/src/ocstack.c b/resource/csdk/stack/src/ocstack.c index 67ff3be..0495a81 100644 --- a/resource/csdk/stack/src/ocstack.c +++ b/resource/csdk/stack/src/ocstack.c @@ -3394,7 +3394,8 @@ OCStackResult OCDoRequest(OCDoHandle *handle, #if defined(__WITH_DTLS__) || defined(__WITH_TLS__) /* Check whether we should assert role certificates before making this request. */ if ((endpoint.flags & CA_SECURE) && - (strcmp(requestInfo.info.resourceUri, OIC_RSRC_ROLES_URI) != 0)) + (strcmp(requestInfo.info.resourceUri, OIC_RSRC_ROLES_URI) != 0) && + (strcmp(requestInfo.info.resourceUri, OIC_RSRC_DOXM_URI) != 0)) { CASecureEndpoint_t sep; CAResult_t caRes = CAGetSecureEndpointData(&endpoint, &sep);