From e7c31c4df8b6d4eccb34a19cb1c2b10ee5a824eb Mon Sep 17 00:00:00 2001
From: yihuaz <yihuaz@google.com>
Date: Sun, 12 Apr 2020 18:35:24 -0700
Subject: [PATCH] fix ssl race condition

---
 .../security/security_connector/ssl/ssl_security_connector.cc  | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc b/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc
index 13180724cdc..552bf80138e 100644
--- a/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc
+++ b/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc
@@ -31,6 +31,7 @@
 #include "src/core/lib/gpr/string.h"
 #include "src/core/lib/gprpp/host_port.h"
 #include "src/core/lib/gprpp/ref_counted_ptr.h"
+#include "src/core/lib/gprpp/sync.h"
 #include "src/core/lib/security/context/security_context.h"
 #include "src/core/lib/security/credentials/credentials.h"
 #include "src/core/lib/security/credentials/ssl/ssl_credentials.h"
@@ -304,6 +305,7 @@ class grpc_ssl_server_security_connector
    * Current certificate config will continue to be used if the callback returns
    * an error. Returns true if new credentials were successfully loaded. */
   bool try_fetch_ssl_server_credentials() {
+    grpc_core::MutexLock lock(&mu_);
     grpc_ssl_server_certificate_config* certificate_config = nullptr;
     bool status;
     if (!has_cert_config_fetcher()) return false;
@@ -387,6 +389,7 @@ class grpc_ssl_server_security_connector
     server_handshaker_factory_ = new_factory;
   }
 
+  grpc_core::Mutex mu_;
   tsi_ssl_server_handshaker_factory* server_handshaker_factory_ = nullptr;
 };
 }  // namespace