SERVER-38738 collapse all getSSLManager() to one implementation and remove mutex

7 files changed, 25 insertions, 70 deletions

diff --git a/src/mongo/client/dbclient_base.cpp b/src/mongo/client/dbclient_base.cpp
index bd94e397811..85d79927726 100644
--- a/src/mongo/client/dbclient_base.cpp
+++ b/src/mongo/client/dbclient_base.cpp
@@ -82,25 +82,6 @@ using std::vector;
 using executor::RemoteCommandRequest;
 using executor::RemoteCommandResponse;
 
-namespace {
-
-#ifdef MONGO_CONFIG_SSL
-static SimpleMutex s_mtx;
-static SSLManagerInterface* s_sslMgr(NULL);
-
-SSLManagerInterface* sslManager() {
-    stdx::lock_guard<SimpleMutex> lk(s_mtx);
-    if (s_sslMgr) {
-        return s_sslMgr;
-    }
-
-    s_sslMgr = getSSLManager();
-    return s_sslMgr;
-}
-#endif
-
-}  // namespace
-
 AtomicWord<long long> DBClientBase::ConnectionIdSequence;
 
 void (*DBClientBase::withConnection_do_not_use)(std::string host,
@@ -470,8 +451,8 @@ void DBClientBase::_auth(const BSONObj& params) {
     // We will only have a client name if SSL is enabled
     std::string clientName = "";
 #ifdef MONGO_CONFIG_SSL
-    if (sslManager() != nullptr) {
-        clientName = sslManager()->getSSLConfiguration().clientSubjectName.toString();
+    if (getSSLManager() != nullptr) {
+        clientName = getSSLManager()->getSSLConfiguration().clientSubjectName.toString();
     }
 #endif
 
@@ -497,8 +478,8 @@ Status DBClientBase::authenticateInternalUser() {
     // We will only have a client name if SSL is enabled
     std::string clientName = "";
 #ifdef MONGO_CONFIG_SSL
-    if (sslManager() != nullptr) {
-        clientName = sslManager()->getSSLConfiguration().clientSubjectName.toString();
+    if (getSSLManager() != nullptr) {
+        clientName = getSSLManager()->getSSLConfiguration().clientSubjectName.toString();
     }
 #endif
 
diff --git a/src/mongo/transport/session_asio.h b/src/mongo/transport/session_asio.h
index 19cdb42dfd4..b74b29af1d9 100644
--- a/src/mongo/transport/session_asio.h
+++ b/src/mongo/transport/session_asio.h
@@ -237,8 +237,7 @@ protected:
         return doHandshake().then([this, target] {
             _ranHandshake = true;
 
-            auto sslManager = getSSLManager();
-            auto swPeerInfo = uassertStatusOK(sslManager->parseAndValidatePeerCertificate(
+            auto swPeerInfo = uassertStatusOK(getSSLManager()->parseAndValidatePeerCertificate(
                 _sslSocket->native_handle(), target.host(), target));
 
             if (swPeerInfo) {
@@ -616,8 +615,7 @@ private:
                 auto& sslPeerInfo = SSLPeerInfo::forSession(shared_from_this());
 
                 if (sslPeerInfo.subjectName.empty()) {
-                    auto sslManager = getSSLManager();
-                    auto swPeerInfo = sslManager->parseAndValidatePeerCertificate(
+                    auto swPeerInfo = getSSLManager()->parseAndValidatePeerCertificate(
                         _sslSocket->native_handle(), "", _remote);
 
                     // The value of swPeerInfo is a bit complicated:
diff --git a/src/mongo/transport/transport_layer_asio.cpp b/src/mongo/transport/transport_layer_asio.cpp
index 64697fb10a3..06604606d0c 100644
--- a/src/mongo/transport/transport_layer_asio.cpp
+++ b/src/mongo/transport/transport_layer_asio.cpp
@@ -739,26 +739,25 @@ Status TransportLayerASIO::setup() {
 
 #ifdef MONGO_CONFIG_SSL
     const auto& sslParams = getSSLGlobalParams();
-    auto sslManager = getSSLManager();
 
     if (_sslMode() != SSLParams::SSLMode_disabled && _listenerOptions.isIngress()) {
         _ingressSSLContext = stdx::make_unique<asio::ssl::context>(asio::ssl::context::sslv23);
 
         Status status =
-            sslManager->initSSLContext(_ingressSSLContext->native_handle(),
-                                       sslParams,
-                                       SSLManagerInterface::ConnectionDirection::kIncoming);
+            getSSLManager()->initSSLContext(_ingressSSLContext->native_handle(),
+                                            sslParams,
+                                            SSLManagerInterface::ConnectionDirection::kIncoming);
         if (!status.isOK()) {
             return status;
         }
     }
 
-    if (_listenerOptions.isEgress() && sslManager) {
+    if (_listenerOptions.isEgress() && getSSLManager()) {
         _egressSSLContext = stdx::make_unique<asio::ssl::context>(asio::ssl::context::sslv23);
         Status status =
-            sslManager->initSSLContext(_egressSSLContext->native_handle(),
-                                       sslParams,
-                                       SSLManagerInterface::ConnectionDirection::kOutgoing);
+            getSSLManager()->initSSLContext(_egressSSLContext->native_handle(),
+                                            sslParams,
+                                            SSLManagerInterface::ConnectionDirection::kOutgoing);
         if (!status.isOK()) {
             return status;
         }
diff --git a/src/mongo/util/net/ssl_manager.cpp b/src/mongo/util/net/ssl_manager.cpp
index ac772a97a01..7035053b51f 100644
--- a/src/mongo/util/net/ssl_manager.cpp
+++ b/src/mongo/util/net/ssl_manager.cpp
@@ -53,6 +53,9 @@
 #include "mongo/util/text.h"
 
 namespace mongo {
+
+SSLManagerInterface* theSSLManager = nullptr;
+
 namespace {
 
 // Some of these duplicate the std::isalpha/std::isxdigit because we don't want them to be
@@ -575,7 +578,7 @@ TLSVersionCounts& TLSVersionCounts::get(ServiceContext* serviceContext) {
 MONGO_INITIALIZER_WITH_PREREQUISITES(SSLManagerLogger, ("SSLManager", "GlobalLogManager"))
 (InitializerContext*) {
     if (!isSSLServer || (sslGlobalParams.sslMode.load() != SSLParams::SSLMode_disabled)) {
-        const auto& config = getSSLManager()->getSSLConfiguration();
+        const auto& config = theSSLManager->getSSLConfiguration();
         if (!config.clientSubjectName.empty()) {
             LOG(1) << "Client Certificate Name: " << config.clientSubjectName;
         }
@@ -1159,6 +1162,10 @@ void recordTLSVersion(TLSVersion version, const HostAndPort& hostForLogging) {
     }
 }
 
+SSLManagerInterface* getSSLManager() {
+    return theSSLManager;
+}
+
 }  // namespace mongo
 
 // TODO SERVER-11601 Use NFC Unicode canonicalization
diff --git a/src/mongo/util/net/ssl_manager_apple.cpp b/src/mongo/util/net/ssl_manager_apple.cpp
index 084c3369f2e..6d16d98fae0 100644
--- a/src/mongo/util/net/ssl_manager_apple.cpp
+++ b/src/mongo/util/net/ssl_manager_apple.cpp
@@ -1559,10 +1559,7 @@ int SSLManagerApple::SSL_shutdown(SSLConnectionInterface* conn) {
 // Global variable indicating if this is a server or a client instance
 bool isSSLServer = false;
 
-namespace {
-SimpleMutex sslManagerMtx;
-SSLManagerInterface* theSSLManager = nullptr;
-}  // namespace
+extern SSLManagerInterface* theSSLManager;
 
 std::unique_ptr<SSLManagerInterface> SSLManagerInterface::create(const SSLParams& params,
                                                                  bool isServer) {
@@ -1574,7 +1571,6 @@ MONGO_INITIALIZER_WITH_PREREQUISITES(SSLManager, ("EndStartupOptionHandling"))
     kMongoDBRolesOID = ::CFStringCreateWithCString(
         nullptr, mongodbRolesOID.identifier.c_str(), ::kCFStringEncodingUTF8);
 
-    stdx::lock_guard<SimpleMutex> lck(sslManagerMtx);
     if (!isSSLServer || (sslGlobalParams.sslMode.load() != SSLParams::SSLMode_disabled)) {
         theSSLManager = new SSLManagerApple(sslGlobalParams, isSSLServer);
     }
@@ -1582,11 +1578,3 @@ MONGO_INITIALIZER_WITH_PREREQUISITES(SSLManager, ("EndStartupOptionHandling"))
 }
 
 }  // namespace mongo
-
-mongo::SSLManagerInterface* mongo::getSSLManager() {
-    stdx::lock_guard<SimpleMutex> lck(sslManagerMtx);
-    if (theSSLManager) {
-        return theSSLManager;
-    }
-    return nullptr;
-}
diff --git a/src/mongo/util/net/ssl_manager_openssl.cpp b/src/mongo/util/net/ssl_manager_openssl.cpp
index e3eab7cbe6d..44521e0115c 100644
--- a/src/mongo/util/net/ssl_manager_openssl.cpp
+++ b/src/mongo/util/net/ssl_manager_openssl.cpp
@@ -416,8 +416,6 @@ public:
 
 ////////////////////////////////////////////////////////////////
 
-SimpleMutex sslManagerMtx;
-SSLManagerInterface* theSSLManager = NULL;
 using UniqueSSLContext = std::unique_ptr<SSL_CTX, decltype(&free_ssl_context)>;
 static const int BUFFER_SIZE = 8 * 1024;
 static const int DATE_LEN = 128;
@@ -642,6 +640,7 @@ void setupFIPS() {
 // Global variable indicating if this is a server or a client instance
 bool isSSLServer = false;
 
+extern SSLManagerInterface* theSSLManager;
 
 MONGO_INITIALIZER(SetupOpenSSL)(InitializerContext*) {
     SSL_library_init();
@@ -664,7 +663,6 @@ MONGO_INITIALIZER(SetupOpenSSL)(InitializerContext*) {
 
 MONGO_INITIALIZER_WITH_PREREQUISITES(SSLManager, ("SetupOpenSSL", "EndStartupOptionHandling"))
 (InitializerContext*) {
-    stdx::lock_guard<SimpleMutex> lck(sslManagerMtx);
     if (!isSSLServer || (sslGlobalParams.sslMode.load() != SSLParams::SSLMode_disabled)) {
         theSSLManager = new SSLManagerOpenSSL(sslGlobalParams, isSSLServer);
     }
@@ -676,13 +674,6 @@ std::unique_ptr<SSLManagerInterface> SSLManagerInterface::create(const SSLParams
     return stdx::make_unique<SSLManagerOpenSSL>(params, isServer);
 }
 
-SSLManagerInterface* getSSLManager() {
-    stdx::lock_guard<SimpleMutex> lck(sslManagerMtx);
-    if (theSSLManager)
-        return theSSLManager;
-    return NULL;
-}
-
 SSLX509Name getCertificateSubjectX509Name(X509* cert) {
     std::vector<std::vector<SSLX509Name::Entry>> entries;
 
diff --git a/src/mongo/util/net/ssl_manager_windows.cpp b/src/mongo/util/net/ssl_manager_windows.cpp
index 111d38157c8..e5f88e026e7 100644
--- a/src/mongo/util/net/ssl_manager_windows.cpp
+++ b/src/mongo/util/net/ssl_manager_windows.cpp
@@ -66,10 +66,9 @@
 
 namespace mongo {
 
-namespace {
+extern SSLManagerInterface* theSSLManager;
 
-SimpleMutex sslManagerMtx;
-SSLManagerInterface* theSSLManager = NULL;
+namespace {
 
 /**
 * Free a Certificate Context.
@@ -346,7 +345,6 @@ private:
 
 MONGO_INITIALIZER_WITH_PREREQUISITES(SSLManager, ("EndStartupOptionHandling"))
 (InitializerContext*) {
-    stdx::lock_guard<SimpleMutex> lck(sslManagerMtx);
     if (!isSSLServer || (sslGlobalParams.sslMode.load() != SSLParams::SSLMode_disabled)) {
         theSSLManager = new SSLManagerWindows(sslGlobalParams, isSSLServer);
     }
@@ -379,13 +377,6 @@ std::unique_ptr<SSLManagerInterface> SSLManagerInterface::create(const SSLParams
     return stdx::make_unique<SSLManagerWindows>(params, isServer);
 }
 
-SSLManagerInterface* getSSLManager() {
-    stdx::lock_guard<SimpleMutex> lck(sslManagerMtx);
-    if (theSSLManager)
-        return theSSLManager;
-    return NULL;
-}
-
 namespace {
 
 SSLManagerWindows::SSLManagerWindows(const SSLParams& params, bool isServer)