[FAB-11135] tls certpool lock fix

Change-Id: I7754d3c9eb8bcc6cd5b0288f3e7d6c4278028c6b Signed-off-by: Sudesh Shetty <[email protected]>
hyperledger · Aug 8, 2018 · 972a009 · 972a009
1 parent 0424521
commit 972a009
Showing 1 changed file with 6 additions and 3 deletions.
diff --git a/pkg/core/config/comm/tls/certpool.go b/pkg/core/config/comm/tls/certpool.go
@@ -25,7 +25,7 @@ type certPool struct {
 	certPool    *x509.CertPool
 	certs       []*x509.Certificate
 	certsByName map[string][]int
-	lock        sync.Mutex
+	lock        sync.RWMutex
 	dirty       int32
 	certQueue   []*x509.Certificate
 }
@@ -52,17 +52,20 @@ func (c *certPool) Get() (*x509.CertPool, error) {
 
 	//if dirty then add certs from queue to cert pool
 	if atomic.CompareAndSwapInt32(&c.dirty, 1, 0) {
-
 		c.lock.Lock()
-		defer c.lock.Unlock()
 
 		//add all new certs in queue to cert pool
 		for _, cert := range c.certQueue {
 			c.certPool.AddCert(cert)
 		}
 		c.certQueue = []*x509.Certificate{}
+
+		c.lock.Unlock()
 	}
 
+	c.lock.RLock()
+	defer c.lock.RUnlock()
+
 	return c.certPool, nil
 }