remove deadlock

src/github.com/getlantern/flashlight/config/config.go

@@ -51,7 +51,6 @@ var (
 	lastCloudConfigETag = map[string]string{}
 	httpClient          atomic.Value
 	r                   = regexp.MustCompile("\\d+\\.\\d+")
-	poolCh              = make(chan *x509.CertPool, 1)
 )
 
 type Config struct {
@@ -264,10 +263,6 @@ func Run(updateHandler func(updated *Config)) error {
 
 func updateGlobals(cfg *Config) error {
 	globals.InstanceId = cfg.InstanceId
-	err := cfg.createCertPool()
-	if err != nil {
-		return fmt.Errorf("Unable to configure trusted CAs: %s", err)
-	}
 	return nil
 }
 
@@ -299,26 +294,16 @@ func InConfigDir(filename string) (string, string, error) {
 	return cdir, filepath.Join(cdir, filename), nil
 }
 
-func (cfg *Config) GetTrustedCACerts() *x509.CertPool {
-	pool := <-poolCh
-	if len(poolCh) == 0 {
-		poolCh <- pool
-	}
-	return pool
-}
-
-func (cfg *Config) createCertPool() error {
+func (cfg *Config) GetTrustedCACerts() (pool *x509.CertPool, err error) {
 	certs := make([]string, 0, len(cfg.TrustedCAs))
 	for _, ca := range cfg.TrustedCAs {
 		certs = append(certs, ca.Cert)
 	}
-	pool, err := keyman.PoolContainingCerts(certs...)
+	pool, err = keyman.PoolContainingCerts(certs...)
 	if err != nil {
 		log.Errorf("Could not create pool %v", err)
-		return err
 	}
-	poolCh <- pool
-	return nil
+	return
 }
 
 // GetVersion implements the method from interface yamlconf.Config

src/github.com/getlantern/flashlight/flashlight.go

@@ -358,7 +358,12 @@ func applyClientConfig(client *client.Client, cfg *config.Config) {
 	cfgMutex.Lock()
 	defer cfgMutex.Unlock()
 
-	fronted.Configure(cfg.GetTrustedCACerts(), cfg.Client.MasqueradeSets["cloudfront"])
+	certs, err := cfg.GetTrustedCACerts()
+	if err != nil {
+		log.Errorf("Unable to get trusted ca certs, not configure fronted: %s", err)
+	} else {
+		fronted.Configure(certs, cfg.Client.MasqueradeSets["cloudfront"])
+	}
 
 	autoupdate.Configure(cfg)
 	logging.Configure(cfg.Addr, cfg.CloudConfigCA, cfg.InstanceId,

src/github.com/getlantern/fronted/direct.go

@@ -22,8 +22,10 @@ var (
 )
 
 func Configure(pool *x509.CertPool, masquerades []*Masquerade) {
-	poolCh <- pool
-	masqueradesCh <- masquerades
+	go func() {
+		poolCh <- pool
+		masqueradesCh <- masquerades
+	}()
 }
 
 func getCertPool() *x509.CertPool {
@@ -34,6 +36,17 @@ func getCertPool() *x509.CertPool {
 	return pool
 }
 
+type Direct struct {
+	tlsConfigs      map[string]*tls.Config
+	tlsConfigsMutex sync.Mutex
+}
+
+func NewDirect() *Direct {
+	return &Direct{
+		tlsConfigs: make(map[string]*tls.Config),
+	}
+}
+
 func (d *Direct) getMasquerade() *Masquerade {
 	if len(masqCh) > 0 {
 		return <-masqCh
@@ -66,11 +79,6 @@ func (d *Direct) getMasquerade() *Masquerade {
 	return <-masqCh
 }
 
-type Direct struct {
-	tlsConfigs      map[string]*tls.Config
-	tlsConfigsMutex sync.Mutex
-}
-
 // directTransport is a wrapper struct enabling us to modify the protocol of outgoing
 // requests to make them all HTTP instead of potentially HTTPS, which breaks our particular
 // implemenation of direct domain fronting.

src/github.com/getlantern/fronted/direct_test.go

@@ -11,7 +11,7 @@ func TestDirectDomainFronting(t *testing.T) {
 	certs := trustedCACerts(t)
 	Configure(certs, cloudfrontMasquerades)
 
-	client := NewDirectHttpClient()
+	client := NewDirect().NewDirectHttpClient()
 
 	url := "https://d2wi0vwulmtn99.cloudfront.net/cloud.yaml.gz"
 	if resp, err := client.Head(url); err != nil {

src/github.com/getlantern/geolookup/geolookup_test.go

@@ -6,7 +6,6 @@ import (
 	"net"
 	"net/http"
 	"testing"
-	"time"
 
 	"github.com/getlantern/fronted"
 	"github.com/getlantern/keyman"
@@ -25,8 +24,8 @@ func TestCityLookup(t *testing.T) {
 	rootCAs := certPool(t)
 	masquerades := masquerades()
 	fronted.Configure(rootCAs, masquerades)
-
-	client = fronted.NewDirectHttpClient()
+	direct := fronted.NewDirect()
+	client = direct.NewDirectHttpClient()
 	cloudfrontEndpoint := `http://d3u5fqukq7qrhd.cloudfront.net/lookup/%v`
 	city, _, err = LookupIPWithEndpoint(cloudfrontEndpoint, "198.199.72.101", client)
 	if assert.NoError(t, err) {