nghttpx: Wait for child process to exit

Normally, we don't have wait for child process to exit, since init can
take care of them.  But in containerized environment, pid 0 init might
not be available, and defunct processes can be piled up.  This commit
ensures that OCSP and neverbleed processes are waited for before
worker process exits.

src/shrpx_connection_handler.cc

@@ -499,7 +499,23 @@ void ConnectionHandler::cancel_ocsp_update() {
     return;
   }
 
-  kill(ocsp_.proc.pid, SIGTERM);
+  int rv;
+
+  rv = kill(ocsp_.proc.pid, SIGTERM);
+  if (rv != 0) {
+    auto error = errno;
+    LOG(ERROR) << "Could not send signal to OCSP query process: errno="
+               << error;
+  }
+
+  while ((rv = waitpid(ocsp_.proc.pid, nullptr, 0)) == -1 && errno == EINTR)
+    ;
+  if (rv == -1) {
+    auto error = errno;
+    LOG(ERROR) << "Error occurred while we were waiting for the completion of "
+                  "OCSP query process: errno="
+               << error;
+  }
 }
 
 // inspired by h2o_read_command function from h2o project:

src/shrpx_worker_process.cc

@@ -29,6 +29,7 @@
 #include <unistd.h>
 #endif // HAVE_UNISTD_H
 #include <sys/resource.h>
+#include <sys/wait.h>
 #include <grp.h>
 
 #include <cinttypes>
@@ -552,6 +553,28 @@ int worker_process_event_loop(WorkerProcessConfig *wpconf) {
 
   conn_handler.cancel_ocsp_update();
 
+#ifdef HAVE_NEVERBLEED
+  if (nb) {
+    assert(nb->daemon_pid > 0);
+
+    rv = kill(nb->daemon_pid, SIGTERM);
+    if (rv != 0) {
+      auto error = errno;
+      LOG(ERROR) << "Could not send signal to neverbleed daemon: errno="
+                 << error;
+    }
+
+    while ((rv = waitpid(nb->daemon_pid, nullptr, 0)) == -1 && errno == EINTR)
+      ;
+    if (rv == -1) {
+      auto error = errno;
+      LOG(ERROR) << "Error occurred while we were waiting for the completion "
+                    "of neverbleed process: errno="
+                 << error;
+    }
+  }
+#endif // HAVE_NEVERBLEED
+
   return 0;
 }