aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorIngela Anderton Andin <[email protected]>2011-05-18 14:44:56 +0200
committerIngela Anderton Andin <[email protected]>2011-05-18 14:44:56 +0200
commit1ac176aa4b57050bf0672ad4af8c926bf4465f4a (patch)
treedd0159be89d9d843f6eac80192f93442cfad07c2
parent4ed30063f15b4b80f5f23b00f55a49ed3496fe9e (diff)
parent2b31edf742b3d9236dfc35b947b3b0c356010236 (diff)
downloadotp-1ac176aa4b57050bf0672ad4af8c926bf4465f4a.tar.gz
otp-1ac176aa4b57050bf0672ad4af8c926bf4465f4a.tar.bz2
otp-1ac176aa4b57050bf0672ad4af8c926bf4465f4a.zip
Merge branch 'ia/ssl/do_not_invalidate_session_on_improper_close/OTP-9310' into dev
* ia/ssl/do_not_invalidate_session_on_improper_close/OTP-9310: In TLS 1.1, failure to properly close a connection no longer requires that a session not be resumed. This is a change from TLS 1.0 to conform with widespread implementation practice. Erlang ssl will now in TLS 1.0 conform to the widespread implementation practice instead of the specification to avoid performance issues.
-rw-r--r--lib/ssl/src/ssl_connection.erl18
1 files changed, 12 insertions, 6 deletions
diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl
index 0a86e9bd29..2c452837f8 100644
--- a/lib/ssl/src/ssl_connection.erl
+++ b/lib/ssl/src/ssl_connection.erl
@@ -941,17 +941,23 @@ handle_info({Protocol, _, Data}, StateName,
handle_info({CloseTag, Socket}, _StateName,
#state{socket = Socket, close_tag = CloseTag,
- negotiated_version = Version, host = Host,
- port = Port, socket_options = Opts,
+ negotiated_version = Version,
+ socket_options = Opts,
user_application = {_Mon,Pid}, from = From,
- role = Role, session = Session} = State) ->
- %% Debug option maybe, the user do NOT want to see these in their logs
- %% error_logger:info_report("SSL: Peer did not send close notify alert."),
+ role = Role} = State) ->
+ %% Note that as of TLS 1.1,
+ %% failure to properly close a connection no longer requires that a
+ %% session not be resumed. This is a change from TLS 1.0 to conform
+ %% with widespread implementation practice.
case Version of
{1, N} when N >= 1 ->
ok;
_ ->
- invalidate_session(Role, Host, Port, Session)
+ %% As invalidate_sessions here causes performance issues,
+ %% we will conform to the widespread implementation
+ %% practice and go aginst the spec
+ %%invalidate_session(Role, Host, Port, Session)
+ ok
end,
alert_user(Opts#socket_options.active, Pid, From,
?ALERT_REC(?WARNING, ?CLOSE_NOTIFY), Role),