diff options
author | Magnus Henoch <[email protected]> | 2015-11-20 15:27:34 +0000 |
---|---|---|
committer | Magnus Henoch <[email protected]> | 2015-12-18 15:54:42 +0000 |
commit | 1be4f6f84f36ad8a84ddcf211336aa4b266661d8 (patch) | |
tree | cce4ec5b6f71f14f0e0354c5c650a73f37948635 | |
parent | d4a3296ba3117315343057715ee428490e992ef0 (diff) | |
download | otp-1be4f6f84f36ad8a84ddcf211336aa4b266661d8.tar.gz otp-1be4f6f84f36ad8a84ddcf211336aa4b266661d8.tar.bz2 otp-1be4f6f84f36ad8a84ddcf211336aa4b266661d8.zip |
TLS distribution: bind erts socket to localhost
There is no reason for the socket on the erts side of the proxy to
accept connections from other hosts, so let's bind it to the loopback
interface.
Also change {ip, {127,0,0,1}} to {ip, loopback} for the erts side of
the socket for outgoing connections, to avoid hardcoding IPv4.
-rw-r--r-- | lib/ssl/src/ssl_tls_dist_proxy.erl | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/ssl/src/ssl_tls_dist_proxy.erl b/lib/ssl/src/ssl_tls_dist_proxy.erl index 273d3b5521..25192aac0e 100644 --- a/lib/ssl/src/ssl_tls_dist_proxy.erl +++ b/lib/ssl/src/ssl_tls_dist_proxy.erl @@ -60,7 +60,7 @@ init([]) -> {ok, #state{}}. handle_call({listen, Name}, _From, State) -> - case gen_tcp:listen(0, [{active, false}, {packet,?PPRE}]) of + case gen_tcp:listen(0, [{active, false}, {packet,?PPRE}, {ip, loopback}]) of {ok, Socket} -> {ok, World} = gen_tcp:listen(0, [{active, false}, binary, {packet,?PPRE}]), {ok, TcpAddress} = get_tcp_address(Socket), @@ -179,7 +179,7 @@ setup_proxy(Ip, Port, Parent) -> Opts = get_ssl_options(client), case ssl:connect(Ip, Port, [{active, true}, binary, {packet,?PPRE}] ++ Opts) of {ok, World} -> - {ok, ErtsL} = gen_tcp:listen(0, [{active, true}, {ip, {127,0,0,1}}, binary, {packet,?PPRE}]), + {ok, ErtsL} = gen_tcp:listen(0, [{active, true}, {ip, loopback}, binary, {packet,?PPRE}]), {ok, #net_address{address={_,LPort}}} = get_tcp_address(ErtsL), Parent ! {self(), go_ahead, LPort}, case gen_tcp:accept(ErtsL) of |