aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMagnus Henoch <[email protected]>2015-11-20 15:27:34 +0000
committerMagnus Henoch <[email protected]>2015-12-18 15:54:42 +0000
commit1be4f6f84f36ad8a84ddcf211336aa4b266661d8 (patch)
treecce4ec5b6f71f14f0e0354c5c650a73f37948635
parentd4a3296ba3117315343057715ee428490e992ef0 (diff)
downloadotp-1be4f6f84f36ad8a84ddcf211336aa4b266661d8.tar.gz
otp-1be4f6f84f36ad8a84ddcf211336aa4b266661d8.tar.bz2
otp-1be4f6f84f36ad8a84ddcf211336aa4b266661d8.zip
TLS distribution: bind erts socket to localhost
There is no reason for the socket on the erts side of the proxy to accept connections from other hosts, so let's bind it to the loopback interface. Also change {ip, {127,0,0,1}} to {ip, loopback} for the erts side of the socket for outgoing connections, to avoid hardcoding IPv4.
-rw-r--r--lib/ssl/src/ssl_tls_dist_proxy.erl4
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/ssl/src/ssl_tls_dist_proxy.erl b/lib/ssl/src/ssl_tls_dist_proxy.erl
index 273d3b5521..25192aac0e 100644
--- a/lib/ssl/src/ssl_tls_dist_proxy.erl
+++ b/lib/ssl/src/ssl_tls_dist_proxy.erl
@@ -60,7 +60,7 @@ init([]) ->
{ok, #state{}}.
handle_call({listen, Name}, _From, State) ->
- case gen_tcp:listen(0, [{active, false}, {packet,?PPRE}]) of
+ case gen_tcp:listen(0, [{active, false}, {packet,?PPRE}, {ip, loopback}]) of
{ok, Socket} ->
{ok, World} = gen_tcp:listen(0, [{active, false}, binary, {packet,?PPRE}]),
{ok, TcpAddress} = get_tcp_address(Socket),
@@ -179,7 +179,7 @@ setup_proxy(Ip, Port, Parent) ->
Opts = get_ssl_options(client),
case ssl:connect(Ip, Port, [{active, true}, binary, {packet,?PPRE}] ++ Opts) of
{ok, World} ->
- {ok, ErtsL} = gen_tcp:listen(0, [{active, true}, {ip, {127,0,0,1}}, binary, {packet,?PPRE}]),
+ {ok, ErtsL} = gen_tcp:listen(0, [{active, true}, {ip, loopback}, binary, {packet,?PPRE}]),
{ok, #net_address{address={_,LPort}}} = get_tcp_address(ErtsL),
Parent ! {self(), go_ahead, LPort},
case gen_tcp:accept(ErtsL) of