aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorErlang/OTP <[email protected]>2013-08-21 12:54:38 +0200
committerErlang/OTP <[email protected]>2013-08-21 12:54:38 +0200
commitb6b47d4c18c88380ea104aab57e13363c7b24a51 (patch)
tree7083aba98b243d6a1cd6aa279da737295f4f22bf
parenta21db4078a7b5f23b665dc2d466541b394936cb8 (diff)
parent2ab0f356a00f42060d0f4ca9c4225644e2d9052e (diff)
downloadotp-b6b47d4c18c88380ea104aab57e13363c7b24a51.tar.gz
otp-b6b47d4c18c88380ea104aab57e13363c7b24a51.tar.bz2
otp-b6b47d4c18c88380ea104aab57e13363c7b24a51.zip
Merge branch 'fredrik/inets/ssl/fixup_log_alert_option/OTP-11259' into maint-r15
* fredrik/inets/ssl/fixup_log_alert_option/OTP-11259: [inets, ssl]: make log_alert configurable as option in ssl, SSLLogLevel added as option to inets conf file
-rw-r--r--lib/inets/src/http_lib/http_transport.erl18
-rw-r--r--lib/inets/src/http_server/httpd_conf.erl18
-rw-r--r--lib/inets/src/http_server/httpd_request_handler.erl2
-rw-r--r--lib/inets/src/inets_app/inets.appup.src10
-rw-r--r--lib/inets/vsn.mk2
-rw-r--r--lib/ssl/src/ssl.appup.src10
-rw-r--r--lib/ssl/src/ssl.erl8
-rw-r--r--lib/ssl/src/ssl_connection.erl25
-rw-r--r--lib/ssl/src/ssl_internal.hrl3
-rw-r--r--lib/ssl/vsn.mk2
10 files changed, 71 insertions, 27 deletions
diff --git a/lib/inets/src/http_lib/http_transport.erl b/lib/inets/src/http_lib/http_transport.erl
index 5eb827032f..8b103628d7 100644
--- a/lib/inets/src/http_lib/http_transport.erl
+++ b/lib/inets/src/http_lib/http_transport.erl
@@ -174,7 +174,13 @@ listen({essl, SSLConfig}, Addr, Port) ->
[{addr, Addr},
{port, Port},
{ssl_config, SSLConfig}]),
- listen_ssl(Addr, Port, [{ssl_imp, new}, {reuseaddr, true} | SSLConfig]).
+ {SSLConfig2, ExtraOpts} = case proplists:get_value(log_alert, SSLConfig, undefined) of
+ undefined ->
+ {SSLConfig, []};
+ LogAlert ->
+ {proplists:delete(log_alert, SSLConfig), [{log_alert, LogAlert}]}
+ end,
+ listen_ssl(Addr, Port, [{ssl_imp, new}, {reuseaddr, true} | SSLConfig2], ExtraOpts).
listen(ip_comm, Addr, Port, Fd) ->
@@ -222,24 +228,24 @@ do_listen_ip_comm(Addr, Port, Fd) ->
end.
-listen_ssl(Addr, Port, Opts0) ->
+listen_ssl(Addr, Port, Opts0, ExtraOpts) ->
IpFamily = ipfamily_default(Addr, Port),
BaseOpts = [{backlog, 128}, {reuseaddr, true} | Opts0],
Opts = sock_opts(Addr, BaseOpts),
case IpFamily of
inet6fb4 ->
- Opts2 = [inet6 | Opts],
+ Opts2 = [inet6 | Opts] ++ ExtraOpts,
?hlrt("try ipv6 listen", [{opts, Opts2}]),
case (catch ssl:listen(Port, Opts2)) of
{error, Reason} when ((Reason =:= nxdomain) orelse
(Reason =:= eafnosupport)) ->
- Opts3 = [inet | Opts],
+ Opts3 = [inet | Opts] ++ ExtraOpts,
?hlrt("ipv6 listen failed - try ipv4 instead",
[{reason, Reason}, {opts, Opts3}]),
ssl:listen(Port, Opts3);
{'EXIT', Reason} ->
- Opts3 = [inet | Opts],
+ Opts3 = [inet | Opts] ++ ExtraOpts,
?hlrt("ipv6 listen exit - try ipv4 instead",
[{reason, Reason}, {opts, Opts3}]),
ssl:listen(Port, Opts3);
@@ -252,7 +258,7 @@ listen_ssl(Addr, Port, Opts0) ->
_ ->
Opts2 = [IpFamily | Opts],
?hlrt("listen", [{opts, Opts2}]),
- ssl:listen(Port, Opts2)
+ ssl:listen(Port, Opts2 ++ ExtraOpts)
end.
diff --git a/lib/inets/src/http_server/httpd_conf.erl b/lib/inets/src/http_server/httpd_conf.erl
index 884e3defb8..190967f656 100644
--- a/lib/inets/src/http_server/httpd_conf.erl
+++ b/lib/inets/src/http_server/httpd_conf.erl
@@ -390,6 +390,13 @@ load("SSLCertificateFile " ++ SSLCertificateFile, []) ->
{error, ?NICE(clean(SSLCertificateFile)++
" is an invalid SSLCertificateFile")}
end;
+load("SSLLogLevel " ++ SSLLogAlert, []) ->
+ case SSLLogAlert of
+ "none" ->
+ {ok, [], {ssl_log_alert, false}};
+ _ ->
+ {ok, [], {ssl_log_alert, true}}
+ end;
load("SSLCertificateKeyFile " ++ SSLCertificateKeyFile, []) ->
case is_file(clean(SSLCertificateKeyFile)) of
{ok, File} ->
@@ -942,7 +949,8 @@ ssl_config(ConfigDB) ->
ssl_ciphers(ConfigDB) ++
ssl_password(ConfigDB) ++
ssl_verify_depth(ConfigDB) ++
- ssl_ca_certificate_file(ConfigDB).
+ ssl_ca_certificate_file(ConfigDB) ++
+ ssl_log_level(ConfigDB).
@@ -1208,6 +1216,14 @@ ssl_certificate_key_file(ConfigDB) ->
[{keyfile,SSLCertificateKeyFile}]
end.
+ssl_log_level(ConfigDB) ->
+ case httpd_util:lookup(ConfigDB,ssl_log_alert) of
+ undefined ->
+ [];
+ SSLLogLevel ->
+ [{log_alert,SSLLogLevel}]
+ end.
+
ssl_verify_client(ConfigDB) ->
case httpd_util:lookup(ConfigDB,ssl_verify_client) of
undefined ->
diff --git a/lib/inets/src/http_server/httpd_request_handler.erl b/lib/inets/src/http_server/httpd_request_handler.erl
index 0f47d785ef..cb20159794 100644
--- a/lib/inets/src/http_server/httpd_request_handler.erl
+++ b/lib/inets/src/http_server/httpd_request_handler.erl
@@ -106,7 +106,7 @@ init([Manager, ConfigDB, AcceptTimeout]) ->
case http_transport:negotiate(SocketType, Socket, TimeOut) of
{error, Error} ->
?hdrd("negotiation failed", [{error, Error}]),
- exit(Error); %% Can be 'normal'.
+ exit(shutdown); %% Can be 'normal'.
ok ->
?hdrt("negotiation successfull", []),
NewTimeout = TimeOut - timer:now_diff(now(),Then) div 1000,
diff --git a/lib/inets/src/inets_app/inets.appup.src b/lib/inets/src/inets_app/inets.appup.src
index 2995a2f712..3e005379bb 100644
--- a/lib/inets/src/inets_app/inets.appup.src
+++ b/lib/inets/src/inets_app/inets.appup.src
@@ -18,6 +18,11 @@
{"%VSN%",
[
+ {"5.9.2.1",
+ [
+ {restart_application, inets}
+ ]
+ },
{"5.9.2",
[
{load_module, httpd_manager, soft_purge, soft_purge, []}
@@ -76,6 +81,11 @@
}
],
[
+ {"5.9.2.1",
+ [
+ {restart_application, inets}
+ ]
+ },
{"5.9.2",
[
{load_module, httpd_manager, soft_purge, soft_purge, []}
diff --git a/lib/inets/vsn.mk b/lib/inets/vsn.mk
index 525d3847e6..4aa5de8f1a 100644
--- a/lib/inets/vsn.mk
+++ b/lib/inets/vsn.mk
@@ -18,7 +18,7 @@
# %CopyrightEnd%
APPLICATION = inets
-INETS_VSN = 5.9.2.1
+INETS_VSN = 5.9.2.2
PRE_VSN =
APP_VSN = "$(APPLICATION)-$(INETS_VSN)$(PRE_VSN)"
diff --git a/lib/ssl/src/ssl.appup.src b/lib/ssl/src/ssl.appup.src
index 9b1227fa7f..664f588003 100644
--- a/lib/ssl/src/ssl.appup.src
+++ b/lib/ssl/src/ssl.appup.src
@@ -1,6 +1,11 @@
%% -*- erlang -*-
{"%VSN%",
[
+ {"5.1.2",
+ [
+ {restart_application, inets}
+ ]
+ },
{"5.1.1", [{restart_application, ssl}]
},
{"5.1", [
@@ -12,6 +17,11 @@
{<<"3\\.*">>, [{restart_application, ssl}]}
],
[
+ {"5.1.2",
+ [
+ {restart_application, inets}
+ ]
+ },
{"5.1.1", [{restart_application, ssl}]
},
{"5.1", [
diff --git a/lib/ssl/src/ssl.erl b/lib/ssl/src/ssl.erl
index 66ceb2a591..b52470b988 100644
--- a/lib/ssl/src/ssl.erl
+++ b/lib/ssl/src/ssl.erl
@@ -596,7 +596,8 @@ handle_options(Opts0, _Role) ->
renegotiate_at = handle_option(renegotiate_at, Opts, ?DEFAULT_RENEGOTIATE_AT),
debug = handle_option(debug, Opts, []),
hibernate_after = handle_option(hibernate_after, Opts, undefined),
- erl_dist = handle_option(erl_dist, Opts, false)
+ erl_dist = handle_option(erl_dist, Opts, false),
+ log_alert = handle_option(log_alert, Opts, true)
},
CbInfo = proplists:get_value(cb_info, Opts, {gen_tcp, tcp, tcp_closed, tcp_error}),
@@ -605,7 +606,7 @@ handle_options(Opts0, _Role) ->
depth, cert, certfile, key, keyfile,
password, cacerts, cacertfile, dh, dhfile, ciphers,
debug, reuse_session, reuse_sessions, ssl_imp,
- cb_info, renegotiate_at, secure_renegotiate, hibernate_after, erl_dist],
+ cb_info, renegotiate_at, secure_renegotiate, hibernate_after, erl_dist, log_alert],
SockOpts = lists:foldl(fun(Key, PropList) ->
proplists:delete(Key, PropList)
@@ -733,6 +734,9 @@ validate_option(hibernate_after, Value) when is_integer(Value), Value >= 0 ->
validate_option(erl_dist,Value) when Value == true;
Value == false ->
Value;
+validate_option(log_alert,Value) when Value == true;
+ Value == false ->
+ Value;
validate_option(Opt, Value) ->
throw({error, {eoptions, {Opt, Value}}}).
diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl
index d4784604fd..73857bccbb 100644
--- a/lib/ssl/src/ssl_connection.erl
+++ b/lib/ssl/src/ssl_connection.erl
@@ -87,7 +87,6 @@
cert_db_ref, % ref()
bytes_to_read, % integer(), # bytes to read in passive mode
user_data_buffer, % binary()
- log_alert, % boolean()
renegotiation, % {boolean(), From | internal | peer}
start_or_recv_from, % "gen_fsm From"
timer, % start_or_recv_timer
@@ -2123,7 +2122,6 @@ initial_state(Role, Host, Port, Socket, {SSLOptions, SocketOptions}, User,
tls_cipher_texts = [],
user_application = {Monitor, User},
user_data_buffer = <<>>,
- log_alert = true,
session_cache_cb = SessionCacheCb,
renegotiation = {false, first},
start_or_recv_from = undefined,
@@ -2230,11 +2228,10 @@ handle_alerts([Alert | Alerts], {next_state, StateName, State, _Timeout}) ->
handle_alerts(Alerts, handle_alert(Alert, StateName, State)).
handle_alert(#alert{level = ?FATAL} = Alert, StateName,
- #state{start_or_recv_from = From, host = Host, port = Port, session = Session,
- user_application = {_Mon, Pid},
- log_alert = Log, role = Role, socket_options = Opts} = State) ->
+ #state{ssl_options = SslOpts, start_or_recv_from = From, host = Host, port = Port, session = Session,
+ user_application = {_Mon, Pid}, role = Role, socket_options = Opts} = State) ->
invalidate_session(Role, Host, Port, Session),
- log_alert(Log, StateName, Alert),
+ log_alert(SslOpts#ssl_options.log_alert, StateName, Alert),
alert_user(StateName, Opts, Pid, From, Alert, Role),
{stop, normal, State};
@@ -2244,21 +2241,21 @@ handle_alert(#alert{level = ?WARNING, description = ?CLOSE_NOTIFY} = Alert,
{stop, {shutdown, peer_close}, State};
handle_alert(#alert{level = ?WARNING, description = ?NO_RENEGOTIATION} = Alert, StateName,
- #state{log_alert = Log, renegotiation = {true, internal}} = State) ->
- log_alert(Log, StateName, Alert),
+ #state{ssl_options = SslOpts, renegotiation = {true, internal}} = State) ->
+ log_alert(SslOpts#ssl_options.log_alert, StateName, Alert),
handle_normal_shutdown(Alert, StateName, State),
{stop, {shutdown, peer_close}, State};
handle_alert(#alert{level = ?WARNING, description = ?NO_RENEGOTIATION} = Alert, StateName,
- #state{log_alert = Log, renegotiation = {true, From}} = State0) ->
- log_alert(Log, StateName, Alert),
+ #state{ssl_options = SslOpts, renegotiation = {true, From}} = State0) ->
+ log_alert(SslOpts#ssl_options.log_alert, StateName, Alert),
gen_fsm:reply(From, {error, renegotiation_rejected}),
{Record, State} = next_record(State0),
next_state(StateName, connection, Record, State);
handle_alert(#alert{level = ?WARNING, description = ?USER_CANCELED} = Alert, StateName,
- #state{log_alert = Log} = State0) ->
- log_alert(Log, StateName, Alert),
+ #state{ssl_options = SslOpts} = State0) ->
+ log_alert(SslOpts#ssl_options.log_alert, StateName, Alert),
{Record, State} = next_record(State0),
next_state(StateName, StateName, Record, State).
@@ -2296,7 +2293,7 @@ handle_own_alert(Alert, Version, StateName,
#state{transport_cb = Transport,
socket = Socket,
connection_states = ConnectionStates,
- log_alert = Log} = State) ->
+ ssl_options = SslOpts} = State) ->
try %% Try to tell the other side
{BinMsg, _} =
encode_alert(Alert, Version, ConnectionStates),
@@ -2306,7 +2303,7 @@ handle_own_alert(Alert, Version, StateName,
ignore
end,
try %% Try to tell the local user
- log_alert(Log, StateName, Alert),
+ log_alert(SslOpts#ssl_options.log_alert, StateName, Alert),
handle_normal_shutdown(Alert,StateName, State)
catch _:_ ->
ok
diff --git a/lib/ssl/src/ssl_internal.hrl b/lib/ssl/src/ssl_internal.hrl
index b8f2ae3b51..d8815369e9 100644
--- a/lib/ssl/src/ssl_internal.hrl
+++ b/lib/ssl/src/ssl_internal.hrl
@@ -106,7 +106,8 @@
% after which ssl_connection will
% go into hibernation
%% This option should only be set to true by inet_tls_dist
- erl_dist = false
+ erl_dist = false,
+ log_alert
}).
-record(socket_options,
diff --git a/lib/ssl/vsn.mk b/lib/ssl/vsn.mk
index adfb29e639..84728fd311 100644
--- a/lib/ssl/vsn.mk
+++ b/lib/ssl/vsn.mk
@@ -1 +1 @@
-SSL_VSN = 5.1.2
+SSL_VSN = 5.1.2.1