Merge branch 'maint-r16' into maint

author: Fredrik Gustafsson <[email protected]> 2013-08-23 16:30:50 +0200
committer: Fredrik Gustafsson <[email protected]> 2013-08-23 16:30:50 +0200
commit: fa5cc308af8c073832cc7b58dd52fa2f523582cc (patch)
tree: bc1b7caf4b56406bdf63ba72faf261c1e51ce6a2
parent: 10530282667123151c1c24842f6e4bfbd3b59a76 (diff)
parent: 614816910235c0941b2f36da520610e777b35fc3 (diff)
download: otp-fa5cc308af8c073832cc7b58dd52fa2f523582cc.tar.gz
otp-fa5cc308af8c073832cc7b58dd52fa2f523582cc.tar.bz2
otp-fa5cc308af8c073832cc7b58dd52fa2f523582cc.zip
9 files changed, 76 insertions, 34 deletions
diff --git a/lib/inets/doc/src/notes.xml b/lib/inets/doc/src/notes.xml
index d2e7ade5d6..f6bb2cca49 100644
--- a/lib/inets/doc/src/notes.xml
+++ b/lib/inets/doc/src/notes.xml
@@ -45,8 +45,6 @@
         </item>
       </list>
     </section>
-
-
     <section><title>Improvements and New Features</title>
       <list>
         <item>
@@ -158,7 +156,20 @@
     </section>
 
 </section>
+<section><title>Inets 5.9.2.2</title>
 
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    Make log_alert configurable as option in ssl, SSLLogLevel
+	    added as option to inets conf file</p>
+          <p>
+	    Own Id: OTP-11259</p>
+	</item>
+      </list>
+    </section>
+</section>
 <section><title>Inets 5.9.2.1</title>
     <section><title>Improvements and New Features</title>
       <list>
diff --git a/lib/inets/src/http_lib/http_transport.erl b/lib/inets/src/http_lib/http_transport.erl
index df58fa1b81..7e679531cf 100644
--- a/lib/inets/src/http_lib/http_transport.erl
+++ b/lib/inets/src/http_lib/http_transport.erl
@@ -159,7 +159,7 @@ listen(ip_comm = _SocketType, Addr, Port, Fd, IpFamily) ->
     listen_ip_comm(Addr, Port, Fd, IpFamily);
   
 listen({essl, SSLConfig}, Addr, Port, Fd, IpFamily) ->
-    listen_ssl(Addr, Port, Fd, SSLConfig, IpFamily).
+    listen_ssl(Addr, Port, Fd, SSLConfig, IpFamily, []).
 
 listen(ip_comm = _SocketType, Addr, Port, IpFamily) ->
     listen_ip_comm(Addr, Port, undefined, IpFamily);
@@ -178,7 +178,13 @@ listen({essl, SSLConfig}, Addr, Port, IpFamily) ->
 	  [{addr,       Addr}, 
 	   {port,       Port}, 
 	   {ssl_config, SSLConfig}]),
-    listen_ssl(Addr, Port, undefined, SSLConfig, IpFamily).
+    {SSLConfig2, ExtraOpts} = case proplists:get_value(log_alert, SSLConfig, undefined) of
+		    undefined ->
+			{SSLConfig, []};
+		    LogAlert ->
+			{proplists:delete(log_alert, SSLConfig), [{log_alert, LogAlert}]}
+		end,
+    listen_ssl(Addr, Port, undefined, SSLConfig2, IpFamily, ExtraOpts).
 
 listen_ip_comm(Addr, Port, Fd, IpFamily) ->
     case (catch do_listen_ip_comm(Addr, Port, Fd, IpFamily)) of
@@ -221,24 +227,23 @@ do_listen_ip_comm(Addr, Port, Fd, IpFamily) ->
 	    gen_tcp:listen(NewPort, Opts2)
     end.
 
-
-listen_ssl(Addr, Port, Fd, Opts0, IpFamily) ->
+listen_ssl(Addr, Port, Fd, Opts0, IpFamily, ExtraOpts) ->
     {NewPort, SockOpt} = get_socket_info(Addr, Port, Fd),
     Opts = SockOpt ++ Opts0,
     case IpFamily of
 	inet6fb4 -> 
-	    Opts2 = [inet6 | Opts], 
+	    Opts2 = [inet6 | Opts] ++ ExtraOpts, 
 	    ?hlrt("try ipv6 listen", [{opts, Opts2}]),
 	    case (catch ssl:listen(Port, Opts2)) of
 		{error, Reason} when ((Reason =:= nxdomain) orelse 
 				      (Reason =:= eafnosupport)) ->
-		    Opts3 = [inet | Opts], 
+		    Opts3 = [inet | Opts] ++ ExtraOpts, 
 		    ?hlrt("ipv6 listen failed - try ipv4 instead", 
 			  [{reason, Reason}, {opts, Opts3}]),
 		    ssl:listen(NewPort, Opts3);
 		
 		{'EXIT', Reason} -> 
-		    Opts3 = [inet | Opts], 
+		    Opts3 = [inet | Opts] ++ ExtraOpts, 
 		    ?hlrt("ipv6 listen exit - try ipv4 instead", 
 			  [{reason, Reason}, {opts, Opts3}]),
 		    ssl:listen(NewPort, Opts3); 
@@ -251,7 +256,7 @@ listen_ssl(Addr, Port, Fd, Opts0, IpFamily) ->
 	_ ->
 	    Opts2 = [IpFamily | Opts],
 	    ?hlrt("listen", [{opts, Opts2}]),
-	    ssl:listen(NewPort, Opts2)
+	    ssl:listen(NewPort, Opts2 ++ ExtraOpts)
     end.
 
 
diff --git a/lib/inets/src/http_server/httpd_conf.erl b/lib/inets/src/http_server/httpd_conf.erl
index d45f3c0048..b3ca13e2fe 100644
--- a/lib/inets/src/http_server/httpd_conf.erl
+++ b/lib/inets/src/http_server/httpd_conf.erl
@@ -390,6 +390,13 @@ load("SSLCertificateFile " ++ SSLCertificateFile, []) ->
 	    {error, ?NICE(clean(SSLCertificateFile)++
 			  " is an invalid SSLCertificateFile")}
     end;
+load("SSLLogLevel " ++ SSLLogAlert, []) ->
+    case SSLLogAlert of
+	"none" ->
+	    {ok, [], {ssl_log_alert, false}};
+	_ ->
+	    {ok, [], {ssl_log_alert, true}}
+    end;
 load("SSLCertificateKeyFile " ++ SSLCertificateKeyFile, []) ->
     case is_file(clean(SSLCertificateKeyFile)) of
 	{ok, File} ->
@@ -948,7 +955,8 @@ ssl_config(ConfigDB) ->
 	ssl_ciphers(ConfigDB) ++
 	ssl_password(ConfigDB) ++
 	ssl_verify_depth(ConfigDB) ++
-	ssl_ca_certificate_file(ConfigDB).
+	ssl_ca_certificate_file(ConfigDB) ++
+	ssl_log_level(ConfigDB).
 	    
     
 
@@ -1214,6 +1222,14 @@ ssl_certificate_key_file(ConfigDB) ->
 	    [{keyfile,SSLCertificateKeyFile}]
     end.
 
+ssl_log_level(ConfigDB) ->
+    case httpd_util:lookup(ConfigDB,ssl_log_alert) of
+	undefined ->
+	    [];
+	SSLLogLevel ->
+	    [{log_alert,SSLLogLevel}]
+    end.
+
 ssl_verify_client(ConfigDB) ->
     case httpd_util:lookup(ConfigDB,ssl_verify_client) of
 	undefined ->
diff --git a/lib/inets/src/http_server/httpd_request_handler.erl b/lib/inets/src/http_server/httpd_request_handler.erl
index 0f47d785ef..cb20159794 100644
--- a/lib/inets/src/http_server/httpd_request_handler.erl
+++ b/lib/inets/src/http_server/httpd_request_handler.erl
@@ -106,7 +106,7 @@ init([Manager, ConfigDB, AcceptTimeout]) ->
     case http_transport:negotiate(SocketType, Socket, TimeOut) of
 	{error, Error} ->
 	    ?hdrd("negotiation failed", [{error, Error}]),
-	    exit(Error); %% Can be 'normal'.
+	    exit(shutdown); %% Can be 'normal'.
 	ok ->
 	    ?hdrt("negotiation successfull", []),
 	    NewTimeout = TimeOut - timer:now_diff(now(),Then) div 1000,
diff --git a/lib/ssl/doc/src/notes.xml b/lib/ssl/doc/src/notes.xml
index 8875d07535..301ff21068 100644
--- a/lib/ssl/doc/src/notes.xml
+++ b/lib/ssl/doc/src/notes.xml
@@ -25,7 +25,6 @@
     <file>notes.xml</file>
   </header>
   <p>This document describes the changes made to the SSL application.</p>
-  
   <section><title>SSL 5.3</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
@@ -100,7 +99,6 @@
 </section>
 
 <section><title>SSL 5.2.1</title>
-
     <section><title>Improvements and New Features</title>
       <list>
         <item>
@@ -126,9 +124,20 @@
     </section>
 
 </section>
-
+<section><title>SSL 5.1.2.1</title>
+<section><title>Improvements and New Features</title>
+<list>
+  <item>
+    <p>
+      Make log_alert configurable as option in ssl, SSLLogLevel
+    added as option to inets conf file</p>
+    <p>
+    Own Id: OTP-11259</p>
+  </item>
+</list>
+</section>
+</section>
 <section><title>SSL 5.2</title>
-
     <section><title>Fixed Bugs and Malfunctions</title>
       <list>
         <item>
diff --git a/lib/ssl/src/ssl.erl b/lib/ssl/src/ssl.erl
index 0c1e47311d..dc6898d001 100644
--- a/lib/ssl/src/ssl.erl
+++ b/lib/ssl/src/ssl.erl
@@ -219,4 +219,3 @@ format_error(Error)  ->
 
 random_bytes(N) ->
    tls:random_bytes(N).
-
diff --git a/lib/ssl/src/ssl_internal.hrl b/lib/ssl/src/ssl_internal.hrl
index 14db4a6067..de8d20d399 100644
--- a/lib/ssl/src/ssl_internal.hrl
+++ b/lib/ssl/src/ssl_internal.hrl
@@ -111,7 +111,8 @@
 	  %% This option should only be set to true by inet_tls_dist
 	  erl_dist = false,
 	  next_protocols_advertised = undefined, %% [binary()],
-	  next_protocol_selector = undefined  %% fun([binary()]) -> binary())
+	  next_protocol_selector = undefined,  %% fun([binary()]) -> binary())
+	  log_alert
 	  }).
 
 -record(socket_options,
diff --git a/lib/ssl/src/tls.erl b/lib/ssl/src/tls.erl
index bb02695c12..b220a48f73 100644
--- a/lib/ssl/src/tls.erl
+++ b/lib/ssl/src/tls.erl
@@ -663,7 +663,8 @@ handle_options(Opts0, _Role) ->
 			handle_option(next_protocols_advertised, Opts, undefined),
       next_protocol_selector = 
 			make_next_protocol_selector(
-			  handle_option(client_preferred_next_protocols, Opts, undefined))
+			  handle_option(client_preferred_next_protocols, Opts, undefined)),
+      log_alert = handle_option(log_alert, Opts, true)
      },
 
     CbInfo  = proplists:get_value(cb_info, Opts, {gen_tcp, tcp, tcp_closed, tcp_error}),    
@@ -675,7 +676,7 @@ handle_options(Opts0, _Role) ->
 		  reuse_session, reuse_sessions, ssl_imp,
 		  cb_info, renegotiate_at, secure_renegotiate, hibernate_after, 
 		  erl_dist, next_protocols_advertised,
-		  client_preferred_next_protocols],
+		  client_preferred_next_protocols, log_alert],
     
     SockOpts = lists:foldl(fun(Key, PropList) -> 
 				   proplists:delete(Key, PropList)
@@ -840,6 +841,9 @@ validate_option(client_preferred_next_protocols = Opt, {Precedence, PreferredPro
 	
 validate_option(client_preferred_next_protocols, undefined) ->
     undefined;
+validate_option(log_alert, Value) when Value == true;
+				       Value == false ->
+    Value;
 validate_option(next_protocols_advertised = Opt, Value) when is_list(Value) ->
     case tls_record:highest_protocol_version([]) of
 	{3,0} ->
diff --git a/lib/ssl/src/tls_connection.erl b/lib/ssl/src/tls_connection.erl
index 51551eab11..159ba406d3 100644
--- a/lib/ssl/src/tls_connection.erl
+++ b/lib/ssl/src/tls_connection.erl
@@ -89,7 +89,6 @@
           cert_db_ref,         % ref()
           bytes_to_read,       % integer(), # bytes to read in passive mode
           user_data_buffer,    % binary()
-	  log_alert,           % boolean() 
 	  renegotiation,       % {boolean(), From | internal | peer}
 	  start_or_recv_from,  % "gen_fsm From"
 	  timer,               % start_or_recv_timer
@@ -2679,7 +2678,6 @@ initial_state(Role, Host, Port, Socket, {SSLOptions, SocketOptions}, User,
 	   tls_cipher_texts = [],
 	   user_application = {Monitor, User},
 	   user_data_buffer = <<>>,
-	   log_alert = true,
 	   session_cache_cb = SessionCacheCb,
 	   renegotiation = {false, first},
 	   start_or_recv_from = undefined,
@@ -2780,12 +2778,11 @@ handle_alerts([Alert | Alerts], {next_state, StateName, State, _Timeout}) ->
     handle_alerts(Alerts, handle_alert(Alert, StateName, State)).
 
 handle_alert(#alert{level = ?FATAL} = Alert, StateName,
-	     #state{socket = Socket, transport_cb = Transport, 
-		    start_or_recv_from = From, host = Host,
+	     #state{socket = Socket, transport_cb = Transport, ssl_options = SslOpts, start_or_recv_from = From, host = Host,
 		    port = Port, session = Session, user_application = {_Mon, Pid},
-		    log_alert = Log, role = Role, socket_options = Opts} = State) ->
+		    role = Role, socket_options = Opts} = State) ->
     invalidate_session(Role, Host, Port, Session),
-    log_alert(Log, StateName, Alert),
+    log_alert(SslOpts#ssl_options.log_alert, StateName, Alert),
     alert_user(Transport, Socket, StateName, Opts, Pid, From, Alert, Role),
     {stop, normal, State};
 
@@ -2795,21 +2792,21 @@ handle_alert(#alert{level = ?WARNING, description = ?CLOSE_NOTIFY} = Alert,
     {stop, {shutdown, peer_close}, State};
 
 handle_alert(#alert{level = ?WARNING, description = ?NO_RENEGOTIATION} = Alert, StateName, 
-	     #state{log_alert = Log, renegotiation = {true, internal}} = State) ->
-    log_alert(Log, StateName, Alert),
+	     #state{ssl_options = SslOpts, renegotiation = {true, internal}} = State) ->
+    log_alert(SslOpts#ssl_options.log_alert, StateName, Alert),
     handle_normal_shutdown(Alert, StateName, State),
     {stop, {shutdown, peer_close}, State};
 
 handle_alert(#alert{level = ?WARNING, description = ?NO_RENEGOTIATION} = Alert, StateName, 
-	     #state{log_alert = Log, renegotiation = {true, From}} = State0) ->
-    log_alert(Log, StateName, Alert),
+	     #state{ssl_options = SslOpts, renegotiation = {true, From}} = State0) ->
+    log_alert(SslOpts#ssl_options.log_alert, StateName, Alert),
     gen_fsm:reply(From, {error, renegotiation_rejected}),
     {Record, State} = next_record(State0),
     next_state(StateName, connection, Record, State);
 
 handle_alert(#alert{level = ?WARNING, description = ?USER_CANCELED} = Alert, StateName, 
-	     #state{log_alert = Log} = State0) ->
-    log_alert(Log, StateName, Alert),
+	     #state{ssl_options = SslOpts} = State0) ->
+    log_alert(SslOpts#ssl_options.log_alert, StateName, Alert),
     {Record, State} = next_record(State0),
     next_state(StateName, StateName, Record, State).
 
@@ -2847,7 +2844,7 @@ handle_own_alert(Alert, Version, StateName,
 		 #state{transport_cb = Transport,
 			socket = Socket,
 			connection_states = ConnectionStates,
-			log_alert = Log} = State) ->
+			ssl_options = SslOpts} = State) ->
     try %% Try to tell the other side
 	{BinMsg, _} =
 	encode_alert(Alert, Version, ConnectionStates),
@@ -2857,7 +2854,7 @@ handle_own_alert(Alert, Version, StateName,
 	    ignore
     end,
     try %% Try to tell the local user
-	log_alert(Log, StateName, Alert),
+	log_alert(SslOpts#ssl_options.log_alert, StateName, Alert),
 	handle_normal_shutdown(Alert,StateName, State)
     catch _:_ ->
 	    ok
author	Fredrik Gustafsson <[email protected]>	2013-08-23 16:30:50 +0200
committer	Fredrik Gustafsson <[email protected]>	2013-08-23 16:30:50 +0200
commit	fa5cc308af8c073832cc7b58dd52fa2f523582cc (patch)
tree	bc1b7caf4b56406bdf63ba72faf261c1e51ce6a2
parent	10530282667123151c1c24842f6e4bfbd3b59a76 (diff)
parent	614816910235c0941b2f36da520610e777b35fc3 (diff)
download	otp-fa5cc308af8c073832cc7b58dd52fa2f523582cc.tar.gz otp-fa5cc308af8c073832cc7b58dd52fa2f523582cc.tar.bz2 otp-fa5cc308af8c073832cc7b58dd52fa2f523582cc.zip