diff options
| author | Ingela Anderton Andin <[email protected]> | 2010-03-25 08:24:48 +0000 |
|---|---|---|
| committer | Erlang/OTP <[email protected]> | 2010-03-25 08:24:48 +0000 |
| commit | 6ec62f7ca98bcc674b806b39d73ded6f0b9a772d (patch) | |
| tree | ea7a23ca2646172d1c0961cb577a11fab11051c3 /lib/ssl/src/ssl.erl | |
| parent | 985d201454d0cb43d5ed3230d6afeaeea0a1fe2c (diff) | |
| download | otp-6ec62f7ca98bcc674b806b39d73ded6f0b9a772d.tar.gz otp-6ec62f7ca98bcc674b806b39d73ded6f0b9a772d.tar.bz2 otp-6ec62f7ca98bcc674b806b39d73ded6f0b9a772d.zip | |
OTP-8517 Renegotiation
New ssl now properly handles ssl renegotiation, and initiates a
renegotiation if ssl/ltls-sequence numbers comes close to the max value.
Diffstat (limited to 'lib/ssl/src/ssl.erl')
| -rw-r--r-- | lib/ssl/src/ssl.erl | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/lib/ssl/src/ssl.erl b/lib/ssl/src/ssl.erl index de74c91505..cb678e3f53 100644 --- a/lib/ssl/src/ssl.erl +++ b/lib/ssl/src/ssl.erl @@ -29,13 +29,15 @@ connect/3, connect/2, connect/4, connection_info/1, controlling_process/2, listen/2, pid/1, peername/1, recv/2, recv/3, send/2, getopts/2, setopts/2, seed/1, sockname/1, peercert/1, - peercert/2, version/0, versions/0, session_info/1, format_error/1]). + peercert/2, version/0, versions/0, session_info/1, format_error/1, + renegotiate/1]). %% Should be deprecated as soon as old ssl is removed %%-deprecated({pid, 1, next_major_release}). -include("ssl_int.hrl"). -include("ssl_internal.hrl"). +-include("ssl_record.hrl"). -record(config, {ssl, %% SSL parameters inet_user, %% User set inet options @@ -436,6 +438,10 @@ versions() -> AvailableVsns = ?DEFAULT_SUPPORTED_VERSIONS, [{ssl_app, ?VSN}, {supported, SupportedVsns}, {available, AvailableVsns}]. + +renegotiate(#sslsocket{pid = Pid, fd = new_ssl}) -> + ssl_connection:renegotiation(Pid). + %%%-------------------------------------------------------------- %%% Internal functions %%%-------------------------------------------------------------------- @@ -547,6 +553,7 @@ handle_options(Opts0, Role) -> %% Server side option reuse_session = handle_option(reuse_session, Opts, ReuseSessionFun), reuse_sessions = handle_option(reuse_sessions, Opts, true), + renegotiate_at = handle_option(renegotiate_at, Opts, ?DEFAULT_RENEGOTIATE_AT), debug = handle_option(debug, Opts, []) }, @@ -555,7 +562,7 @@ handle_options(Opts0, Role) -> depth, certfile, keyfile, key, password, cacertfile, ciphers, debug, reuse_session, reuse_sessions, ssl_imp, - cd_info], + cd_info, renegotiate_at], SockOpts = lists:foldl(fun(Key, PropList) -> proplists:delete(Key, PropList) @@ -617,6 +624,9 @@ validate_option(reuse_session, Value) when is_function(Value) -> validate_option(reuse_sessions, Value) when Value == true; Value == false -> Value; +validate_option(renegotiate_at, Value) when is_integer(Value) -> + min(Value, ?DEFAULT_RENEGOTIATE_AT); + validate_option(debug, Value) when is_list(Value); Value == true -> Value; validate_option(Opt, Value) -> @@ -832,6 +842,11 @@ version() -> Vsns end, {ok, {SSLVsn, CompVsn, LibVsn}}. + +min(N,M) when N < M -> + N; +min(_, M) -> + M. %% Only used to remove exit messages from old ssl %% First is a nonsense clause to provide some |