ssl: Simplify configuration code

Use map instead of large tuple, which was not an option when the code was written originally. More simplifications along these lines may be done later to the state record.
author: Ingela Anderton Andin <[email protected]> 2017-01-31 17:04:27 +0100
committer: Ingela Anderton Andin <[email protected]> 2017-02-01 12:22:35 +0100
commit: 89fcf133d7f0233780cdd6c069214d52e26b5f2b (patch)
tree: 080ae2f2ffe1961611bac53dd379cc414df48a0a /lib/ssl/src/ssl_config.erl
parent: 2db05402f6b81e312ea268dd56483d0b3ca15941 (diff)
download: otp-89fcf133d7f0233780cdd6c069214d52e26b5f2b.tar.gz
otp-89fcf133d7f0233780cdd6c069214d52e26b5f2b.tar.bz2
otp-89fcf133d7f0233780cdd6c069214d52e26b5f2b.zip
1 files changed, 20 insertions, 24 deletions
diff --git a/lib/ssl/src/ssl_config.erl b/lib/ssl/src/ssl_config.erl
index 4926a146fe..09d4c3e678 100644
--- a/lib/ssl/src/ssl_config.erl
+++ b/lib/ssl/src/ssl_config.erl
@@ -32,13 +32,13 @@ init(SslOpts, Role) ->
     
     init_manager_name(SslOpts#ssl_options.erl_dist),
 
-    {ok, CertDbRef, CertDbHandle, FileRefHandle, PemCacheHandle, CacheHandle, CRLDbHandle, OwnCert} 
+    {ok, #{pem_cache := PemCache} = Config} 
 	= init_certificates(SslOpts, Role),
     PrivateKey =
-	init_private_key(PemCacheHandle, SslOpts#ssl_options.key, SslOpts#ssl_options.keyfile,
+	init_private_key(PemCache, SslOpts#ssl_options.key, SslOpts#ssl_options.keyfile,
 			 SslOpts#ssl_options.password, Role),
-    DHParams = init_diffie_hellman(PemCacheHandle, SslOpts#ssl_options.dh, SslOpts#ssl_options.dhfile, Role),
-    {ok, CertDbRef, CertDbHandle, FileRefHandle, CacheHandle, CRLDbHandle, OwnCert, PrivateKey, DHParams}.
+    DHParams = init_diffie_hellman(PemCache, SslOpts#ssl_options.dh, SslOpts#ssl_options.dhfile, Role),
+    {ok, Config#{private_key => PrivateKey, dh_params => DHParams}}.
 
 init_manager_name(false) ->
     put(ssl_manager, ssl_manager:name(normal)),
@@ -53,7 +53,7 @@ init_certificates(#ssl_options{cacerts = CaCerts,
 			       cert = Cert,
 			       crl_cache = CRLCache
 			      }, Role) ->
-    {ok, CertDbRef, CertDbHandle, FileRefHandle, PemCacheHandle, CacheHandle, CRLDbInfo} =
+    {ok, Config} =
 	try 
 	    Certs = case CaCerts of
 			undefined ->
@@ -61,41 +61,37 @@ init_certificates(#ssl_options{cacerts = CaCerts,
 			_ ->
 			    {der, CaCerts}
 		    end,
-	    {ok, _, _, _, _, _, _} = ssl_manager:connection_init(Certs, Role, CRLCache)
+	    {ok,_} = ssl_manager:connection_init(Certs, Role, CRLCache)
 	catch
 	    _:Reason ->
 		file_error(CACertFile, {cacertfile, Reason})
 	end,
-    init_certificates(Cert, CertDbRef, CertDbHandle, FileRefHandle, PemCacheHandle, 
-		      CacheHandle, CRLDbInfo, CertFile, Role).
+    init_certificates(Cert, Config, CertFile, Role).
 
-init_certificates(undefined, CertDbRef, CertDbHandle, FileRefHandle, PemCacheHandle, CacheHandle, 
-		  CRLDbInfo, <<>>, _) ->
-    {ok, CertDbRef, CertDbHandle, FileRefHandle, PemCacheHandle, CacheHandle, CRLDbInfo, undefined};
+init_certificates(undefined, Config, <<>>, _) ->
+    {ok, Config#{own_certificate => undefined}};
 
-init_certificates(undefined, CertDbRef, CertDbHandle, FileRefHandle, PemCacheHandle, 
-		  CacheHandle, CRLDbInfo, CertFile, client) ->
+init_certificates(undefined, #{pem_cache := PemCache} = Config, CertFile, client) ->
     try 
 	%% Ignoring potential proxy-certificates see: 
 	%% http://dev.globus.org/wiki/Security/ProxyFileFormat
-	[OwnCert|_] = ssl_certificate:file_to_certificats(CertFile, PemCacheHandle),
-	{ok, CertDbRef, CertDbHandle, FileRefHandle, PemCacheHandle, CacheHandle, CRLDbInfo, OwnCert}
+	[OwnCert|_] = ssl_certificate:file_to_certificats(CertFile, PemCache),
+	{ok, Config#{own_certificate => OwnCert}}
     catch _Error:_Reason  ->
-	    {ok, CertDbRef, CertDbHandle, FileRefHandle, PemCacheHandle, CacheHandle, CRLDbInfo, undefined}
-    end;
+	    {ok, Config#{own_certificate => undefined}}
+    end; 
 
-init_certificates(undefined, CertDbRef, CertDbHandle, FileRefHandle, 
-		  PemCacheHandle, CacheRef, CRLDbInfo, CertFile, server) ->
+init_certificates(undefined, #{pem_cache := PemCache} = Config, CertFile, server) ->
     try
-	[OwnCert|_] = ssl_certificate:file_to_certificats(CertFile, PemCacheHandle),
-	{ok, CertDbRef, CertDbHandle, FileRefHandle, PemCacheHandle, CacheRef, CRLDbInfo, OwnCert}
+	[OwnCert|_] = ssl_certificate:file_to_certificats(CertFile, PemCache),
+	{ok, Config#{own_certificate => OwnCert}}
     catch
 	_:Reason ->
 	    file_error(CertFile, {certfile, Reason})	    
     end;
-init_certificates(Cert, CertDbRef, CertDbHandle, FileRefHandle, PemCacheHandle, CacheRef, CRLDbInfo, _, _) ->
-    {ok, CertDbRef, CertDbHandle, FileRefHandle, PemCacheHandle, CacheRef, CRLDbInfo, Cert}.
-
+init_certificates(Cert, Config, _, _) ->
+    {ok, Config#{own_certificate => Cert}}.
+        
 init_private_key(_, undefined, <<>>, _Password, _Client) ->
     undefined;
 init_private_key(DbHandle, undefined, KeyFile, Password, _) ->
author	Ingela Anderton Andin <[email protected]>	2017-01-31 17:04:27 +0100
committer	Ingela Anderton Andin <[email protected]>	2017-02-01 12:22:35 +0100
commit	89fcf133d7f0233780cdd6c069214d52e26b5f2b (patch)
tree	080ae2f2ffe1961611bac53dd379cc414df48a0a /lib/ssl/src/ssl_config.erl
parent	2db05402f6b81e312ea268dd56483d0b3ca15941 (diff)
download	otp-89fcf133d7f0233780cdd6c069214d52e26b5f2b.tar.gz otp-89fcf133d7f0233780cdd6c069214d52e26b5f2b.tar.bz2 otp-89fcf133d7f0233780cdd6c069214d52e26b5f2b.zip