aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/src/ssl_connection.erl
diff options
context:
space:
mode:
authorErlang/OTP <[email protected]>2010-02-12 10:29:45 +0000
committerErlang/OTP <[email protected]>2010-02-12 10:29:45 +0000
commit96ceb366d9f600e645516f24396c976fb738182a (patch)
tree65517b7865a8edb136c9ef7b90e120d1389cfd37 /lib/ssl/src/ssl_connection.erl
parent9e009689743b32168ec0b5be8cb113d5867fec3f (diff)
parent464f2bac3b5dadd35add52fdee2ccfe8e05facd9 (diff)
downloadotp-96ceb366d9f600e645516f24396c976fb738182a.tar.gz
otp-96ceb366d9f600e645516f24396c976fb738182a.tar.bz2
otp-96ceb366d9f600e645516f24396c976fb738182a.zip
Merge branch 'yh/packet_option_for_new_ssl_send' into ccase/r13b04_dev
* yh/packet_option_for_new_ssl_send: Fixed ssl:setopts(Socket, binary) which was didn't work for 'new' ssl. Fixed bug file cache bug and improved the error messages. Allow <c>ssl:listen/2</c> to be called with option {ssl_imp, old}. prepend packet size bytes in ssl:send() in new_ssl implementation OTP-8441 ssl:send/2 ignored packet option, fix provided by YAMASHINA Hio. Fixed a file cache bug which caused problems when the same file was used for both cert and cacert. Allow ssl:listen/2 to be called with option {ssl_imp, old}. Fixed ssl:setopts(Socket, binary) which didn't work for 'new' ssl..
Diffstat (limited to 'lib/ssl/src/ssl_connection.erl')
-rw-r--r--lib/ssl/src/ssl_connection.erl74
1 files changed, 57 insertions, 17 deletions
diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl
index d9377fe3d6..bbffa1e564 100644
--- a/lib/ssl/src/ssl_connection.erl
+++ b/lib/ssl/src/ssl_connection.erl
@@ -610,7 +610,7 @@ connection(hello, State = #state{host = Host, port = Port,
%% gen_fsm:sync_send_event/2,3, the instance of this function with the same
%% name as the current state name StateName is called to handle the event.
%%--------------------------------------------------------------------
-connection({application_data, Data}, _From,
+connection({application_data, Data0}, _From,
State = #state{socket = Socket,
negotiated_version = Version,
transport_cb = Transport,
@@ -618,10 +618,16 @@ connection({application_data, Data}, _From,
%% We should look into having a worker process to do this to
%% parallize send and receive decoding and not block the receiver
%% if sending is overloading the socket.
- {Msgs, ConnectionStates1} = encode_data(Data, Version, ConnectionStates0),
- Result = Transport:send(Socket, Msgs),
- {reply, Result,
- connection, State#state{connection_states = ConnectionStates1}}.
+ try
+ Data = encode_packet(Data0, State#state.socket_options),
+ {Msgs, ConnectionStates1} = encode_data(Data, Version, ConnectionStates0),
+ Result = Transport:send(Socket, Msgs),
+ {reply, Result,
+ connection, State#state{connection_states = ConnectionStates1}}
+
+ catch throw:Error ->
+ {reply, Error, connection, State}
+ end.
%%--------------------------------------------------------------------
%% Function:
@@ -972,8 +978,14 @@ init_certificates(#ssl_options{cacertfile = CACertFile,
case ssl_manager:connection_init(CACertFile, Role) of
{ok, CertDbRef, CacheRef} ->
init_certificates(CertDbRef, CacheRef, CertFile, Role);
+ {error, {badmatch, _Error}} ->
+ Report = io_lib:format("SSL: Error ~p Initializing: ~p ~n",
+ [_Error, CACertFile]),
+ error_logger:error_report(Report),
+ throw(ecacertfile);
{error, _Error} ->
- Report = io_lib:format("SSL: Error ~p ~n",[_Error]),
+ Report = io_lib:format("SSL: Error ~p Initializing: ~p ~n",
+ [_Error, CACertFile]),
error_logger:error_report(Report),
throw(ecacertfile)
end.
@@ -990,12 +1002,18 @@ init_certificates(CertDbRef, CacheRef, CertFile, server) ->
try
[OwnCert] = ssl_certificate:file_to_certificats(CertFile),
{ok, CertDbRef, CacheRef, OwnCert}
- catch _E:_R ->
- Report = io_lib:format("SSL: ~p: ~p:~p ~p~n",
- [?LINE, _E,_R, erlang:get_stacktrace()]),
- error_logger:error_report(Report),
- throw(ecertfile)
- end.
+ catch
+ _E:{badmatch, _R={error,_}} ->
+ Report = io_lib:format("SSL: ~p: ~p:~p ~s~n ~p~n",
+ [?LINE, _E,_R, CertFile, erlang:get_stacktrace()]),
+ error_logger:error_report(Report),
+ throw(ecertfile);
+ _E:_R ->
+ Report = io_lib:format("SSL: ~p: ~p:~p ~s~n ~p~n",
+ [?LINE, _E,_R, CertFile, erlang:get_stacktrace()]),
+ error_logger:error_report(Report),
+ throw(ecertfile)
+ end.
init_private_key(undefined, "", _Password, client) ->
undefined;
@@ -1006,9 +1024,15 @@ init_private_key(undefined, KeyFile, Password, _) ->
PKey =:= rsa_private_key orelse PKey =:= dsa_private_key],
{ok, Decoded} = public_key:decode_private_key(Der,Password),
Decoded
- catch _E:_R ->
- Report = io_lib:format("SSL: ~p: ~p:~p ~p~n",
- [?LINE, _E,_R, erlang:get_stacktrace()]),
+ catch
+ _E:{badmatch, _R={error,_}} ->
+ Report = io_lib:format("SSL: ~p: ~p:~p ~s~n ~p~n",
+ [?LINE, _E,_R, KeyFile, erlang:get_stacktrace()]),
+ error_logger:error_report(Report),
+ throw(ekeyfile);
+ _E:_R ->
+ Report = io_lib:format("SSL: ~p: ~p:~p ~s~n ~p~n",
+ [?LINE, _E,_R, KeyFile, erlang:get_stacktrace()]),
error_logger:error_report(Report),
throw(ekeyfile)
end;
@@ -1037,8 +1061,7 @@ send_all_state_event(FsmPid, Event) ->
gen_fsm:send_all_state_event(FsmPid, Event).
sync_send_all_state_event(FsmPid, Event) ->
- sync_send_all_state_event(FsmPid, Event, ?DEFAULT_TIMEOUT
-).
+ sync_send_all_state_event(FsmPid, Event, ?DEFAULT_TIMEOUT).
sync_send_all_state_event(FsmPid, Event, Timeout) ->
try gen_fsm:sync_send_all_state_event(FsmPid, Event, Timeout)
@@ -1404,6 +1427,23 @@ encode_handshake(HandshakeRec, SigAlg, Version, ConnectionStates0, Hashes0) ->
ssl_record:encode_handshake(Frag, Version, ConnectionStates0),
{E, ConnectionStates1, Hashes1}.
+encode_packet(Data, #socket_options{packet=Packet}) ->
+ case Packet of
+ 0 -> Data;
+ 1 -> encode_size_packet(Data, 8, (1 bsl 8) - 1);
+ 2 -> encode_size_packet(Data, 16, (1 bsl 16) - 1);
+ 4 -> encode_size_packet(Data, 32, (1 bsl 32) - 1);
+ _ ->
+ throw({error, {badarg, {eoptions, {packet, Packet}}}})
+ end.
+
+encode_size_packet(Bin, Size, Max) ->
+ Len = byte_size(Bin),
+ case Len > Max of
+ true -> throw({error, {badarg, {packet_to_large, Len, Max}}});
+ false -> <<Len:Size, Bin/binary>>
+ end.
+
encode_data(Data, Version, ConnectionStates) ->
ssl_record:encode_data(Data, Version, ConnectionStates).