aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/src/ssl_handshake.erl
diff options
context:
space:
mode:
authorIngela Anderton Andin <[email protected]>2012-06-13 09:42:19 +0200
committerIngela Anderton Andin <[email protected]>2012-06-13 09:42:19 +0200
commit67d2e30e77db74d0852421c21362d1a9374780e1 (patch)
treeb831402d804a1715b71f324b2cee87c303d238e1 /lib/ssl/src/ssl_handshake.erl
parent628d51fd2171cb6e8275f9a16d85300e42e83594 (diff)
parentf88ec275329908b017ae731f8e4ca11d862a9243 (diff)
downloadotp-67d2e30e77db74d0852421c21362d1a9374780e1.tar.gz
otp-67d2e30e77db74d0852421c21362d1a9374780e1.tar.bz2
otp-67d2e30e77db74d0852421c21362d1a9374780e1.zip
Merge branch 'ia/ssl/bottlenecks/OTP-10113' into maint
* ia/ssl/bottlenecks/OTP-10113: ssl: Test case fixes ssl: Avoid second bottleneck in supervisor ssl: File handling optimization ssl: Simpler PEM cache ssl: Refactored for readability ssl: Use md5 as file ref id instead of filenames ssl: Move ets:select bottleneck in server ssl: Renegotiate updates session id in gen_fsm state ssl: Use ordered_set in cache ssl: Move and avoid ets:select bottleneck in client ssl: Reuse session check optimization ssl: Avoid supervior bottleneck
Diffstat (limited to 'lib/ssl/src/ssl_handshake.erl')
-rw-r--r--lib/ssl/src/ssl_handshake.erl44
1 files changed, 23 insertions, 21 deletions
diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl
index 2e0a3de182..06d45966c1 100644
--- a/lib/ssl/src/ssl_handshake.erl
+++ b/lib/ssl/src/ssl_handshake.erl
@@ -30,7 +30,7 @@
-include("ssl_internal.hrl").
-include_lib("public_key/include/public_key.hrl").
--export([master_secret/4, client_hello/6, server_hello/4, hello/4,
+-export([master_secret/4, client_hello/8, server_hello/4, hello/4,
hello_request/0, certify/7, certificate/4,
client_certificate_verify/5, certificate_verify/5,
certificate_request/3, key_exchange/2, server_key_exchange_hash/2,
@@ -51,14 +51,17 @@
%%====================================================================
%%--------------------------------------------------------------------
-spec client_hello(host(), inet:port_number(), #connection_states{},
- #ssl_options{}, boolean(), der_cert()) -> #client_hello{}.
+ #ssl_options{}, integer(), atom(), boolean(), der_cert()) ->
+ #client_hello{}.
%%
%% Description: Creates a client hello message.
%%--------------------------------------------------------------------
-client_hello(Host, Port, ConnectionStates, #ssl_options{versions = Versions,
- ciphers = UserSuites}
- = SslOpts, Renegotiation, OwnCert) ->
-
+client_hello(Host, Port, ConnectionStates,
+ #ssl_options{versions = Versions,
+ ciphers = UserSuites
+ } = SslOpts,
+ Cache, CacheCb, Renegotiation, OwnCert) ->
+
Fun = fun(Version) ->
ssl_record:protocol_version(Version)
end,
@@ -67,15 +70,15 @@ client_hello(Host, Port, ConnectionStates, #ssl_options{versions = Versions,
SecParams = Pending#connection_state.security_parameters,
Ciphers = available_suites(UserSuites, Version),
- Id = ssl_manager:client_session_id(Host, Port, SslOpts, OwnCert),
+ Id = ssl_session:client_id({Host, Port, SslOpts}, Cache, CacheCb, OwnCert),
- #client_hello{session_id = Id,
+ #client_hello{session_id = Id,
client_version = Version,
cipher_suites = cipher_suites(Ciphers, Renegotiation),
compression_methods = ssl_record:compressions(),
random = SecParams#security_parameters.client_random,
- renegotiation_info =
- renegotiation_info(client, ConnectionStates, Renegotiation)
+ renegotiation_info =
+ renegotiation_info(client, ConnectionStates, Renegotiation)
}.
%%--------------------------------------------------------------------
@@ -584,24 +587,23 @@ path_validation_alert({bad_cert, unknown_ca}) ->
path_validation_alert(_) ->
?ALERT_REC(?FATAL, ?HANDSHAKE_FAILURE).
-select_session(Hello, Port, Session, Version,
+select_session(Hello, Port, Session, Version,
#ssl_options{ciphers = UserSuites} = SslOpts, Cache, CacheCb, Cert) ->
SuggestedSessionId = Hello#client_hello.session_id,
- SessionId = ssl_manager:server_session_id(Port, SuggestedSessionId,
- SslOpts, Cert),
-
- Suites = available_suites(Cert, UserSuites, Version),
- case ssl_session:is_new(SuggestedSessionId, SessionId) of
- true ->
- CipherSuite =
- select_cipher_suite(Hello#client_hello.cipher_suites, Suites),
+ {SessionId, Resumed} = ssl_session:server_id(Port, SuggestedSessionId,
+ SslOpts, Cert,
+ Cache, CacheCb),
+ Suites = available_suites(Cert, UserSuites, Version),
+ case Resumed of
+ undefined ->
+ CipherSuite = select_cipher_suite(Hello#client_hello.cipher_suites, Suites),
Compressions = Hello#client_hello.compression_methods,
Compression = select_compression(Compressions),
{new, Session#session{session_id = SessionId,
cipher_suite = CipherSuite,
compression_method = Compression}};
- false ->
- {resumed, CacheCb:lookup(Cache, {Port, SessionId})}
+ _ ->
+ {resumed, Resumed}
end.
available_suites(UserSuites, Version) ->