Merge branch 'ia/ssl/certtable-clean/OTP-10710'

* ia/ssl/certtable-clean/OTP-10710:
  ssl: Certificates and PEM-cache cleaning fixed to avoid memory leak

1 files changed, 29 insertions, 14 deletions

diff --git a/lib/ssl/src/ssl_manager.erl b/lib/ssl/src/ssl_manager.erl
index 13689ce7d8..14fba72d86 100644
--- a/lib/ssl/src/ssl_manager.erl
+++ b/lib/ssl/src/ssl_manager.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2007-2012. All Rights Reserved.
+%% Copyright Ericsson AB 2007-2013. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -142,8 +142,14 @@ lookup_trusted_cert(DbHandle, Ref, SerialNumber, Issuer) ->
 new_session_id(Port) ->
     call({new_session_id, Port}).
 
+%%--------------------------------------------------------------------
+-spec clean_cert_db(reference(), binary()) -> term().
+%%
+%% Description: Send clean request of cert db to ssl_manager process should
+%% be called by ssl-connection processes. 
+%%--------------------------------------------------------------------
 clean_cert_db(Ref, File) ->
-    erlang:send_after(?CLEAN_CERT_DB, self(), {clean_cert_db, Ref, File}).
+    erlang:send_after(?CLEAN_CERT_DB, get(ssl_manager), {clean_cert_db, Ref, File}).
 
 %%--------------------------------------------------------------------
 -spec register_session(inet:port_number(), #session{}) -> ok.
@@ -320,19 +326,12 @@ handle_info(clear_pem_cache, #state{certificate_db = [_,_,PemChace]} = State) ->
 
 handle_info({clean_cert_db, Ref, File},
 	    #state{certificate_db = [CertDb,RefDb, PemCache]} = State) ->
-    case ssl_certificate_db:ref_count(Ref, RefDb, 0) of
-	0 ->
-	    MD5 = crypto:md5(File),
-	    case ssl_certificate_db:lookup_cached_pem(PemCache, MD5) of
-		[{Content, Ref}] ->
-		    ssl_certificate_db:insert(MD5, Content, PemCache);
-		undefined ->
-		    ok
-	    end,
-	    ssl_certificate_db:remove(Ref, RefDb),
-	    ssl_certificate_db:remove_trusted_certs(Ref, CertDb);
+    
+    case ssl_certificate_db:lookup(Ref, RefDb) of
+	undefined -> %% Alredy cleaned
+	    ok;
 	_ ->
-	    ok
+	    clean_cert_db(Ref, CertDb, RefDb, PemCache, File)
     end,
     {noreply, State};
 
@@ -464,3 +463,19 @@ new_id(Port, Tries, Cache, CacheCb) ->
 	_ ->
 	    new_id(Port, Tries - 1, Cache, CacheCb)
     end.
+
+clean_cert_db(Ref, CertDb, RefDb, PemCache, File) ->
+    case ssl_certificate_db:ref_count(Ref, RefDb, 0) of
+	0 ->	  
+	    MD5 = crypto:md5(File),
+	    case ssl_certificate_db:lookup_cached_pem(PemCache, MD5) of
+		[{Content, Ref}] ->
+		    ssl_certificate_db:insert(MD5, Content, PemCache);		
+		_ ->
+		    ok
+	    end,
+	    ssl_certificate_db:remove(Ref, RefDb),
+	    ssl_certificate_db:remove_trusted_certs(Ref, CertDb);
+	_ ->
+	    ok
+    end.