aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl
diff options
context:
space:
mode:
authorMaxim Fedorov <[email protected]>2018-10-17 20:30:12 -0700
committerMaxim Fedorov <[email protected]>2018-10-26 07:54:01 -0700
commitdabb85ceb5ef9d7bf3705bab854ecdbf0d6f538b (patch)
treea4b974fdc1440afba005bc9f17bbef0b7d9a01bd /lib/ssl
parentd9682b02b81fa6e23e554b6e017650eb89ecebed (diff)
downloadotp-dabb85ceb5ef9d7bf3705bab854ecdbf0d6f538b.tar.gz
otp-dabb85ceb5ef9d7bf3705bab854ecdbf0d6f538b.tar.bz2
otp-dabb85ceb5ef9d7bf3705bab854ecdbf0d6f538b.zip
ssl: fix timezone-related bug in ssl_pem_cache
Caught with unit test in ssl_pem_cache_SUITE. When local timezone is PST (Pacific Standard Time), PEM cache was not evicting expired entries due to file time converstion was done using calendar:now_to_datetime, while file modification time is actually in local time. Use os:system_time() to align with file_info modified time.
Diffstat (limited to 'lib/ssl')
-rw-r--r--lib/ssl/src/ssl_pem_cache.erl23
1 files changed, 7 insertions, 16 deletions
diff --git a/lib/ssl/src/ssl_pem_cache.erl b/lib/ssl/src/ssl_pem_cache.erl
index b7d23ef01e..41bca2f7b5 100644
--- a/lib/ssl/src/ssl_pem_cache.erl
+++ b/lib/ssl/src/ssl_pem_cache.erl
@@ -45,7 +45,7 @@
-record(state, {
pem_cache,
- last_pem_check :: erlang:timestamp(),
+ last_pem_check :: integer(),
clear :: integer()
}).
@@ -134,8 +134,9 @@ init([Name]) ->
PemCache = ssl_pkix_db:create_pem_cache(Name),
Interval = pem_check_interval(),
erlang:send_after(Interval, self(), clear_pem_cache),
+ erlang:system_time(second),
{ok, #state{pem_cache = PemCache,
- last_pem_check = os:timestamp(),
+ last_pem_check = erlang:convert_time_unit(os:system_time(), native, second),
clear = Interval
}}.
@@ -183,7 +184,7 @@ handle_cast({invalidate_pem, File}, #state{pem_cache = Db} = State) ->
handle_info(clear_pem_cache, #state{pem_cache = PemCache,
clear = Interval,
last_pem_check = CheckPoint} = State) ->
- NewCheckPoint = os:timestamp(),
+ NewCheckPoint = erlang:convert_time_unit(os:system_time(), native, second),
start_pem_cache_validator(PemCache, CheckPoint),
erlang:send_after(Interval, self(), clear_pem_cache),
{noreply, State#state{last_pem_check = NewCheckPoint}};
@@ -229,24 +230,14 @@ init_pem_cache_validator([CacheName, PemCache, CheckPoint]) ->
CheckPoint, PemCache).
pem_cache_validate({File, _}, CheckPoint) ->
- case file:read_file_info(File, []) of
- {ok, #file_info{mtime = Time}} ->
- case is_before_checkpoint(Time, CheckPoint) of
- true ->
- ok;
- false ->
- invalidate_pem(File)
- end;
+ case file:read_file_info(File, [{time, posix}]) of
+ {ok, #file_info{mtime = Time}} when Time < CheckPoint ->
+ ok;
_ ->
invalidate_pem(File)
end,
CheckPoint.
-is_before_checkpoint(Time, CheckPoint) ->
- calendar:datetime_to_gregorian_seconds(
- calendar:now_to_datetime(CheckPoint)) -
- calendar:datetime_to_gregorian_seconds(Time) > 0.
-
pem_check_interval() ->
case application:get_env(ssl, ssl_pem_cache_clean) of
{ok, Interval} when is_integer(Interval) ->