diff options
author | Maxim Fedorov <[email protected]> | 2018-10-17 20:30:12 -0700 |
---|---|---|
committer | Maxim Fedorov <[email protected]> | 2018-10-26 07:54:01 -0700 |
commit | dabb85ceb5ef9d7bf3705bab854ecdbf0d6f538b (patch) | |
tree | a4b974fdc1440afba005bc9f17bbef0b7d9a01bd /lib/ssl | |
parent | d9682b02b81fa6e23e554b6e017650eb89ecebed (diff) | |
download | otp-dabb85ceb5ef9d7bf3705bab854ecdbf0d6f538b.tar.gz otp-dabb85ceb5ef9d7bf3705bab854ecdbf0d6f538b.tar.bz2 otp-dabb85ceb5ef9d7bf3705bab854ecdbf0d6f538b.zip |
ssl: fix timezone-related bug in ssl_pem_cache
Caught with unit test in ssl_pem_cache_SUITE.
When local timezone is PST (Pacific Standard Time), PEM cache was not evicting
expired entries due to file time converstion was done using
calendar:now_to_datetime, while file modification time is actually in local time.
Use os:system_time() to align with file_info modified time.
Diffstat (limited to 'lib/ssl')
-rw-r--r-- | lib/ssl/src/ssl_pem_cache.erl | 23 |
1 files changed, 7 insertions, 16 deletions
diff --git a/lib/ssl/src/ssl_pem_cache.erl b/lib/ssl/src/ssl_pem_cache.erl index b7d23ef01e..41bca2f7b5 100644 --- a/lib/ssl/src/ssl_pem_cache.erl +++ b/lib/ssl/src/ssl_pem_cache.erl @@ -45,7 +45,7 @@ -record(state, { pem_cache, - last_pem_check :: erlang:timestamp(), + last_pem_check :: integer(), clear :: integer() }). @@ -134,8 +134,9 @@ init([Name]) -> PemCache = ssl_pkix_db:create_pem_cache(Name), Interval = pem_check_interval(), erlang:send_after(Interval, self(), clear_pem_cache), + erlang:system_time(second), {ok, #state{pem_cache = PemCache, - last_pem_check = os:timestamp(), + last_pem_check = erlang:convert_time_unit(os:system_time(), native, second), clear = Interval }}. @@ -183,7 +184,7 @@ handle_cast({invalidate_pem, File}, #state{pem_cache = Db} = State) -> handle_info(clear_pem_cache, #state{pem_cache = PemCache, clear = Interval, last_pem_check = CheckPoint} = State) -> - NewCheckPoint = os:timestamp(), + NewCheckPoint = erlang:convert_time_unit(os:system_time(), native, second), start_pem_cache_validator(PemCache, CheckPoint), erlang:send_after(Interval, self(), clear_pem_cache), {noreply, State#state{last_pem_check = NewCheckPoint}}; @@ -229,24 +230,14 @@ init_pem_cache_validator([CacheName, PemCache, CheckPoint]) -> CheckPoint, PemCache). pem_cache_validate({File, _}, CheckPoint) -> - case file:read_file_info(File, []) of - {ok, #file_info{mtime = Time}} -> - case is_before_checkpoint(Time, CheckPoint) of - true -> - ok; - false -> - invalidate_pem(File) - end; + case file:read_file_info(File, [{time, posix}]) of + {ok, #file_info{mtime = Time}} when Time < CheckPoint -> + ok; _ -> invalidate_pem(File) end, CheckPoint. -is_before_checkpoint(Time, CheckPoint) -> - calendar:datetime_to_gregorian_seconds( - calendar:now_to_datetime(CheckPoint)) - - calendar:datetime_to_gregorian_seconds(Time) > 0. - pem_check_interval() -> case application:get_env(ssl, ssl_pem_cache_clean) of {ok, Interval} when is_integer(Interval) -> |