aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl
diff options
context:
space:
mode:
authorMagnus Henoch <[email protected]>2015-11-20 15:27:34 +0000
committerMagnus Henoch <[email protected]>2015-12-18 15:54:42 +0000
commit1be4f6f84f36ad8a84ddcf211336aa4b266661d8 (patch)
treecce4ec5b6f71f14f0e0354c5c650a73f37948635 /lib/ssl
parentd4a3296ba3117315343057715ee428490e992ef0 (diff)
downloadotp-1be4f6f84f36ad8a84ddcf211336aa4b266661d8.tar.gz
otp-1be4f6f84f36ad8a84ddcf211336aa4b266661d8.tar.bz2
otp-1be4f6f84f36ad8a84ddcf211336aa4b266661d8.zip
TLS distribution: bind erts socket to localhost
There is no reason for the socket on the erts side of the proxy to accept connections from other hosts, so let's bind it to the loopback interface. Also change {ip, {127,0,0,1}} to {ip, loopback} for the erts side of the socket for outgoing connections, to avoid hardcoding IPv4.
Diffstat (limited to 'lib/ssl')
-rw-r--r--lib/ssl/src/ssl_tls_dist_proxy.erl4
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/ssl/src/ssl_tls_dist_proxy.erl b/lib/ssl/src/ssl_tls_dist_proxy.erl
index 273d3b5521..25192aac0e 100644
--- a/lib/ssl/src/ssl_tls_dist_proxy.erl
+++ b/lib/ssl/src/ssl_tls_dist_proxy.erl
@@ -60,7 +60,7 @@ init([]) ->
{ok, #state{}}.
handle_call({listen, Name}, _From, State) ->
- case gen_tcp:listen(0, [{active, false}, {packet,?PPRE}]) of
+ case gen_tcp:listen(0, [{active, false}, {packet,?PPRE}, {ip, loopback}]) of
{ok, Socket} ->
{ok, World} = gen_tcp:listen(0, [{active, false}, binary, {packet,?PPRE}]),
{ok, TcpAddress} = get_tcp_address(Socket),
@@ -179,7 +179,7 @@ setup_proxy(Ip, Port, Parent) ->
Opts = get_ssl_options(client),
case ssl:connect(Ip, Port, [{active, true}, binary, {packet,?PPRE}] ++ Opts) of
{ok, World} ->
- {ok, ErtsL} = gen_tcp:listen(0, [{active, true}, {ip, {127,0,0,1}}, binary, {packet,?PPRE}]),
+ {ok, ErtsL} = gen_tcp:listen(0, [{active, true}, {ip, loopback}, binary, {packet,?PPRE}]),
{ok, #net_address{address={_,LPort}}} = get_tcp_address(ErtsL),
Parent ! {self(), go_ahead, LPort},
case gen_tcp:accept(ErtsL) of