diff options
author | Ingela Anderton Andin <[email protected]> | 2014-04-10 09:44:20 +0200 |
---|---|---|
committer | Ingela Anderton Andin <[email protected]> | 2014-04-11 09:35:55 +0200 |
commit | fcc6a756277c8f041aae1b2aa431e43f9285c368 (patch) | |
tree | c8e108a88b9ca9bcb5d7971090d1af439c9b7cf7 /lib | |
parent | 07b8f441ca711f9812fad9e9115bab3c3aa92f79 (diff) | |
download | otp-fcc6a756277c8f041aae1b2aa431e43f9285c368.tar.gz otp-fcc6a756277c8f041aae1b2aa431e43f9285c368.tar.bz2 otp-fcc6a756277c8f041aae1b2aa431e43f9285c368.zip |
ssl: Avoid creating a huge session table
Diffstat (limited to 'lib')
-rw-r--r-- | lib/ssl/src/ssl_manager.erl | 42 |
1 files changed, 39 insertions, 3 deletions
diff --git a/lib/ssl/src/ssl_manager.erl b/lib/ssl/src/ssl_manager.erl index fbc73e0e42..2bc5a90f68 100644 --- a/lib/ssl/src/ssl_manager.erl +++ b/lib/ssl/src/ssl_manager.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2007-2013. All Rights Reserved. +%% Copyright Ericsson AB 2007-2014. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -282,8 +282,13 @@ handle_cast({register_session, Host, Port, Session}, session_cache_cb = CacheCb} = State) -> TimeStamp = calendar:datetime_to_gregorian_seconds({date(), time()}), NewSession = Session#session{time_stamp = TimeStamp}, - CacheCb:update(Cache, {{Host, Port}, - NewSession#session.session_id}, NewSession), + case CacheCb:select_session(Cache, {Host, Port}) of + no_session -> + CacheCb:update(Cache, {{Host, Port}, + NewSession#session.session_id}, NewSession); + Sessions -> + register_unique_session(Sessions, NewSession, CacheCb, Cache, {Host, Port}) + end, {noreply, State}; handle_cast({register_session, Port, Session}, @@ -494,3 +499,34 @@ clean_cert_db(Ref, CertDb, RefDb, PemCache, File) -> _ -> ok end. + +%% Do not let dumb clients create a gigantic session table +register_unique_session(Sessions, Session, CacheCb, Cache, PartialKey) -> + case exists_equivalent(Session , Sessions) of + true -> + ok; + false -> + CacheCb:update(Cache, {PartialKey, + Session#session.session_id}, Session) + end. + +exists_equivalent(_, []) -> + false; +exists_equivalent(#session{ + peer_certificate = PeerCert, + own_certificate = OwnCert, + compression_method = Compress, + cipher_suite = CipherSuite, + srp_username = SRP, + ecc = ECC} , + [#session{ + peer_certificate = PeerCert, + own_certificate = OwnCert, + compression_method = Compress, + cipher_suite = CipherSuite, + srp_username = SRP, + ecc = ECC} | _]) -> + true; +exists_equivalent(Session, [ _ | Rest]) -> + exists_equivalent(Session, Rest). + |