diff options
author | Ingela Anderton Andin <ingela@erlang.org> | 2011-05-17 17:41:22 +0200 |
---|---|---|
committer | Ingela Anderton Andin <ingela@erlang.org> | 2011-05-17 17:41:22 +0200 |
commit | 2b31edf742b3d9236dfc35b947b3b0c356010236 (patch) | |
tree | 770055d6ba0da917e7b6bc8d305d1ef860415dd7 /lib | |
parent | 69f7630157b16eda1639323e6bbc269096255006 (diff) | |
download | otp-2b31edf742b3d9236dfc35b947b3b0c356010236.tar.gz otp-2b31edf742b3d9236dfc35b947b3b0c356010236.tar.bz2 otp-2b31edf742b3d9236dfc35b947b3b0c356010236.zip |
In TLS 1.1, failure to properly close a connection no longer requires
that a session not be resumed. This is a change from TLS 1.0 to
conform with widespread implementation practice. Erlang ssl will now
in TLS 1.0 conform to the widespread implementation practice instead
of the specification to avoid performance issues.
Diffstat (limited to 'lib')
-rw-r--r-- | lib/ssl/src/ssl_connection.erl | 18 |
1 files changed, 12 insertions, 6 deletions
diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl index 0a86e9bd29..2c452837f8 100644 --- a/lib/ssl/src/ssl_connection.erl +++ b/lib/ssl/src/ssl_connection.erl @@ -941,17 +941,23 @@ handle_info({Protocol, _, Data}, StateName, handle_info({CloseTag, Socket}, _StateName, #state{socket = Socket, close_tag = CloseTag, - negotiated_version = Version, host = Host, - port = Port, socket_options = Opts, + negotiated_version = Version, + socket_options = Opts, user_application = {_Mon,Pid}, from = From, - role = Role, session = Session} = State) -> - %% Debug option maybe, the user do NOT want to see these in their logs - %% error_logger:info_report("SSL: Peer did not send close notify alert."), + role = Role} = State) -> + %% Note that as of TLS 1.1, + %% failure to properly close a connection no longer requires that a + %% session not be resumed. This is a change from TLS 1.0 to conform + %% with widespread implementation practice. case Version of {1, N} when N >= 1 -> ok; _ -> - invalidate_session(Role, Host, Port, Session) + %% As invalidate_sessions here causes performance issues, + %% we will conform to the widespread implementation + %% practice and go aginst the spec + %%invalidate_session(Role, Host, Port, Session) + ok end, alert_user(Opts#socket_options.active, Pid, From, ?ALERT_REC(?WARNING, ?CLOSE_NOTIFY), Role), |