diff options
author | Dan Gudmundsson <dgud@erlang.org> | 2012-04-20 13:05:17 +0200 |
---|---|---|
committer | Ingela Anderton Andin <ingela@erlang.org> | 2012-06-08 16:52:06 +0200 |
commit | 3dab268b2507e296eaae420086c9604397e37349 (patch) | |
tree | 346b20949b630f8a7343f2a43bfa97b5daa65343 /lib | |
parent | eaa2564532d6ac87fda2aa9a1d6bce0ac9d35829 (diff) | |
download | otp-3dab268b2507e296eaae420086c9604397e37349.tar.gz otp-3dab268b2507e296eaae420086c9604397e37349.tar.bz2 otp-3dab268b2507e296eaae420086c9604397e37349.zip |
ssl: Use md5 as file ref id instead of filenames
Aviods storing a lot of data
Diffstat (limited to 'lib')
-rw-r--r-- | lib/ssl/src/ssl_certificate_db.erl | 38 | ||||
-rw-r--r-- | lib/ssl/src/ssl_connection.erl | 9 |
2 files changed, 21 insertions, 26 deletions
diff --git a/lib/ssl/src/ssl_certificate_db.erl b/lib/ssl/src/ssl_certificate_db.erl index cb2473576a..ed6e94d445 100644 --- a/lib/ssl/src/ssl_certificate_db.erl +++ b/lib/ssl/src/ssl_certificate_db.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2007-2011. All Rights Reserved. +%% Copyright Ericsson AB 2007-2012. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -73,7 +73,7 @@ lookup_trusted_cert(DbHandle, Ref, SerialNumber, Issuer) -> end. lookup_cached_certs(DbHandle, File) -> - ets:lookup(DbHandle, {file, File}). + ets:lookup(DbHandle, {file, crypto:md5(File)}). %%-------------------------------------------------------------------- -spec add_trusted_certs(pid(), string() | {der, list()}, [db_handle()]) -> {ok, [db_handle()]}. @@ -87,17 +87,18 @@ add_trusted_certs(_Pid, {der, DerList}, [CerDb, _,_]) -> add_certs_from_der(DerList, NewRef, CerDb), {ok, NewRef}; add_trusted_certs(Pid, File, [CertsDb, FileToRefDb, PidToFileDb]) -> - Ref = case lookup(File, FileToRefDb) of + MD5 = crypto:md5(File), + Ref = case lookup(MD5, FileToRefDb) of undefined -> NewRef = make_ref(), add_certs_from_file(File, NewRef, CertsDb), - insert(File, NewRef, 1, FileToRefDb), + insert(MD5, NewRef, 1, FileToRefDb), NewRef; [OldRef] -> - ref_count(File,FileToRefDb,1), + ref_count(MD5,FileToRefDb,1), OldRef end, - insert(Pid, File, PidToFileDb), + insert(Pid, MD5, PidToFileDb), {ok, Ref}. %%-------------------------------------------------------------------- -spec cache_pem_file(pid(), string(), time(), [db_handle()]) -> term(). @@ -107,8 +108,9 @@ add_trusted_certs(Pid, File, [CertsDb, FileToRefDb, PidToFileDb]) -> cache_pem_file(Pid, File, Time, [CertsDb, _FileToRefDb, PidToFileDb]) -> {ok, PemBin} = file:read_file(File), Content = public_key:pem_decode(PemBin), - insert({file, File}, {Time, Content}, CertsDb), - insert(Pid, File, PidToFileDb), + MD5 = crypto:md5(File), + insert({file, MD5}, {Time, Content}, CertsDb), + insert(Pid, MD5, PidToFileDb), {ok, Content}. %-------------------------------------------------------------------- @@ -122,7 +124,7 @@ cache_pem_file(Pid, File, Time, [CertsDb, _FileToRefDb, PidToFileDb]) -> %% but with different content. %% -------------------------------------------------------------------- uncache_pem_file(File, [_CertsDb, _FileToRefDb, PidToFileDb]) -> - Pids = select(PidToFileDb, [{{'$1', File},[],['$$']}]), + Pids = select(PidToFileDb, [{{'$1', crypto:md5(File)},[],['$$']}]), lists:foreach(fun([Pid]) -> exit(Pid, shutdown) end, Pids). @@ -135,26 +137,26 @@ uncache_pem_file(File, [_CertsDb, _FileToRefDb, PidToFileDb]) -> %% the file associated to Pid from the runtime database. %%-------------------------------------------------------------------- remove_trusted_certs(Pid, [CertsDb, FileToRefDb, PidToFileDb]) -> - Files = lookup(Pid, PidToFileDb), + FileMD5s = lookup(Pid, PidToFileDb), delete(Pid, PidToFileDb), - Clear = fun(File) -> - delete({file,File}, CertsDb), + Clear = fun(MD5) -> + delete({file,MD5}, CertsDb), try - 0 = ref_count(File, FileToRefDb, -1), - case lookup(File, FileToRefDb) of + 0 = ref_count(MD5, FileToRefDb, -1), + case lookup(MD5, FileToRefDb) of [Ref] when is_reference(Ref) -> remove_certs(Ref, CertsDb); _ -> ok end, - delete(File, FileToRefDb) + delete(MD5, FileToRefDb) catch _:_ -> ok end end, - case Files of + case FileMD5s of undefined -> ok; - _ -> - [Clear(File) || File <- Files], + _ -> + [Clear(FileMD5) || FileMD5 <- FileMD5s], ok end. diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl index cadc7f4185..3541c9371a 100644 --- a/lib/ssl/src/ssl_connection.erl +++ b/lib/ssl/src/ssl_connection.erl @@ -320,14 +320,7 @@ init([Role, Host, Port, Socket, {SSLOpts0, _} = Options, User, CbInfo]) -> throw:Error -> gen_fsm:enter_loop(?MODULE, [], error, {Error,State0}, get_timeout(State0)) end. - -%%-------------------------------------------------------------------- -%% Description:There should be one instance of this function for each -%% possible state name. Whenever a gen_fsm receives an event sent -%% using gen_fsm:send_event/2, the instance of this function with the -%% same name as the current state name StateName is called to handle -%% the event. It is also called if a timeout occurs. -%% + %%-------------------------------------------------------------------- %% Description:There should be one instance of this function for each %% possible state name. Whenever a gen_fsm receives an event sent |