diff options
author | Ingela Anderton Andin <[email protected]> | 2014-06-05 09:22:33 +0200 |
---|---|---|
committer | Ingela Anderton Andin <[email protected]> | 2014-06-05 09:22:33 +0200 |
commit | dd764d2a8070111f026aef0d21be1e2a19ad988f (patch) | |
tree | 73512a1ebd9fe1f5c5c72a52557a8c16daea790a /lib | |
parent | da63a1a2eb360c2bc212ab0f38ea1ef2609fbd60 (diff) | |
parent | fcc6a756277c8f041aae1b2aa431e43f9285c368 (diff) | |
download | otp-dd764d2a8070111f026aef0d21be1e2a19ad988f.tar.gz otp-dd764d2a8070111f026aef0d21be1e2a19ad988f.tar.bz2 otp-dd764d2a8070111f026aef0d21be1e2a19ad988f.zip |
Merge branch 'ia/ssl/dumb-clients/OTP-11969' into maint
* ia/ssl/dumb-clients/OTP-11969:
ssl: Avoid creating a huge session table
Diffstat (limited to 'lib')
-rw-r--r-- | lib/ssl/src/ssl_manager.erl | 42 |
1 files changed, 39 insertions, 3 deletions
diff --git a/lib/ssl/src/ssl_manager.erl b/lib/ssl/src/ssl_manager.erl index fbc73e0e42..2bc5a90f68 100644 --- a/lib/ssl/src/ssl_manager.erl +++ b/lib/ssl/src/ssl_manager.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2007-2013. All Rights Reserved. +%% Copyright Ericsson AB 2007-2014. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -282,8 +282,13 @@ handle_cast({register_session, Host, Port, Session}, session_cache_cb = CacheCb} = State) -> TimeStamp = calendar:datetime_to_gregorian_seconds({date(), time()}), NewSession = Session#session{time_stamp = TimeStamp}, - CacheCb:update(Cache, {{Host, Port}, - NewSession#session.session_id}, NewSession), + case CacheCb:select_session(Cache, {Host, Port}) of + no_session -> + CacheCb:update(Cache, {{Host, Port}, + NewSession#session.session_id}, NewSession); + Sessions -> + register_unique_session(Sessions, NewSession, CacheCb, Cache, {Host, Port}) + end, {noreply, State}; handle_cast({register_session, Port, Session}, @@ -494,3 +499,34 @@ clean_cert_db(Ref, CertDb, RefDb, PemCache, File) -> _ -> ok end. + +%% Do not let dumb clients create a gigantic session table +register_unique_session(Sessions, Session, CacheCb, Cache, PartialKey) -> + case exists_equivalent(Session , Sessions) of + true -> + ok; + false -> + CacheCb:update(Cache, {PartialKey, + Session#session.session_id}, Session) + end. + +exists_equivalent(_, []) -> + false; +exists_equivalent(#session{ + peer_certificate = PeerCert, + own_certificate = OwnCert, + compression_method = Compress, + cipher_suite = CipherSuite, + srp_username = SRP, + ecc = ECC} , + [#session{ + peer_certificate = PeerCert, + own_certificate = OwnCert, + compression_method = Compress, + cipher_suite = CipherSuite, + srp_username = SRP, + ecc = ECC} | _]) -> + true; +exists_equivalent(Session, [ _ | Rest]) -> + exists_equivalent(Session, Rest). + |