aboutsummaryrefslogtreecommitdiffstats
path: root/lib
diff options
context:
space:
mode:
authorIngela Anderton Andin <[email protected]>2014-06-05 09:22:33 +0200
committerIngela Anderton Andin <[email protected]>2014-06-05 09:22:33 +0200
commitdd764d2a8070111f026aef0d21be1e2a19ad988f (patch)
tree73512a1ebd9fe1f5c5c72a52557a8c16daea790a /lib
parentda63a1a2eb360c2bc212ab0f38ea1ef2609fbd60 (diff)
parentfcc6a756277c8f041aae1b2aa431e43f9285c368 (diff)
downloadotp-dd764d2a8070111f026aef0d21be1e2a19ad988f.tar.gz
otp-dd764d2a8070111f026aef0d21be1e2a19ad988f.tar.bz2
otp-dd764d2a8070111f026aef0d21be1e2a19ad988f.zip
Merge branch 'ia/ssl/dumb-clients/OTP-11969' into maint
* ia/ssl/dumb-clients/OTP-11969: ssl: Avoid creating a huge session table
Diffstat (limited to 'lib')
-rw-r--r--lib/ssl/src/ssl_manager.erl42
1 files changed, 39 insertions, 3 deletions
diff --git a/lib/ssl/src/ssl_manager.erl b/lib/ssl/src/ssl_manager.erl
index fbc73e0e42..2bc5a90f68 100644
--- a/lib/ssl/src/ssl_manager.erl
+++ b/lib/ssl/src/ssl_manager.erl
@@ -1,7 +1,7 @@
%%
%% %CopyrightBegin%
%%
-%% Copyright Ericsson AB 2007-2013. All Rights Reserved.
+%% Copyright Ericsson AB 2007-2014. All Rights Reserved.
%%
%% The contents of this file are subject to the Erlang Public License,
%% Version 1.1, (the "License"); you may not use this file except in
@@ -282,8 +282,13 @@ handle_cast({register_session, Host, Port, Session},
session_cache_cb = CacheCb} = State) ->
TimeStamp = calendar:datetime_to_gregorian_seconds({date(), time()}),
NewSession = Session#session{time_stamp = TimeStamp},
- CacheCb:update(Cache, {{Host, Port},
- NewSession#session.session_id}, NewSession),
+ case CacheCb:select_session(Cache, {Host, Port}) of
+ no_session ->
+ CacheCb:update(Cache, {{Host, Port},
+ NewSession#session.session_id}, NewSession);
+ Sessions ->
+ register_unique_session(Sessions, NewSession, CacheCb, Cache, {Host, Port})
+ end,
{noreply, State};
handle_cast({register_session, Port, Session},
@@ -494,3 +499,34 @@ clean_cert_db(Ref, CertDb, RefDb, PemCache, File) ->
_ ->
ok
end.
+
+%% Do not let dumb clients create a gigantic session table
+register_unique_session(Sessions, Session, CacheCb, Cache, PartialKey) ->
+ case exists_equivalent(Session , Sessions) of
+ true ->
+ ok;
+ false ->
+ CacheCb:update(Cache, {PartialKey,
+ Session#session.session_id}, Session)
+ end.
+
+exists_equivalent(_, []) ->
+ false;
+exists_equivalent(#session{
+ peer_certificate = PeerCert,
+ own_certificate = OwnCert,
+ compression_method = Compress,
+ cipher_suite = CipherSuite,
+ srp_username = SRP,
+ ecc = ECC} ,
+ [#session{
+ peer_certificate = PeerCert,
+ own_certificate = OwnCert,
+ compression_method = Compress,
+ cipher_suite = CipherSuite,
+ srp_username = SRP,
+ ecc = ECC} | _]) ->
+ true;
+exists_equivalent(Session, [ _ | Rest]) ->
+ exists_equivalent(Session, Rest).
+