diff options
-rw-r--r-- | lib/ssl/src/ssl_certificate_db.erl | 51 | ||||
-rw-r--r-- | lib/ssl/src/ssl_connection.erl | 8 | ||||
-rw-r--r-- | lib/ssl/src/ssl_manager.erl | 7 | ||||
-rw-r--r-- | lib/ssl/src/ssl_tls_dist_proxy.erl | 50 |
4 files changed, 65 insertions, 51 deletions
diff --git a/lib/ssl/src/ssl_certificate_db.erl b/lib/ssl/src/ssl_certificate_db.erl index 67d00f0da7..ff36b5ee26 100644 --- a/lib/ssl/src/ssl_certificate_db.erl +++ b/lib/ssl/src/ssl_certificate_db.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2007-2012. All Rights Reserved. +%% Copyright Ericsson AB 2007-2013. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -18,10 +18,11 @@ %% %%---------------------------------------------------------------------- -%% Purpose: Storage for trused certificats +%% Purpose: Storage for trusted certificates %%---------------------------------------------------------------------- -module(ssl_certificate_db). + -include("ssl_internal.hrl"). -include_lib("public_key/include/public_key.hrl"). -include_lib("kernel/include/file.hrl"). @@ -37,7 +38,7 @@ %%==================================================================== %%-------------------------------------------------------------------- --spec create() -> [db_handle()]. +-spec create() -> [db_handle(),...]. %% %% Description: Creates a new certificate db. %% Note: lookup_trusted_cert/4 may be called from any process but only @@ -54,7 +55,7 @@ create() -> ]. %%-------------------------------------------------------------------- --spec remove([db_handle()]) -> term(). +-spec remove([db_handle()]) -> ok. %% %% Description: Removes database db %%-------------------------------------------------------------------- @@ -114,8 +115,8 @@ add_trusted_certs(_Pid, File, [CertsDb, RefDb, PemChache] = Db) -> new_trusted_cert_entry({MD5, File}, Db) end. %%-------------------------------------------------------------------- --spec cache_pem_file({binary(), binary()}, [db_handle()]) -> term(). --spec cache_pem_file(reference(), {binary(), binary()}, [db_handle()]) -> term(). +-spec cache_pem_file({binary(), binary()}, [db_handle()]) -> {ok, term()}. +-spec cache_pem_file(reference(), {binary(), binary()}, [db_handle()]) -> {ok, term()}. %% %% Description: Cache file as binary in DB %%-------------------------------------------------------------------- @@ -131,19 +132,25 @@ cache_pem_file(Ref, {MD5, File}, [_CertsDb, _RefDb, PemChache]) -> insert(MD5, {Content, Ref}, PemChache), {ok, Content}. +%%-------------------------------------------------------------------- +-spec remove_trusted_certs(reference(), db_handle()) -> ok. +%% +%% Description: Removes all trusted certificates refernced by <Ref>. +%%-------------------------------------------------------------------- remove_trusted_certs(Ref, CertsDb) -> remove_certs(Ref, CertsDb). %%-------------------------------------------------------------------- --spec remove(term(), db_handle()) -> term(). +-spec remove(term(), db_handle()) -> ok. %% %% Description: Removes an element in a <Db>. %%-------------------------------------------------------------------- remove(Key, Db) -> - _ = ets:delete(Db, Key). + ets:delete(Db, Key), + ok. %%-------------------------------------------------------------------- --spec lookup(term(), db_handle()) -> term() | undefined. +-spec lookup(term(), db_handle()) -> [term()] | undefined. %% %% Description: Looks up an element in a <Db>. %%-------------------------------------------------------------------- @@ -158,7 +165,7 @@ lookup(Key, Db) -> [Pick(Data) || Data <- Contents] end. %%-------------------------------------------------------------------- --spec foldl(fun(), term(), db_handle()) -> term(). +-spec foldl(fun((_,_) -> term()), term(), db_handle()) -> term(). %% %% Description: Calls Fun(Elem, AccIn) on successive elements of the %% cache, starting with AccIn == Acc0. Fun/2 must return a new @@ -178,12 +185,13 @@ ref_count(Key, Db, N) -> ets:update_counter(Db,Key,N). %%-------------------------------------------------------------------- --spec clear(db_handle()) -> term(). +-spec clear(db_handle()) -> ok. %% %% Description: Clears the cache %%-------------------------------------------------------------------- clear(Db) -> - ets:delete_all_objects(Db). + true = ets:delete_all_objects(Db), + ok. %%-------------------------------------------------------------------- -spec db_size(db_handle()) -> integer(). @@ -194,30 +202,35 @@ db_size(Db) -> ets:info(Db, size). %%-------------------------------------------------------------------- -%%-spec insert(Key::term(), Data::term(), Db::db_handle()) -> no_return(). +-spec insert(Key::term(), Data::term(), Db::db_handle()) -> ok. %% %% Description: Inserts data into <Db> %%-------------------------------------------------------------------- insert(Key, Data, Db) -> - true = ets:insert(Db, {Key, Data}). + true = ets:insert(Db, {Key, Data}), + ok. %%-------------------------------------------------------------------- %%% Internal functions %%-------------------------------------------------------------------- update_counter(Key, Count, Db) -> - true = ets:insert(Db, {Key, Count}). + true = ets:insert(Db, {Key, Count}), + ok. remove_certs(Ref, CertsDb) -> - ets:match_delete(CertsDb, {{Ref, '_', '_'}, '_'}). + true = ets:match_delete(CertsDb, {{Ref, '_', '_'}, '_'}), + ok. add_certs_from_der(DerList, Ref, CertsDb) -> Add = fun(Cert) -> add_certs(Cert, Ref, CertsDb) end, - [Add(Cert) || Cert <- DerList]. + [Add(Cert) || Cert <- DerList], + ok. add_certs_from_pem(PemEntries, Ref, CertsDb) -> Add = fun(Cert) -> add_certs(Cert, Ref, CertsDb) end, - [Add(Cert) || {'Certificate', Cert, not_encrypted} <- PemEntries]. - + [Add(Cert) || {'Certificate', Cert, not_encrypted} <- PemEntries], + ok. + add_certs(Cert, Ref, CertsDb) -> try ErlCert = public_key:pkix_decode_cert(Cert, otp), TBSCertificate = ErlCert#'OTPCertificate'.tbsCertificate, diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl index 68f6a4d4c1..e5a6181a88 100644 --- a/lib/ssl/src/ssl_connection.erl +++ b/lib/ssl/src/ssl_connection.erl @@ -372,8 +372,7 @@ hello(#server_hello{cipher_suite = CipherSuite, ssl_options = SslOptions} = State0) -> case ssl_handshake:hello(Hello, SslOptions, ConnectionStates0, Renegotiation) of #alert{} = Alert -> - handle_own_alert(Alert, ReqVersion, hello, State0), - {stop, {shutdown, own_alert}, State0}; + handle_own_alert(Alert, ReqVersion, hello, State0); {Version, NewId, ConnectionStates, NextProtocol} -> {KeyAlgorithm, _, _, _} = ssl_cipher:suite_definition(CipherSuite), @@ -2510,12 +2509,13 @@ default_hashsign(_Version, KeyExchange) start_or_recv_cancel_timer(infinity, _RecvFrom) -> undefined; start_or_recv_cancel_timer(Timeout, RecvFrom) -> - erlang:send_after(Timeout, self(), {cancel_start_or_recv, RecvFrom}). + erlang:send_after(Timeout, self(), {cancel_start_or_recv, RecvFrom}). cancel_timer(undefined) -> ok; cancel_timer(Timer) -> - erlang:cancel_timer(Timer). + erlang:cancel_timer(Timer), + ok. handle_unrecv_data(StateName, #state{socket = Socket, transport_cb = Transport} = State) -> inet:setopts(Socket, [{active, false}]), diff --git a/lib/ssl/src/ssl_manager.erl b/lib/ssl/src/ssl_manager.erl index 14fba72d86..aa9da65bb8 100644 --- a/lib/ssl/src/ssl_manager.erl +++ b/lib/ssl/src/ssl_manager.erl @@ -143,13 +143,14 @@ new_session_id(Port) -> call({new_session_id, Port}). %%-------------------------------------------------------------------- --spec clean_cert_db(reference(), binary()) -> term(). +-spec clean_cert_db(reference(), binary()) -> ok. %% %% Description: Send clean request of cert db to ssl_manager process should %% be called by ssl-connection processes. %%-------------------------------------------------------------------- clean_cert_db(Ref, File) -> - erlang:send_after(?CLEAN_CERT_DB, get(ssl_manager), {clean_cert_db, Ref, File}). + erlang:send_after(?CLEAN_CERT_DB, get(ssl_manager), {clean_cert_db, Ref, File}), + ok. %%-------------------------------------------------------------------- -spec register_session(inet:port_number(), #session{}) -> ok. @@ -344,7 +345,7 @@ handle_info(_Info, State) -> {noreply, State}. %%-------------------------------------------------------------------- --spec terminate(reason(), #state{}) -> term(). +-spec terminate(reason(), #state{}) -> ok. %% %% Description: This function is called by a gen_server when it is about to %% terminate. It should be the opposite of Module:init/1 and do any necessary diff --git a/lib/ssl/src/ssl_tls_dist_proxy.erl b/lib/ssl/src/ssl_tls_dist_proxy.erl index a8476b104f..a22af6b960 100644 --- a/lib/ssl/src/ssl_tls_dist_proxy.erl +++ b/lib/ssl/src/ssl_tls_dist_proxy.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2011-2012. All Rights Reserved. +%% Copyright Ericsson AB 2011-2013. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -89,7 +89,7 @@ handle_call({connect, Ip, Port}, {From, _}, State) -> ok -> flush_old_controller(From, Socket), {reply, Res, State} - end; + end; {Pid, Error} -> {reply, Error, State} end; @@ -115,13 +115,13 @@ code_change(_OldVsn, St, _Extra) -> get_tcp_address(Socket) -> case inet:sockname(Socket) of {ok, Address} -> - {ok, Host} = inet:gethostname(), + {ok, Host} = inet:gethostname(), NetAddress = #net_address{ - address = Address, - host = Host, - protocol = proxy, - family = inet - }, + address = Address, + host = Host, + protocol = proxy, + family = inet + }, {ok, NetAddress}; {error, _} = Error -> Error end. @@ -129,17 +129,17 @@ get_tcp_address(Socket) -> accept_loop(Proxy, erts = Type, Listen, Extra) -> process_flag(priority, max), case gen_tcp:accept(Listen) of - {ok, Socket} -> - Extra ! {accept,self(),Socket,inet,proxy}, - receive - {_Kernel, controller, Pid} -> - ok = gen_tcp:controlling_process(Socket, Pid), - flush_old_controller(Pid, Socket), - Pid ! {self(), controller}; - {_Kernel, unsupported_protocol} -> - exit(unsupported_protocol) - end; - Error -> + {ok, Socket} -> + Extra ! {accept,self(),Socket,inet,proxy}, + receive + {_Kernel, controller, Pid} -> + ok = gen_tcp:controlling_process(Socket, Pid), + flush_old_controller(Pid, Socket), + Pid ! {self(), controller}; + {_Kernel, unsupported_protocol} -> + exit(unsupported_protocol) + end; + Error -> exit(Error) end, accept_loop(Proxy, Type, Listen, Extra); @@ -242,7 +242,7 @@ loop_conn(World, Erts) -> ssl:close(World); {ssl_closed, World} -> gen_tcp:close(Erts) - end. + end. get_ssl_options(Type) -> case init:get_argument(ssl_dist_opt) of @@ -255,7 +255,7 @@ get_ssl_options(Type) -> ssl_options(_,[]) -> []; ssl_options(server, ["client_" ++ _, _Value |T]) -> - ssl_options(server,T); + ssl_options(server,T); ssl_options(client, ["server_" ++ _, _Value|T]) -> ssl_options(client,T); ssl_options(server, ["server_certfile", Value|T]) -> @@ -265,7 +265,7 @@ ssl_options(client, ["client_certfile", Value | T]) -> ssl_options(server, ["server_cacertfile", Value|T]) -> [{cacertfile, Value} | ssl_options(server,T)]; ssl_options(client, ["client_cacertfile", Value|T]) -> - [{cacertfile, Value} | ssl_options(client,T)]; + [{cacertfile, Value} | ssl_options(client,T)]; ssl_options(server, ["server_keyfile", Value|T]) -> [{keyfile, Value} | ssl_options(server,T)]; ssl_options(client, ["client_keyfile", Value|T]) -> @@ -277,7 +277,7 @@ ssl_options(client, ["client_password", Value|T]) -> ssl_options(server, ["server_verify", Value|T]) -> [{verify, atomize(Value)} | ssl_options(server,T)]; ssl_options(client, ["client_verify", Value|T]) -> - [{verify, atomize(Value)} | ssl_options(client,T)]; + [{verify, atomize(Value)} | ssl_options(client,T)]; ssl_options(server, ["server_reuse_sessions", Value|T]) -> [{reuse_sessions, atomize(Value)} | ssl_options(server,T)]; ssl_options(client, ["client_reuse_sessions", Value|T]) -> @@ -295,11 +295,11 @@ ssl_options(server, ["server_hibernate_after", Value|T]) -> ssl_options(client, ["client_hibernate_after", Value|T]) -> [{hibernate_after, list_to_integer(Value)} | ssl_options(client,T)]; ssl_options(server, ["server_ciphers", Value|T]) -> - [{ciphers, Value} | ssl_options(server,T)]; + [{ciphers, Value} | ssl_options(server,T)]; ssl_options(client, ["client_ciphers", Value|T]) -> [{ciphers, Value} | ssl_options(client,T)]; ssl_options(server, ["server_dhfile", Value|T]) -> - [{dhfile, Value} | ssl_options(server,T)]; + [{dhfile, Value} | ssl_options(server,T)]; ssl_options(server, ["server_fail_if_no_peer_cert", Value|T]) -> [{fail_if_no_peer_cert, atomize(Value)} | ssl_options(server,T)]; ssl_options(_,_) -> |