1 files changed, 43 insertions, 32 deletions
diff --git a/lib/ssl/src/ssl_manager.erl b/lib/ssl/src/ssl_manager.erl
index 725a085d1f..6a44ef8c3e 100644
--- a/lib/ssl/src/ssl_manager.erl
+++ b/lib/ssl/src/ssl_manager.erl
@@ -27,10 +27,10 @@
 -include("ssl_internal.hrl").
 
 %% Internal application API
--export([start_link/1, 
+-export([start_link/1, start_link_dist/1,
 	 connection_init/2, cache_pem_file/2,
-	 lookup_trusted_cert/4, issuer_candidate/2, client_session_id/4,
-	 server_session_id/4,
+	 lookup_trusted_cert/4,
+	 client_session_id/4, server_session_id/4,
 	 register_session/2, register_session/3, invalidate_session/2,
 	 invalidate_session/3]).
 
@@ -66,10 +66,20 @@
 %%--------------------------------------------------------------------
 -spec start_link(list()) -> {ok, pid()} | ignore | {error, term()}.
 %%
-%% Description: Starts the server
+%% Description: Starts the ssl manager that takes care of sessions
+%% and certificate caching.
 %%--------------------------------------------------------------------
 start_link(Opts) ->
-    gen_server:start_link({local, ?MODULE}, ?MODULE, [Opts], []).
+    gen_server:start_link({local, ?MODULE}, ?MODULE, [?MODULE, Opts], []).
+
+%%--------------------------------------------------------------------
+-spec start_link_dist(list()) -> {ok, pid()} | ignore | {error, term()}.
+%%
+%% Description: Starts a special instance of the ssl manager to
+%% be used by the erlang distribution. Note disables soft upgrade!
+%%--------------------------------------------------------------------
+start_link_dist(Opts) ->
+    gen_server:start_link({local, ssl_manager_dist}, ?MODULE, [ssl_manager_dist, Opts], []).
 
 %%--------------------------------------------------------------------
 -spec connection_init(string()| {der, list()}, client | server) ->
@@ -102,16 +112,7 @@ cache_pem_file(File, DbHandle) ->
 %% --------------------------------------------------------------------
 lookup_trusted_cert(DbHandle, Ref, SerialNumber, Issuer) ->
     ssl_certificate_db:lookup_trusted_cert(DbHandle, Ref, SerialNumber, Issuer).
-%%--------------------------------------------------------------------
--spec issuer_candidate(cert_key() | no_candidate, term()) ->
-			      {cert_key(),
-			       {der_cert(),
-				#'OTPCertificate'{}}} | no_more_candidates.
-%%
-%% Description: Return next issuer candidate.
-%%--------------------------------------------------------------------
-issuer_candidate(PrevCandidateKey, DbHandle) ->
-    ssl_certificate_db:issuer_candidate(PrevCandidateKey, DbHandle).
+
 %%--------------------------------------------------------------------
 -spec client_session_id(host(), inet:port_number(), #ssl_options{},
 			der_cert() | undefined) -> session_id().
@@ -166,7 +167,8 @@ invalidate_session(Port, Session) ->
 %%
 %% Description: Initiates the server
 %%--------------------------------------------------------------------
-init([Opts]) ->
+init([Name, Opts]) ->
+    put(ssl_manager, Name),
     process_flag(trap_exit, true),
     CacheCb = proplists:get_value(session_cb, Opts, ssl_session_cache),
     SessionLifeTime =  
@@ -267,25 +269,16 @@ handle_cast({register_session, Port, Session},
     CacheCb:update(Cache, {Port, NewSession#session.session_id}, NewSession),
     {noreply, State};
 
-%%% When a session is invalidated we need to wait a while before deleting
-%%% it as there might be pending connections that rightfully needs to look
-%%% up the session data but new connections should not get to use this session.
 handle_cast({invalidate_session, Host, Port,
 	     #session{session_id = ID} = Session},
 	    #state{session_cache = Cache,
 		   session_cache_cb = CacheCb} = State) ->
-    CacheCb:update(Cache, {{Host, Port}, ID}, Session#session{is_resumable = false}),
-    TRef =
-	erlang:send_after(delay_time(), self(), {delayed_clean_session, {{Host, Port}, ID}}),
-    {noreply, State#state{last_delay_timer = TRef}};
+    invalidate_session(Cache, CacheCb, {{Host, Port}, ID}, Session, State);
 
 handle_cast({invalidate_session, Port, #session{session_id = ID} = Session},
 	    #state{session_cache = Cache,
 		   session_cache_cb = CacheCb} = State) ->
-    CacheCb:update(Cache, {Port, ID}, Session#session{is_resumable = false}),
-    TRef =
-	erlang:send_after(delay_time(), self(), {delayed_clean_session, {Port, ID}}),
-    {noreply, State#state{last_delay_timer = TRef}};
+    invalidate_session(Cache, CacheCb, {Port, ID}, Session, State);
 
 handle_cast({recache_pem, File, LastWrite, Pid, From},
 	    #state{certificate_db = [_, FileToRefDb, _]} = State0) ->
@@ -309,7 +302,7 @@ handle_cast({recache_pem, File, LastWrite, Pid, From},
 %%				      {stop, reason(), #state{}}.
 %%
 %% Description: Handling all non call/cast messages
-%%-------------------------------------------------------------------- 
+%%-------------------------------------------------------------------
 handle_info(validate_sessions, #state{session_cache_cb = CacheCb,
 				      session_cache = Cache,
 				      session_lifetime = LifeTime
@@ -376,10 +369,10 @@ code_change(_OldVsn, State, _Extra) ->
 %%% Internal functions
 %%--------------------------------------------------------------------
 call(Msg) ->
-    gen_server:call(?MODULE, {Msg, self()}, infinity).
+    gen_server:call(get(ssl_manager), {Msg, self()}, infinity).
 
 cast(Msg) ->
-    gen_server:cast(?MODULE, Msg).
+    gen_server:cast(get(ssl_manager), Msg).
  
 validate_session(Host, Port, Session, LifeTime) ->
     case ssl_session:valid_session(Session, LifeTime) of
@@ -399,9 +392,10 @@ validate_session(Port, Session, LifeTime) ->
 		    
 start_session_validator(Cache, CacheCb, LifeTime) ->
     spawn_link(?MODULE, init_session_validator, 
-	       [[Cache, CacheCb, LifeTime]]).
+	       [[get(ssl_manager), Cache, CacheCb, LifeTime]]).
 
-init_session_validator([Cache, CacheCb, LifeTime]) ->
+init_session_validator([SslManagerName, Cache, CacheCb, LifeTime]) ->
+    put(ssl_manager, SslManagerName),
     CacheCb:foldl(fun session_validation/2,
 		  LifeTime, Cache).
 
@@ -432,3 +426,20 @@ delay_time() ->
 	_ ->
 	   ?CLEAN_SESSION_DB
     end.
+
+invalidate_session(Cache, CacheCb, Key, Session, State) ->
+    case CacheCb:lookup(Cache, Key) of
+	undefined -> %% Session is already invalidated
+	    {noreply, State};
+	#session{is_resumable = new} ->
+	    CacheCb:delete(Cache, Key),
+	    {noreply, State};
+	_ ->
+	    %% When a registered session is invalidated we need to wait a while before deleting
+	    %% it as there might be pending connections that rightfully needs to look
+	    %% up the session data but new connections should not get to use this session.
+	    CacheCb:update(Cache, Key, Session#session{is_resumable = false}),
+	    TRef =
+		erlang:send_after(delay_time(), self(), {delayed_clean_session, Key}),
+	    {noreply, State#state{last_delay_timer = TRef}}
+    end.