aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/src
diff options
context:
space:
mode:
Diffstat (limited to 'lib/ssl/src')
-rw-r--r--lib/ssl/src/ssl_connection.erl6
-rw-r--r--lib/ssl/src/tls_connection.erl13
2 files changed, 16 insertions, 3 deletions
diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl
index 57fa1b904e..a7657c829a 100644
--- a/lib/ssl/src/ssl_connection.erl
+++ b/lib/ssl/src/ssl_connection.erl
@@ -1920,9 +1920,11 @@ prepare_connection(#state{renegotiation = Renegotiate,
start_or_recv_from = RecvFrom} = State0, Connection)
when Renegotiate =/= {false, first},
RecvFrom =/= undefined ->
- {Record, State} = Connection:next_record(State0),
+ State1 = Connection:reinit_handshake_data(State0),
+ {Record, State} = Connection:next_record(State1),
{Record, ack_connection(State)};
-prepare_connection(State, _) ->
+prepare_connection(State0, Connection) ->
+ State = Connection:reinit_handshake_data(State0),
{no_record, ack_connection(State)}.
ack_connection(#state{renegotiation = {true, Initiater}} = State)
diff --git a/lib/ssl/src/tls_connection.erl b/lib/ssl/src/tls_connection.erl
index 2193fc18c2..208edc644a 100644
--- a/lib/ssl/src/tls_connection.erl
+++ b/lib/ssl/src/tls_connection.erl
@@ -49,7 +49,8 @@
-export([next_record/1, next_event/3]).
%% Handshake handling
--export([renegotiate/2, send_handshake/2, send_change_cipher/2]).
+-export([renegotiate/2, send_handshake/2, send_change_cipher/2,
+ reinit_handshake_data/1]).
%% Alert and close handling
-export([send_alert/2, handle_own_alert/4, handle_close_alert/3,
@@ -131,6 +132,16 @@ send_change_cipher(Msg, #state{connection_states = ConnectionStates0,
Transport:send(Socket, BinChangeCipher),
State0#state{connection_states = ConnectionStates}.
+reinit_handshake_data(State) ->
+ %% premaster_secret, public_key_info and tls_handshake_info
+ %% are only needed during the handshake phase.
+ %% To reduce memory foot print of a connection reinitialize them.
+ State#state{
+ premaster_secret = undefined,
+ public_key_info = undefined,
+ tls_handshake_history = ssl_handshake:init_handshake_history()
+ }.
+
%%====================================================================
%% tls_connection_sup API
%%====================================================================