aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/src
diff options
context:
space:
mode:
Diffstat (limited to 'lib/ssl/src')
-rw-r--r--lib/ssl/src/ssl_connection.erl8
-rw-r--r--lib/ssl/src/ssl_manager.erl11
2 files changed, 19 insertions, 0 deletions
diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl
index b45c5c8fc6..90e0810241 100644
--- a/lib/ssl/src/ssl_connection.erl
+++ b/lib/ssl/src/ssl_connection.erl
@@ -465,6 +465,14 @@ certify(internal, #certificate{asn1_certificates = []},
Connection:next_record(State0#state{client_certificate_requested = false}),
Connection:next_event(certify, Record, State);
+certify(internal, #certificate{},
+ #state{role = server,
+ negotiated_version = Version,
+ ssl_options = #ssl_options{verify = verify_none}} =
+ State, Connection) ->
+ Alert = ?ALERT_REC(?FATAL,?UNEXPECTED_MESSAGE, unrequested_certificate),
+ Connection:handle_own_alert(Alert, Version, certify, State);
+
certify(internal, #certificate{} = Cert,
#state{negotiated_version = Version,
role = Role,
diff --git a/lib/ssl/src/ssl_manager.erl b/lib/ssl/src/ssl_manager.erl
index 60b4fbe995..c7dcbaabe9 100644
--- a/lib/ssl/src/ssl_manager.erl
+++ b/lib/ssl/src/ssl_manager.erl
@@ -67,6 +67,7 @@
-define(CLEAN_SESSION_DB, 60000).
-define(CLEAN_CERT_DB, 500).
-define(DEFAULT_MAX_SESSION_CACHE, 1000).
+-define(LOAD_MITIGATION, 10).
%%====================================================================
%% API
@@ -196,10 +197,12 @@ register_session(Port, Session) ->
%%--------------------------------------------------------------------
-spec invalidate_session(host(), inet:port_number(), #session{}) -> ok.
invalidate_session(Host, Port, Session) ->
+ load_mitigation(),
cast({invalidate_session, Host, Port, Session}).
-spec invalidate_session(inet:port_number(), #session{}) -> ok.
invalidate_session(Port, Session) ->
+ load_mitigation(),
cast({invalidate_session, Port, Session}).
-spec invalidate_pem(File::binary()) -> ok.
@@ -719,3 +722,11 @@ invalidate_session_cache(undefined, CacheCb, Cache) ->
start_session_validator(Cache, CacheCb, {invalidate_before, erlang:monotonic_time()}, undefined);
invalidate_session_cache(Pid, _CacheCb, _Cache) ->
Pid.
+
+load_mitigation() ->
+ MSec = rand:uniform(?LOAD_MITIGATION),
+ receive
+ after
+ MSec ->
+ continue
+ end.
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-02 03:11:36 +0000