aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl
diff options
context:
space:
mode:
Diffstat (limited to 'lib/ssl')
-rw-r--r--lib/ssl/src/ssl_certificate_db.erl41
-rw-r--r--lib/ssl/src/ssl_connection.erl38
-rw-r--r--lib/ssl/src/ssl_manager.erl27
-rw-r--r--lib/ssl/test/ssl_basic_SUITE.erl2
4 files changed, 65 insertions, 43 deletions
diff --git a/lib/ssl/src/ssl_certificate_db.erl b/lib/ssl/src/ssl_certificate_db.erl
index decc6c9fea..2d729576b0 100644
--- a/lib/ssl/src/ssl_certificate_db.erl
+++ b/lib/ssl/src/ssl_certificate_db.erl
@@ -27,7 +27,7 @@
-export([create/0, remove/1, add_trusted_certs/3,
remove_trusted_certs/2, lookup_trusted_cert/3, issuer_candidate/1,
- cache_pem_file/3]).
+ lookup_cached_certs/1, cache_pem_file/3]).
%%====================================================================
%% Internal application API
@@ -74,6 +74,9 @@ lookup_trusted_cert(Ref, SerialNumber, Issuer) ->
{ok, Certs}
end.
+lookup_cached_certs(File) ->
+ ets:lookup(certificate_db_name(), {file, File}).
+
%%--------------------------------------------------------------------
%% Function: add_trusted_certs(Pid, File, Db) -> {ok, Ref}
%% Pid = pid()
@@ -90,7 +93,7 @@ add_trusted_certs(Pid, File, [CertsDb, FileToRefDb, PidToFileDb]) ->
undefined ->
NewRef = make_ref(),
add_certs_from_file(File, NewRef, CertsDb),
- insert(File, NewRef, 1, FileToRefDb),
+ insert(File, NewRef, 1, FileToRefDb),
NewRef;
[OldRef] ->
ref_count(File,FileToRefDb,1),
@@ -104,14 +107,11 @@ add_trusted_certs(Pid, File, [CertsDb, FileToRefDb, PidToFileDb]) ->
%%
%% Description: Cache file as binary in DB
%%--------------------------------------------------------------------
-cache_pem_file(Pid, File, [_CertsDb, FileToRefDb, PidToFileDb]) ->
- try ref_count(File, FileToRefDb,1)
- catch _:_ ->
- {ok, Content} = public_key:pem_to_der(File),
- insert(File,Content,1,FileToRefDb)
- end,
+cache_pem_file(Pid, File, [CertsDb, _FileToRefDb, PidToFileDb]) ->
+ Res = {ok, Content} = public_key:pem_to_der(File),
+ insert({file, File}, Content, CertsDb),
insert(Pid, File, PidToFileDb),
- {ok, FileToRefDb}.
+ Res.
%%--------------------------------------------------------------------
%% Function: remove_trusted_certs(Pid, Db) -> _
@@ -123,15 +123,16 @@ remove_trusted_certs(Pid, [CertsDb, FileToRefDb, PidToFileDb]) ->
Files = lookup(Pid, PidToFileDb),
delete(Pid, PidToFileDb),
Clear = fun(File) ->
- case ref_count(File, FileToRefDb, -1) of
- 0 ->
- case lookup(File, FileToRefDb) of
- [Ref] when is_reference(Ref) ->
- remove_certs(Ref, CertsDb);
- _ -> ok
- end,
- delete(File, FileToRefDb);
- _ ->
+ delete({file,File}, CertsDb),
+ try
+ 0 = ref_count(File, FileToRefDb, -1),
+ case lookup(File, FileToRefDb) of
+ [Ref] when is_reference(Ref) ->
+ remove_certs(Ref, CertsDb);
+ _ -> ok
+ end,
+ delete(File, FileToRefDb)
+ catch _:_ ->
ok
end
end,
@@ -168,6 +169,8 @@ issuer_candidate(PrevCandidateKey) ->
case ets:next(Db, PrevCandidateKey) of
'$end_of_table' ->
no_more_candidates;
+ {file, _} = Key ->
+ issuer_candidate(Key);
Key ->
[Cert] = lookup(Key, Db),
{Key, Cert}
@@ -189,7 +192,7 @@ ref_count(Key, Db,N) ->
ets:update_counter(Db,Key,N).
delete(Key, Db) ->
- true = ets:delete(Db, Key).
+ _ = ets:delete(Db, Key).
lookup(Key, Db) ->
case ets:lookup(Db, Key) of
diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl
index 0aed85a9ef..4c8421912b 100644
--- a/lib/ssl/src/ssl_connection.erl
+++ b/lib/ssl/src/ssl_connection.erl
@@ -978,8 +978,14 @@ init_certificates(#ssl_options{cacertfile = CACertFile,
case ssl_manager:connection_init(CACertFile, Role) of
{ok, CertDbRef, CacheRef} ->
init_certificates(CertDbRef, CacheRef, CertFile, Role);
+ {error, {badmatch, _Error}} ->
+ Report = io_lib:format("SSL: Error ~p Initializing: ~p ~n",
+ [_Error, CACertFile]),
+ error_logger:error_report(Report),
+ throw(ecacertfile);
{error, _Error} ->
- Report = io_lib:format("SSL: Error ~p ~n",[_Error]),
+ Report = io_lib:format("SSL: Error ~p Initializing: ~p ~n",
+ [_Error, CACertFile]),
error_logger:error_report(Report),
throw(ecacertfile)
end.
@@ -996,12 +1002,18 @@ init_certificates(CertDbRef, CacheRef, CertFile, server) ->
try
[OwnCert] = ssl_certificate:file_to_certificats(CertFile),
{ok, CertDbRef, CacheRef, OwnCert}
- catch _E:_R ->
- Report = io_lib:format("SSL: ~p: ~p:~p ~p~n",
- [?LINE, _E,_R, erlang:get_stacktrace()]),
- error_logger:error_report(Report),
- throw(ecertfile)
- end.
+ catch
+ _E:{badmatch, _R={error,_}} ->
+ Report = io_lib:format("SSL: ~p: ~p:~p ~s~n ~p~n",
+ [?LINE, _E,_R, CertFile, erlang:get_stacktrace()]),
+ error_logger:error_report(Report),
+ throw(ecertfile);
+ _E:_R ->
+ Report = io_lib:format("SSL: ~p: ~p:~p ~s~n ~p~n",
+ [?LINE, _E,_R, CertFile, erlang:get_stacktrace()]),
+ error_logger:error_report(Report),
+ throw(ecertfile)
+ end.
init_private_key(undefined, "", _Password, client) ->
undefined;
@@ -1012,9 +1024,15 @@ init_private_key(undefined, KeyFile, Password, _) ->
PKey =:= rsa_private_key orelse PKey =:= dsa_private_key],
{ok, Decoded} = public_key:decode_private_key(Der,Password),
Decoded
- catch _E:_R ->
- Report = io_lib:format("SSL: ~p: ~p:~p ~p~n",
- [?LINE, _E,_R, erlang:get_stacktrace()]),
+ catch
+ _E:{badmatch, _R={error,_}} ->
+ Report = io_lib:format("SSL: ~p: ~p:~p ~s~n ~p~n",
+ [?LINE, _E,_R, KeyFile, erlang:get_stacktrace()]),
+ error_logger:error_report(Report),
+ throw(ekeyfile);
+ _E:_R ->
+ Report = io_lib:format("SSL: ~p: ~p:~p ~s~n ~p~n",
+ [?LINE, _E,_R, KeyFile, erlang:get_stacktrace()]),
error_logger:error_report(Report),
throw(ekeyfile)
end;
diff --git a/lib/ssl/src/ssl_manager.erl b/lib/ssl/src/ssl_manager.erl
index 6b83c2ea46..ff20ee6025 100644
--- a/lib/ssl/src/ssl_manager.erl
+++ b/lib/ssl/src/ssl_manager.erl
@@ -74,13 +74,11 @@ connection_init(TrustedcertsFile, Role) ->
call({connection_init, TrustedcertsFile, Role}).
cache_pem_file(File) ->
- case ets:lookup(ssl_file_to_ref,File) of
- [{_,_,Content}] ->
+ case ssl_certificate_db:lookup_cached_certs(File) of
+ [{_,Content}] ->
{ok, Content};
[] ->
- {ok, Db} = call({cache_pem, File}),
- [{_,_,Content}] = ets:lookup(Db,File),
- {ok, Content}
+ call({cache_pem, File})
end.
%%--------------------------------------------------------------------
@@ -170,13 +168,14 @@ handle_call({{connection_init, TrustedcertsFile, _Role}, Pid}, _From,
session_cache = Cache} = State) ->
erlang:monitor(process, Pid),
Result =
- case (catch ssl_certificate_db:add_trusted_certs(Pid,
- TrustedcertsFile,
- Db)) of
- {ok, Ref} ->
- {ok, Ref, Cache};
- Error ->
- {error, Error}
+ try
+ {ok, Ref} = ssl_certificate_db:add_trusted_certs(Pid, TrustedcertsFile, Db),
+ {ok, Ref, Cache}
+ catch
+ _:{badmatch, Error} ->
+ {error, Error};
+ _E:_R ->
+ {error, {_R,erlang:get_stacktrace()}}
end,
{reply, Result, State};
@@ -198,7 +197,9 @@ handle_call({{cache_pem, File},Pid}, _, State = #state{certificate_db = Db}) ->
try ssl_certificate_db:cache_pem_file(Pid,File,Db) of
Result ->
{reply, Result, State}
- catch _:Reason ->
+ catch _:{badmatch, Reason} ->
+ {reply, Reason, State};
+ _:Reason ->
{reply, {error, Reason}, State}
end;
diff --git a/lib/ssl/test/ssl_basic_SUITE.erl b/lib/ssl/test/ssl_basic_SUITE.erl
index 2b247532ee..79b8b6c672 100644
--- a/lib/ssl/test/ssl_basic_SUITE.erl
+++ b/lib/ssl/test/ssl_basic_SUITE.erl
@@ -458,7 +458,7 @@ connect_dist(Config) when is_list(Config) ->
connect_dist_s(S) ->
Msg = term_to_binary({erlang,term}),
- ok = ssl:send(S, <<(size(Msg)):32, Msg/binary>>).
+ ok = ssl:send(S, Msg).
connect_dist_c(S) ->
Test = binary_to_list(term_to_binary({erlang,term})),