diff options
Diffstat (limited to 'lib/ssl')
-rw-r--r-- | lib/ssl/src/ssl_certificate_db.erl | 41 | ||||
-rw-r--r-- | lib/ssl/src/ssl_connection.erl | 38 | ||||
-rw-r--r-- | lib/ssl/src/ssl_manager.erl | 27 | ||||
-rw-r--r-- | lib/ssl/test/ssl_basic_SUITE.erl | 2 |
4 files changed, 65 insertions, 43 deletions
diff --git a/lib/ssl/src/ssl_certificate_db.erl b/lib/ssl/src/ssl_certificate_db.erl index decc6c9fea..2d729576b0 100644 --- a/lib/ssl/src/ssl_certificate_db.erl +++ b/lib/ssl/src/ssl_certificate_db.erl @@ -27,7 +27,7 @@ -export([create/0, remove/1, add_trusted_certs/3, remove_trusted_certs/2, lookup_trusted_cert/3, issuer_candidate/1, - cache_pem_file/3]). + lookup_cached_certs/1, cache_pem_file/3]). %%==================================================================== %% Internal application API @@ -74,6 +74,9 @@ lookup_trusted_cert(Ref, SerialNumber, Issuer) -> {ok, Certs} end. +lookup_cached_certs(File) -> + ets:lookup(certificate_db_name(), {file, File}). + %%-------------------------------------------------------------------- %% Function: add_trusted_certs(Pid, File, Db) -> {ok, Ref} %% Pid = pid() @@ -90,7 +93,7 @@ add_trusted_certs(Pid, File, [CertsDb, FileToRefDb, PidToFileDb]) -> undefined -> NewRef = make_ref(), add_certs_from_file(File, NewRef, CertsDb), - insert(File, NewRef, 1, FileToRefDb), + insert(File, NewRef, 1, FileToRefDb), NewRef; [OldRef] -> ref_count(File,FileToRefDb,1), @@ -104,14 +107,11 @@ add_trusted_certs(Pid, File, [CertsDb, FileToRefDb, PidToFileDb]) -> %% %% Description: Cache file as binary in DB %%-------------------------------------------------------------------- -cache_pem_file(Pid, File, [_CertsDb, FileToRefDb, PidToFileDb]) -> - try ref_count(File, FileToRefDb,1) - catch _:_ -> - {ok, Content} = public_key:pem_to_der(File), - insert(File,Content,1,FileToRefDb) - end, +cache_pem_file(Pid, File, [CertsDb, _FileToRefDb, PidToFileDb]) -> + Res = {ok, Content} = public_key:pem_to_der(File), + insert({file, File}, Content, CertsDb), insert(Pid, File, PidToFileDb), - {ok, FileToRefDb}. + Res. %%-------------------------------------------------------------------- %% Function: remove_trusted_certs(Pid, Db) -> _ @@ -123,15 +123,16 @@ remove_trusted_certs(Pid, [CertsDb, FileToRefDb, PidToFileDb]) -> Files = lookup(Pid, PidToFileDb), delete(Pid, PidToFileDb), Clear = fun(File) -> - case ref_count(File, FileToRefDb, -1) of - 0 -> - case lookup(File, FileToRefDb) of - [Ref] when is_reference(Ref) -> - remove_certs(Ref, CertsDb); - _ -> ok - end, - delete(File, FileToRefDb); - _ -> + delete({file,File}, CertsDb), + try + 0 = ref_count(File, FileToRefDb, -1), + case lookup(File, FileToRefDb) of + [Ref] when is_reference(Ref) -> + remove_certs(Ref, CertsDb); + _ -> ok + end, + delete(File, FileToRefDb) + catch _:_ -> ok end end, @@ -168,6 +169,8 @@ issuer_candidate(PrevCandidateKey) -> case ets:next(Db, PrevCandidateKey) of '$end_of_table' -> no_more_candidates; + {file, _} = Key -> + issuer_candidate(Key); Key -> [Cert] = lookup(Key, Db), {Key, Cert} @@ -189,7 +192,7 @@ ref_count(Key, Db,N) -> ets:update_counter(Db,Key,N). delete(Key, Db) -> - true = ets:delete(Db, Key). + _ = ets:delete(Db, Key). lookup(Key, Db) -> case ets:lookup(Db, Key) of diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl index 0aed85a9ef..4c8421912b 100644 --- a/lib/ssl/src/ssl_connection.erl +++ b/lib/ssl/src/ssl_connection.erl @@ -978,8 +978,14 @@ init_certificates(#ssl_options{cacertfile = CACertFile, case ssl_manager:connection_init(CACertFile, Role) of {ok, CertDbRef, CacheRef} -> init_certificates(CertDbRef, CacheRef, CertFile, Role); + {error, {badmatch, _Error}} -> + Report = io_lib:format("SSL: Error ~p Initializing: ~p ~n", + [_Error, CACertFile]), + error_logger:error_report(Report), + throw(ecacertfile); {error, _Error} -> - Report = io_lib:format("SSL: Error ~p ~n",[_Error]), + Report = io_lib:format("SSL: Error ~p Initializing: ~p ~n", + [_Error, CACertFile]), error_logger:error_report(Report), throw(ecacertfile) end. @@ -996,12 +1002,18 @@ init_certificates(CertDbRef, CacheRef, CertFile, server) -> try [OwnCert] = ssl_certificate:file_to_certificats(CertFile), {ok, CertDbRef, CacheRef, OwnCert} - catch _E:_R -> - Report = io_lib:format("SSL: ~p: ~p:~p ~p~n", - [?LINE, _E,_R, erlang:get_stacktrace()]), - error_logger:error_report(Report), - throw(ecertfile) - end. + catch + _E:{badmatch, _R={error,_}} -> + Report = io_lib:format("SSL: ~p: ~p:~p ~s~n ~p~n", + [?LINE, _E,_R, CertFile, erlang:get_stacktrace()]), + error_logger:error_report(Report), + throw(ecertfile); + _E:_R -> + Report = io_lib:format("SSL: ~p: ~p:~p ~s~n ~p~n", + [?LINE, _E,_R, CertFile, erlang:get_stacktrace()]), + error_logger:error_report(Report), + throw(ecertfile) + end. init_private_key(undefined, "", _Password, client) -> undefined; @@ -1012,9 +1024,15 @@ init_private_key(undefined, KeyFile, Password, _) -> PKey =:= rsa_private_key orelse PKey =:= dsa_private_key], {ok, Decoded} = public_key:decode_private_key(Der,Password), Decoded - catch _E:_R -> - Report = io_lib:format("SSL: ~p: ~p:~p ~p~n", - [?LINE, _E,_R, erlang:get_stacktrace()]), + catch + _E:{badmatch, _R={error,_}} -> + Report = io_lib:format("SSL: ~p: ~p:~p ~s~n ~p~n", + [?LINE, _E,_R, KeyFile, erlang:get_stacktrace()]), + error_logger:error_report(Report), + throw(ekeyfile); + _E:_R -> + Report = io_lib:format("SSL: ~p: ~p:~p ~s~n ~p~n", + [?LINE, _E,_R, KeyFile, erlang:get_stacktrace()]), error_logger:error_report(Report), throw(ekeyfile) end; diff --git a/lib/ssl/src/ssl_manager.erl b/lib/ssl/src/ssl_manager.erl index 6b83c2ea46..ff20ee6025 100644 --- a/lib/ssl/src/ssl_manager.erl +++ b/lib/ssl/src/ssl_manager.erl @@ -74,13 +74,11 @@ connection_init(TrustedcertsFile, Role) -> call({connection_init, TrustedcertsFile, Role}). cache_pem_file(File) -> - case ets:lookup(ssl_file_to_ref,File) of - [{_,_,Content}] -> + case ssl_certificate_db:lookup_cached_certs(File) of + [{_,Content}] -> {ok, Content}; [] -> - {ok, Db} = call({cache_pem, File}), - [{_,_,Content}] = ets:lookup(Db,File), - {ok, Content} + call({cache_pem, File}) end. %%-------------------------------------------------------------------- @@ -170,13 +168,14 @@ handle_call({{connection_init, TrustedcertsFile, _Role}, Pid}, _From, session_cache = Cache} = State) -> erlang:monitor(process, Pid), Result = - case (catch ssl_certificate_db:add_trusted_certs(Pid, - TrustedcertsFile, - Db)) of - {ok, Ref} -> - {ok, Ref, Cache}; - Error -> - {error, Error} + try + {ok, Ref} = ssl_certificate_db:add_trusted_certs(Pid, TrustedcertsFile, Db), + {ok, Ref, Cache} + catch + _:{badmatch, Error} -> + {error, Error}; + _E:_R -> + {error, {_R,erlang:get_stacktrace()}} end, {reply, Result, State}; @@ -198,7 +197,9 @@ handle_call({{cache_pem, File},Pid}, _, State = #state{certificate_db = Db}) -> try ssl_certificate_db:cache_pem_file(Pid,File,Db) of Result -> {reply, Result, State} - catch _:Reason -> + catch _:{badmatch, Reason} -> + {reply, Reason, State}; + _:Reason -> {reply, {error, Reason}, State} end; diff --git a/lib/ssl/test/ssl_basic_SUITE.erl b/lib/ssl/test/ssl_basic_SUITE.erl index 2b247532ee..79b8b6c672 100644 --- a/lib/ssl/test/ssl_basic_SUITE.erl +++ b/lib/ssl/test/ssl_basic_SUITE.erl @@ -458,7 +458,7 @@ connect_dist(Config) when is_list(Config) -> connect_dist_s(S) -> Msg = term_to_binary({erlang,term}), - ok = ssl:send(S, <<(size(Msg)):32, Msg/binary>>). + ok = ssl:send(S, Msg). connect_dist_c(S) -> Test = binary_to_list(term_to_binary({erlang,term})), |