From 3dab268b2507e296eaae420086c9604397e37349 Mon Sep 17 00:00:00 2001
From: Dan Gudmundsson <dgud@erlang.org>
Date: Fri, 20 Apr 2012 13:05:17 +0200
Subject: ssl: Use md5 as file ref id instead of filenames

Aviods storing a lot of data
---
 lib/ssl/src/ssl_certificate_db.erl | 38 ++++++++++++++++++++------------------
 lib/ssl/src/ssl_connection.erl     |  9 +--------
 2 files changed, 21 insertions(+), 26 deletions(-)

diff --git a/lib/ssl/src/ssl_certificate_db.erl b/lib/ssl/src/ssl_certificate_db.erl
index cb2473576a..ed6e94d445 100644
--- a/lib/ssl/src/ssl_certificate_db.erl
+++ b/lib/ssl/src/ssl_certificate_db.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2007-2011. All Rights Reserved.
+%% Copyright Ericsson AB 2007-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -73,7 +73,7 @@ lookup_trusted_cert(DbHandle, Ref, SerialNumber, Issuer) ->
     end.
 
 lookup_cached_certs(DbHandle, File) ->
-    ets:lookup(DbHandle, {file, File}).
+    ets:lookup(DbHandle, {file, crypto:md5(File)}).
 
 %%--------------------------------------------------------------------
 -spec add_trusted_certs(pid(), string() | {der, list()}, [db_handle()]) -> {ok, [db_handle()]}.
@@ -87,17 +87,18 @@ add_trusted_certs(_Pid, {der, DerList}, [CerDb, _,_]) ->
     add_certs_from_der(DerList, NewRef, CerDb),
     {ok, NewRef};
 add_trusted_certs(Pid, File, [CertsDb, FileToRefDb, PidToFileDb]) ->
-    Ref = case lookup(File, FileToRefDb) of
+    MD5 = crypto:md5(File),
+    Ref = case lookup(MD5, FileToRefDb) of
 	      undefined ->
 		  NewRef = make_ref(),
 		  add_certs_from_file(File, NewRef, CertsDb),
-		  insert(File, NewRef, 1, FileToRefDb),
+		  insert(MD5, NewRef, 1, FileToRefDb),
 		  NewRef;
 	      [OldRef] ->
-		  ref_count(File,FileToRefDb,1),
+		  ref_count(MD5,FileToRefDb,1),
 		  OldRef
 	  end,
-    insert(Pid, File, PidToFileDb),
+    insert(Pid, MD5, PidToFileDb),
     {ok, Ref}.
 %%--------------------------------------------------------------------
 -spec cache_pem_file(pid(), string(), time(), [db_handle()]) -> term().
@@ -107,8 +108,9 @@ add_trusted_certs(Pid, File, [CertsDb, FileToRefDb, PidToFileDb]) ->
 cache_pem_file(Pid, File, Time, [CertsDb, _FileToRefDb, PidToFileDb]) ->
     {ok, PemBin} = file:read_file(File), 
     Content = public_key:pem_decode(PemBin),
-    insert({file, File}, {Time, Content}, CertsDb),
-    insert(Pid, File, PidToFileDb),
+    MD5 = crypto:md5(File),
+    insert({file, MD5}, {Time, Content}, CertsDb),
+    insert(Pid, MD5, PidToFileDb),
     {ok, Content}.
 
 %--------------------------------------------------------------------
@@ -122,7 +124,7 @@ cache_pem_file(Pid, File, Time, [CertsDb, _FileToRefDb, PidToFileDb]) ->
 %% but with different content.
 %% --------------------------------------------------------------------
 uncache_pem_file(File, [_CertsDb, _FileToRefDb, PidToFileDb]) ->
-    Pids = select(PidToFileDb, [{{'$1', File},[],['$$']}]),
+    Pids = select(PidToFileDb, [{{'$1', crypto:md5(File)},[],['$$']}]),
     lists:foreach(fun([Pid]) ->
 			  exit(Pid, shutdown)
 		  end, Pids).
@@ -135,26 +137,26 @@ uncache_pem_file(File, [_CertsDb, _FileToRefDb, PidToFileDb]) ->
 %% the file associated to Pid from the runtime database.  
 %%--------------------------------------------------------------------
 remove_trusted_certs(Pid, [CertsDb, FileToRefDb, PidToFileDb]) ->
-    Files = lookup(Pid, PidToFileDb),
+    FileMD5s = lookup(Pid, PidToFileDb),
     delete(Pid, PidToFileDb),
-    Clear = fun(File) ->
-		    delete({file,File}, CertsDb),
+    Clear = fun(MD5) ->
+		    delete({file,MD5}, CertsDb),
 		    try
-			0 = ref_count(File, FileToRefDb, -1),
-			case lookup(File, FileToRefDb) of
+			0 = ref_count(MD5, FileToRefDb, -1),
+			case lookup(MD5, FileToRefDb) of
 			    [Ref] when is_reference(Ref) ->
 				remove_certs(Ref, CertsDb);
 			    _ -> ok
 			end,
-			delete(File, FileToRefDb)
+			delete(MD5, FileToRefDb)
 		    catch _:_ ->
 			    ok
 		    end
 	    end,
-    case Files of 
+    case FileMD5s of
 	undefined -> ok;
-	_ -> 
-	    [Clear(File) || File <- Files],
+	_ ->
+	    [Clear(FileMD5) || FileMD5 <- FileMD5s],
 	    ok
     end.
 
diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl
index cadc7f4185..3541c9371a 100644
--- a/lib/ssl/src/ssl_connection.erl
+++ b/lib/ssl/src/ssl_connection.erl
@@ -320,14 +320,7 @@ init([Role, Host, Port, Socket, {SSLOpts0, _} = Options,  User, CbInfo]) ->
 	throw:Error ->
 	    gen_fsm:enter_loop(?MODULE, [], error, {Error,State0}, get_timeout(State0))
     end.
-   
-%%--------------------------------------------------------------------
-%% Description:There should be one instance of this function for each
-%% possible state name. Whenever a gen_fsm receives an event sent
-%% using gen_fsm:send_event/2, the instance of this function with the
-%% same name as the current state name StateName is called to handle
-%% the event. It is also called if a timeout occurs.
-%%
+
 %%--------------------------------------------------------------------
 %% Description:There should be one instance of this function for each
 %% possible state name. Whenever a gen_fsm receives an event sent
-- 
cgit v1.2.3