From 89fcf133d7f0233780cdd6c069214d52e26b5f2b Mon Sep 17 00:00:00 2001
From: Ingela Anderton Andin <ingela@erlang.org>
Date: Tue, 31 Jan 2017 17:04:27 +0100
Subject: ssl: Simplify configuration code

Use map instead of large tuple, which was not an option when the code
was written originally. More simplifications along these lines may
be done later to the state record.
---
 lib/ssl/src/ssl_config.erl     | 44 +++++++++++++++++++-----------------------
 lib/ssl/src/ssl_connection.erl | 39 ++++++++++++++++++++++++-------------
 lib/ssl/src/ssl_manager.erl    | 24 ++++++++++++++---------
 3 files changed, 61 insertions(+), 46 deletions(-)

diff --git a/lib/ssl/src/ssl_config.erl b/lib/ssl/src/ssl_config.erl
index 4926a146fe..09d4c3e678 100644
--- a/lib/ssl/src/ssl_config.erl
+++ b/lib/ssl/src/ssl_config.erl
@@ -32,13 +32,13 @@ init(SslOpts, Role) ->
     
     init_manager_name(SslOpts#ssl_options.erl_dist),
 
-    {ok, CertDbRef, CertDbHandle, FileRefHandle, PemCacheHandle, CacheHandle, CRLDbHandle, OwnCert} 
+    {ok, #{pem_cache := PemCache} = Config} 
 	= init_certificates(SslOpts, Role),
     PrivateKey =
-	init_private_key(PemCacheHandle, SslOpts#ssl_options.key, SslOpts#ssl_options.keyfile,
+	init_private_key(PemCache, SslOpts#ssl_options.key, SslOpts#ssl_options.keyfile,
 			 SslOpts#ssl_options.password, Role),
-    DHParams = init_diffie_hellman(PemCacheHandle, SslOpts#ssl_options.dh, SslOpts#ssl_options.dhfile, Role),
-    {ok, CertDbRef, CertDbHandle, FileRefHandle, CacheHandle, CRLDbHandle, OwnCert, PrivateKey, DHParams}.
+    DHParams = init_diffie_hellman(PemCache, SslOpts#ssl_options.dh, SslOpts#ssl_options.dhfile, Role),
+    {ok, Config#{private_key => PrivateKey, dh_params => DHParams}}.
 
 init_manager_name(false) ->
     put(ssl_manager, ssl_manager:name(normal)),
@@ -53,7 +53,7 @@ init_certificates(#ssl_options{cacerts = CaCerts,
 			       cert = Cert,
 			       crl_cache = CRLCache
 			      }, Role) ->
-    {ok, CertDbRef, CertDbHandle, FileRefHandle, PemCacheHandle, CacheHandle, CRLDbInfo} =
+    {ok, Config} =
 	try 
 	    Certs = case CaCerts of
 			undefined ->
@@ -61,41 +61,37 @@ init_certificates(#ssl_options{cacerts = CaCerts,
 			_ ->
 			    {der, CaCerts}
 		    end,
-	    {ok, _, _, _, _, _, _} = ssl_manager:connection_init(Certs, Role, CRLCache)
+	    {ok,_} = ssl_manager:connection_init(Certs, Role, CRLCache)
 	catch
 	    _:Reason ->
 		file_error(CACertFile, {cacertfile, Reason})
 	end,
-    init_certificates(Cert, CertDbRef, CertDbHandle, FileRefHandle, PemCacheHandle, 
-		      CacheHandle, CRLDbInfo, CertFile, Role).
+    init_certificates(Cert, Config, CertFile, Role).
 
-init_certificates(undefined, CertDbRef, CertDbHandle, FileRefHandle, PemCacheHandle, CacheHandle, 
-		  CRLDbInfo, <<>>, _) ->
-    {ok, CertDbRef, CertDbHandle, FileRefHandle, PemCacheHandle, CacheHandle, CRLDbInfo, undefined};
+init_certificates(undefined, Config, <<>>, _) ->
+    {ok, Config#{own_certificate => undefined}};
 
-init_certificates(undefined, CertDbRef, CertDbHandle, FileRefHandle, PemCacheHandle, 
-		  CacheHandle, CRLDbInfo, CertFile, client) ->
+init_certificates(undefined, #{pem_cache := PemCache} = Config, CertFile, client) ->
     try 
 	%% Ignoring potential proxy-certificates see: 
 	%% http://dev.globus.org/wiki/Security/ProxyFileFormat
-	[OwnCert|_] = ssl_certificate:file_to_certificats(CertFile, PemCacheHandle),
-	{ok, CertDbRef, CertDbHandle, FileRefHandle, PemCacheHandle, CacheHandle, CRLDbInfo, OwnCert}
+	[OwnCert|_] = ssl_certificate:file_to_certificats(CertFile, PemCache),
+	{ok, Config#{own_certificate => OwnCert}}
     catch _Error:_Reason  ->
-	    {ok, CertDbRef, CertDbHandle, FileRefHandle, PemCacheHandle, CacheHandle, CRLDbInfo, undefined}
-    end;
+	    {ok, Config#{own_certificate => undefined}}
+    end; 
 
-init_certificates(undefined, CertDbRef, CertDbHandle, FileRefHandle, 
-		  PemCacheHandle, CacheRef, CRLDbInfo, CertFile, server) ->
+init_certificates(undefined, #{pem_cache := PemCache} = Config, CertFile, server) ->
     try
-	[OwnCert|_] = ssl_certificate:file_to_certificats(CertFile, PemCacheHandle),
-	{ok, CertDbRef, CertDbHandle, FileRefHandle, PemCacheHandle, CacheRef, CRLDbInfo, OwnCert}
+	[OwnCert|_] = ssl_certificate:file_to_certificats(CertFile, PemCache),
+	{ok, Config#{own_certificate => OwnCert}}
     catch
 	_:Reason ->
 	    file_error(CertFile, {certfile, Reason})	    
     end;
-init_certificates(Cert, CertDbRef, CertDbHandle, FileRefHandle, PemCacheHandle, CacheRef, CRLDbInfo, _, _) ->
-    {ok, CertDbRef, CertDbHandle, FileRefHandle, PemCacheHandle, CacheRef, CRLDbInfo, Cert}.
-
+init_certificates(Cert, Config, _, _) ->
+    {ok, Config#{own_certificate => Cert}}.
+        
 init_private_key(_, undefined, <<>>, _Password, _Client) ->
     undefined;
 init_private_key(DbHandle, undefined, KeyFile, Password, _) ->
diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl
index 6ed2fc83da..4fbac4cad3 100644
--- a/lib/ssl/src/ssl_connection.erl
+++ b/lib/ssl/src/ssl_connection.erl
@@ -323,8 +323,14 @@ handle_session(#server_hello{cipher_suite = CipherSuite,
 -spec ssl_config(#ssl_options{}, client | server, #state{}) -> #state{}.
 %%--------------------------------------------------------------------
 ssl_config(Opts, Role, State) ->
-    {ok, Ref, CertDbHandle, FileRefHandle, CacheHandle, CRLDbInfo, 
-     OwnCert, Key, DHParams} = 
+    {ok, #{cert_db_ref := Ref, 
+           cert_db_handle := CertDbHandle, 
+           fileref_db_handle := FileRefHandle, 
+           session_cache := CacheHandle, 
+           crl_db_info := CRLDbHandle,
+           private_key := Key,
+           dh_params := DHParams,
+           own_certificate := OwnCert}} =
 	ssl_config:init(Opts, Role), 
     Handshake = ssl_handshake:init_handshake_history(),
     TimeStamp = erlang:monotonic_time(),
@@ -335,7 +341,7 @@ ssl_config(Opts, Role, State) ->
 		file_ref_db = FileRefHandle,
 		cert_db_ref = Ref,
 		cert_db = CertDbHandle,
-		crl_db = CRLDbInfo,
+		crl_db = CRLDbHandle,
 		session_cache = CacheHandle,
 		private_key = Key,
 		diffie_hellman_params = DHParams,
@@ -2428,16 +2434,23 @@ handle_sni_extension(#sni{hostname = Hostname}, State0) ->
 	undefined ->
 	    State0;
 	_ ->
-	    {ok, Ref, CertDbHandle, FileRefHandle, CacheHandle, CRLDbHandle, OwnCert, Key, DHParams} = 
-		ssl_config:init(NewOptions, State0#state.role),
-	    State0#state{
-	      session = State0#state.session#session{own_certificate = OwnCert},
-	      file_ref_db = FileRefHandle,
-	      cert_db_ref = Ref,
-	      cert_db = CertDbHandle,
-	      crl_db = CRLDbHandle,
-	      session_cache = CacheHandle,
-	      private_key = Key,
+	    {ok, #{cert_db_ref := Ref, 
+                   cert_db_handle := CertDbHandle, 
+                   fileref_db_handle := FileRefHandle, 
+                   session_cache := CacheHandle, 
+                   crl_db_info := CRLDbHandle,
+                   private_key := Key,
+                   dh_params := DHParams,
+                   own_certificate := OwnCert}} =
+                 ssl_config:init(NewOptions, State0#state.role),
+             State0#state{
+               session = State0#state.session#session{own_certificate = OwnCert},
+               file_ref_db = FileRefHandle,
+               cert_db_ref = Ref,
+               cert_db = CertDbHandle,
+               crl_db = CRLDbHandle,
+               session_cache = CacheHandle,
+               private_key = Key,
 	      diffie_hellman_params = DHParams,
 	      ssl_options = NewOptions,
 	      sni_hostname = Hostname
diff --git a/lib/ssl/src/ssl_manager.erl b/lib/ssl/src/ssl_manager.erl
index 3b2ddeaa56..2b82f18bb5 100644
--- a/lib/ssl/src/ssl_manager.erl
+++ b/lib/ssl/src/ssl_manager.erl
@@ -107,8 +107,7 @@ start_link_dist(Opts) ->
 %%--------------------------------------------------------------------
 -spec connection_init(binary()| {der, list()}, client | server, 
 		      {Cb :: atom(), Handle:: term()}) ->
-			     {ok, certdb_ref(), db_handle(), db_handle(), 
-			      db_handle(), db_handle(), CRLInfo::term()}.
+			     {ok, map()}.
 %%			     
 %% Description: Do necessary initializations for a new connection.
 %%--------------------------------------------------------------------
@@ -261,18 +260,25 @@ init([ManagerName, PemCacheName, Opts]) ->
 handle_call({{connection_init, <<>>, Role, {CRLCb, UserCRLDb}}, _Pid}, _From,
 	    #state{certificate_db = [CertDb, FileRefDb, PemChace | _] = Db} = State) ->
     Ref = make_ref(), 
-    Result = {ok, Ref, CertDb, FileRefDb, PemChace, 
-	      session_cache(Role, State), {CRLCb, crl_db_info(Db, UserCRLDb)}},
-    {reply, Result, State#state{certificate_db = Db}};
+    {reply, {ok, #{cert_db_ref => Ref, 
+                   cert_db_handle => CertDb, 
+                   fileref_db_handle => FileRefDb, 
+                   pem_cache => PemChace, 
+                   session_cache => session_cache(Role, State), 
+                   crl_db_info => {CRLCb, crl_db_info(Db, UserCRLDb)}}}, State};
 
 handle_call({{connection_init, Trustedcerts, Role, {CRLCb, UserCRLDb}}, Pid}, _From,
 	    #state{certificate_db = [CertDb, FileRefDb, PemChace | _] = Db} = State) ->
     case add_trusted_certs(Pid, Trustedcerts, Db) of
 	{ok, Ref} ->
-	    {reply, {ok, Ref, CertDb, FileRefDb, PemChace, session_cache(Role, State), 
-		     {CRLCb, crl_db_info(Db, UserCRLDb)}}, State};
-	{error, _} = Error ->
-	    {reply, Error, State}
+	    {reply, {ok, #{cert_db_ref => Ref, 
+                           cert_db_handle => CertDb, 
+                           fileref_db_handle => FileRefDb, 
+                           pem_cache => PemChace, 
+                           session_cache => session_cache(Role, State), 
+                           crl_db_info => {CRLCb, crl_db_info(Db, UserCRLDb)}}}, State};
+        {error, _} = Error ->
+            {reply, Error, State}
     end;
 
 handle_call({{insert_crls, Path, CRLs}, _}, _From,   
-- 
cgit v1.2.3