From 2ab0f356a00f42060d0f4ca9c4225644e2d9052e Mon Sep 17 00:00:00 2001
From: Fredrik Gustafsson <fredrik@erlang.org>
Date: Thu, 15 Aug 2013 15:10:31 +0200
Subject: [inets, ssl]: make log_alert configurable as option in ssl,
 SSLLogLevel added as option to inets conf file

---
 lib/inets/src/http_lib/http_transport.erl           | 18 ++++++++++++------
 lib/inets/src/http_server/httpd_conf.erl            | 18 +++++++++++++++++-
 lib/inets/src/http_server/httpd_request_handler.erl |  2 +-
 lib/inets/src/inets_app/inets.appup.src             | 10 ++++++++++
 4 files changed, 40 insertions(+), 8 deletions(-)

(limited to 'lib/inets/src')

diff --git a/lib/inets/src/http_lib/http_transport.erl b/lib/inets/src/http_lib/http_transport.erl
index 5eb827032f..8b103628d7 100644
--- a/lib/inets/src/http_lib/http_transport.erl
+++ b/lib/inets/src/http_lib/http_transport.erl
@@ -174,7 +174,13 @@ listen({essl, SSLConfig}, Addr, Port) ->
 	  [{addr,       Addr}, 
 	   {port,       Port}, 
 	   {ssl_config, SSLConfig}]),
-    listen_ssl(Addr, Port, [{ssl_imp, new}, {reuseaddr, true} | SSLConfig]).
+    {SSLConfig2, ExtraOpts} = case proplists:get_value(log_alert, SSLConfig, undefined) of
+		    undefined ->
+			{SSLConfig, []};
+		    LogAlert ->
+			{proplists:delete(log_alert, SSLConfig), [{log_alert, LogAlert}]}
+		end,
+    listen_ssl(Addr, Port, [{ssl_imp, new}, {reuseaddr, true} | SSLConfig2], ExtraOpts).
 
 
 listen(ip_comm, Addr, Port, Fd) ->
@@ -222,24 +228,24 @@ do_listen_ip_comm(Addr, Port, Fd) ->
     end.
 
 
-listen_ssl(Addr, Port, Opts0) ->
+listen_ssl(Addr, Port, Opts0, ExtraOpts) ->
     IpFamily = ipfamily_default(Addr, Port), 
     BaseOpts = [{backlog, 128}, {reuseaddr, true} | Opts0], 
     Opts     = sock_opts(Addr, BaseOpts),
     case IpFamily of
 	inet6fb4 -> 
-	    Opts2 = [inet6 | Opts], 
+	    Opts2 = [inet6 | Opts] ++ ExtraOpts, 
 	    ?hlrt("try ipv6 listen", [{opts, Opts2}]),
 	    case (catch ssl:listen(Port, Opts2)) of
 		{error, Reason} when ((Reason =:= nxdomain) orelse 
 				      (Reason =:= eafnosupport)) ->
-		    Opts3 = [inet | Opts], 
+		    Opts3 = [inet | Opts] ++ ExtraOpts, 
 		    ?hlrt("ipv6 listen failed - try ipv4 instead", 
 			  [{reason, Reason}, {opts, Opts3}]),
 		    ssl:listen(Port, Opts3);
 		
 		{'EXIT', Reason} -> 
-		    Opts3 = [inet | Opts], 
+		    Opts3 = [inet | Opts] ++ ExtraOpts, 
 		    ?hlrt("ipv6 listen exit - try ipv4 instead", 
 			  [{reason, Reason}, {opts, Opts3}]),
 		    ssl:listen(Port, Opts3); 
@@ -252,7 +258,7 @@ listen_ssl(Addr, Port, Opts0) ->
 	_ ->
 	    Opts2 = [IpFamily | Opts],
 	    ?hlrt("listen", [{opts, Opts2}]),
-	    ssl:listen(Port, Opts2)
+	    ssl:listen(Port, Opts2 ++ ExtraOpts)
     end.
 
 
diff --git a/lib/inets/src/http_server/httpd_conf.erl b/lib/inets/src/http_server/httpd_conf.erl
index 884e3defb8..190967f656 100644
--- a/lib/inets/src/http_server/httpd_conf.erl
+++ b/lib/inets/src/http_server/httpd_conf.erl
@@ -390,6 +390,13 @@ load("SSLCertificateFile " ++ SSLCertificateFile, []) ->
 	    {error, ?NICE(clean(SSLCertificateFile)++
 			  " is an invalid SSLCertificateFile")}
     end;
+load("SSLLogLevel " ++ SSLLogAlert, []) ->
+    case SSLLogAlert of
+	"none" ->
+	    {ok, [], {ssl_log_alert, false}};
+	_ ->
+	    {ok, [], {ssl_log_alert, true}}
+    end;
 load("SSLCertificateKeyFile " ++ SSLCertificateKeyFile, []) ->
     case is_file(clean(SSLCertificateKeyFile)) of
 	{ok, File} ->
@@ -942,7 +949,8 @@ ssl_config(ConfigDB) ->
 	ssl_ciphers(ConfigDB) ++
 	ssl_password(ConfigDB) ++
 	ssl_verify_depth(ConfigDB) ++
-	ssl_ca_certificate_file(ConfigDB).
+	ssl_ca_certificate_file(ConfigDB) ++
+	ssl_log_level(ConfigDB).
 	    
     
 
@@ -1208,6 +1216,14 @@ ssl_certificate_key_file(ConfigDB) ->
 	    [{keyfile,SSLCertificateKeyFile}]
     end.
 
+ssl_log_level(ConfigDB) ->
+    case httpd_util:lookup(ConfigDB,ssl_log_alert) of
+	undefined ->
+	    [];
+	SSLLogLevel ->
+	    [{log_alert,SSLLogLevel}]
+    end.
+
 ssl_verify_client(ConfigDB) ->
     case httpd_util:lookup(ConfigDB,ssl_verify_client) of
 	undefined ->
diff --git a/lib/inets/src/http_server/httpd_request_handler.erl b/lib/inets/src/http_server/httpd_request_handler.erl
index 0f47d785ef..cb20159794 100644
--- a/lib/inets/src/http_server/httpd_request_handler.erl
+++ b/lib/inets/src/http_server/httpd_request_handler.erl
@@ -106,7 +106,7 @@ init([Manager, ConfigDB, AcceptTimeout]) ->
     case http_transport:negotiate(SocketType, Socket, TimeOut) of
 	{error, Error} ->
 	    ?hdrd("negotiation failed", [{error, Error}]),
-	    exit(Error); %% Can be 'normal'.
+	    exit(shutdown); %% Can be 'normal'.
 	ok ->
 	    ?hdrt("negotiation successfull", []),
 	    NewTimeout = TimeOut - timer:now_diff(now(),Then) div 1000,
diff --git a/lib/inets/src/inets_app/inets.appup.src b/lib/inets/src/inets_app/inets.appup.src
index 2995a2f712..3e005379bb 100644
--- a/lib/inets/src/inets_app/inets.appup.src
+++ b/lib/inets/src/inets_app/inets.appup.src
@@ -18,6 +18,11 @@
 
 {"%VSN%",
  [
+  {"5.9.2.1", 
+   [
+    {restart_application, inets}
+   ]
+  },
   {"5.9.2", 
    [
     {load_module, httpd_manager, soft_purge, soft_purge, []}
@@ -76,6 +81,11 @@
   }
  ],
  [
+  {"5.9.2.1", 
+   [
+    {restart_application, inets}
+   ]
+  },
   {"5.9.2", 
    [
     {load_module, httpd_manager, soft_purge, soft_purge, []}
-- 
cgit v1.2.3