From 2db05402f6b81e312ea268dd56483d0b3ca15941 Mon Sep 17 00:00:00 2001
From: Ingela Anderton Andin <ingela@erlang.org>
Date: Tue, 31 Jan 2017 16:57:57 +0100
Subject: ssl: Make sure PEM cache works as intended

Move of PEM cache to own process was flawed and not all PEM files
where cached properly. We must properly handle both the ditributed
and the normal mode of the ssl application.
---
 lib/ssl/src/ssl_config.erl    |  4 ++--
 lib/ssl/src/ssl_manager.erl   |  4 ++--
 lib/ssl/src/ssl_pem_cache.erl |  2 +-
 lib/ssl/src/ssl_pkix_db.erl   | 17 ++++++++++-------
 4 files changed, 15 insertions(+), 12 deletions(-)

(limited to 'lib/ssl/src')

diff --git a/lib/ssl/src/ssl_config.erl b/lib/ssl/src/ssl_config.erl
index 54f83928ee..4926a146fe 100644
--- a/lib/ssl/src/ssl_config.erl
+++ b/lib/ssl/src/ssl_config.erl
@@ -42,10 +42,10 @@ init(SslOpts, Role) ->
 
 init_manager_name(false) ->
     put(ssl_manager, ssl_manager:name(normal)),
-    put(ssl_cache, ssl_pem_cache:name(normal));
+    put(ssl_pem_cache, ssl_pem_cache:name(normal));
 init_manager_name(true) ->
     put(ssl_manager, ssl_manager:name(dist)),
-    put(ssl_cache, ssl_pem_cache:name(dist)).
+    put(ssl_pem_cache, ssl_pem_cache:name(dist)).
 
 init_certificates(#ssl_options{cacerts = CaCerts,
 			       cacertfile = CACertFile,
diff --git a/lib/ssl/src/ssl_manager.erl b/lib/ssl/src/ssl_manager.erl
index 29b15f843f..3b2ddeaa56 100644
--- a/lib/ssl/src/ssl_manager.erl
+++ b/lib/ssl/src/ssl_manager.erl
@@ -128,7 +128,7 @@ cache_pem_file(File, DbHandle) ->
 	[Content]  ->
 	    {ok, Content};
 	undefined ->
-	  ssl_pem_cache:insert(File)
+            ssl_pem_cache:insert(File)
     end.
 
 %%--------------------------------------------------------------------
@@ -224,7 +224,7 @@ init([ManagerName, PemCacheName, Opts]) ->
     CacheCb = proplists:get_value(session_cb, Opts, ssl_session_cache),
     SessionLifeTime =  
 	proplists:get_value(session_lifetime, Opts, ?'24H_in_sec'),
-    CertDb = ssl_pkix_db:create(),
+    CertDb = ssl_pkix_db:create(PemCacheName),
     ClientSessionCache = 
 	CacheCb:init([{role, client} | 
 		      proplists:get_value(session_cb_init_args, Opts, [])]),
diff --git a/lib/ssl/src/ssl_pem_cache.erl b/lib/ssl/src/ssl_pem_cache.erl
index 2b31374bcc..f63a301f69 100644
--- a/lib/ssl/src/ssl_pem_cache.erl
+++ b/lib/ssl/src/ssl_pem_cache.erl
@@ -133,7 +133,7 @@ invalidate_pem(File) ->
 init([Name]) ->
     put(ssl_pem_cache, Name),
     process_flag(trap_exit, true),
-    PemCache = ssl_pkix_db:create_pem_cache(),
+    PemCache = ssl_pkix_db:create_pem_cache(Name),
     Interval = pem_check_interval(),
     erlang:send_after(Interval, self(), clear_pem_cache),
     {ok, #state{pem_cache = PemCache,
diff --git a/lib/ssl/src/ssl_pkix_db.erl b/lib/ssl/src/ssl_pkix_db.erl
index 961a555873..cde05bb16f 100644
--- a/lib/ssl/src/ssl_pkix_db.erl
+++ b/lib/ssl/src/ssl_pkix_db.erl
@@ -28,7 +28,7 @@
 -include_lib("public_key/include/public_key.hrl").
 -include_lib("kernel/include/file.hrl").
 
--export([create/0, create_pem_cache/0, 
+-export([create/1, create_pem_cache/1, 
 	 add_crls/3, remove_crls/2, remove/1, add_trusted_certs/3, 
 	 extract_trusted_certs/1,
 	 remove_trusted_certs/2, insert/3, remove/2, clear/1, db_size/1,
@@ -40,13 +40,13 @@
 %%====================================================================
 
 %%--------------------------------------------------------------------
--spec create() -> [db_handle(),...].
+-spec create(atom()) -> [db_handle(),...].
 %% 
 %% Description: Creates a new certificate db.
 %% Note: lookup_trusted_cert/4 may be called from any process but only
 %% the process that called create may call the other functions.
 %%--------------------------------------------------------------------
-create() ->
+create(PEMCacheName) ->
     [%% Let connection process delete trusted certs
      %% that can only belong to one connection. (Supplied directly
      %% on DER format to ssl:connect/listen.)
@@ -56,14 +56,14 @@ create() ->
       ets:new(ssl_otp_ca_ref_file_mapping, [set, protected])
      },
      %% Lookups in named table owned by ssl_pem_cache process
-     ssl_otp_pem_cache,
+     PEMCacheName,
      %% Default cache
      {ets:new(ssl_otp_crl_cache, [set, protected]),
       ets:new(ssl_otp_crl_issuer_mapping, [bag, protected])}
     ].
 
-create_pem_cache() ->
-    ets:new(ssl_otp_pem_cache, [named_table, set, protected]).
+create_pem_cache(Name) ->
+    ets:new(Name, [named_table, set, protected]).
 
 %%--------------------------------------------------------------------
 -spec remove([db_handle()]) -> ok. 
@@ -76,7 +76,9 @@ remove(Dbs) ->
 			  true = ets:delete(Db1);
 		     (undefined) -> 
 			  ok;
-		     (ssl_otp_pem_cache) -> 
+		     (ssl_pem_cache) -> 
+			  ok;
+                     (ssl_pem_cache_dist) -> 
 			  ok;
 		     (Db) ->
 			  true = ets:delete(Db)
@@ -341,3 +343,4 @@ crl_issuer(DerCRL) ->
     CRL = public_key:der_decode('CertificateList', DerCRL),
     TBSCRL = CRL#'CertificateList'.tbsCertList,
     TBSCRL#'TBSCertList'.issuer.
+
-- 
cgit v1.2.3