From f435df0e065c06e2ae11308c0ec5a19a9ce887fa Mon Sep 17 00:00:00 2001 From: YAMASHINA Hio Date: Tue, 9 Feb 2010 10:46:38 +0900 Subject: prepend packet size bytes in ssl:send() in new_ssl implementation With the {ssl_imp,new} option enabled, {packet,PacketType} only works when receiving. When sending, {packet,0} is always used. --- lib/ssl/src/ssl_connection.erl | 33 ++++++++++++++++++++++++++++----- 1 file changed, 28 insertions(+), 5 deletions(-) (limited to 'lib/ssl/src') diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl index d9377fe3d6..0aed85a9ef 100644 --- a/lib/ssl/src/ssl_connection.erl +++ b/lib/ssl/src/ssl_connection.erl @@ -610,7 +610,7 @@ connection(hello, State = #state{host = Host, port = Port, %% gen_fsm:sync_send_event/2,3, the instance of this function with the same %% name as the current state name StateName is called to handle the event. %%-------------------------------------------------------------------- -connection({application_data, Data}, _From, +connection({application_data, Data0}, _From, State = #state{socket = Socket, negotiated_version = Version, transport_cb = Transport, @@ -618,10 +618,16 @@ connection({application_data, Data}, _From, %% We should look into having a worker process to do this to %% parallize send and receive decoding and not block the receiver %% if sending is overloading the socket. - {Msgs, ConnectionStates1} = encode_data(Data, Version, ConnectionStates0), - Result = Transport:send(Socket, Msgs), - {reply, Result, - connection, State#state{connection_states = ConnectionStates1}}. + try + Data = encode_packet(Data0, State#state.socket_options), + {Msgs, ConnectionStates1} = encode_data(Data, Version, ConnectionStates0), + Result = Transport:send(Socket, Msgs), + {reply, Result, + connection, State#state{connection_states = ConnectionStates1}} + + catch throw:Error -> + {reply, Error, connection, State} + end. %%-------------------------------------------------------------------- %% Function: @@ -1404,6 +1410,23 @@ encode_handshake(HandshakeRec, SigAlg, Version, ConnectionStates0, Hashes0) -> ssl_record:encode_handshake(Frag, Version, ConnectionStates0), {E, ConnectionStates1, Hashes1}. +encode_packet(Data, #socket_options{packet=Packet}) -> + case Packet of + 0 -> Data; + 1 -> encode_size_packet(Data, 8, (1 bsl 8) - 1); + 2 -> encode_size_packet(Data, 16, (1 bsl 16) - 1); + 4 -> encode_size_packet(Data, 32, (1 bsl 32) - 1); + _ -> + throw({error, {badarg, {eoptions, {packet, Packet}}}}) + end. + +encode_size_packet(Bin, Size, Max) -> + Len = byte_size(Bin), + case Len > Max of + true -> throw({error, {badarg, {packet_to_large, Len, Max}}}); + false -> <> + end. + encode_data(Data, Version, ConnectionStates) -> ssl_record:encode_data(Data, Version, ConnectionStates). -- cgit v1.2.3 From 590a06126b813a306455d340f73c88ebfafce29a Mon Sep 17 00:00:00 2001 From: Dan Gudmundsson Date: Tue, 9 Feb 2010 15:39:59 +0100 Subject: Allow ssl:listen/2 to be called with option {ssl_imp, old}. --- lib/ssl/src/ssl.erl | 3 ++- lib/ssl/src/ssl_broker.erl | 6 +++--- 2 files changed, 5 insertions(+), 4 deletions(-) (limited to 'lib/ssl/src') diff --git a/lib/ssl/src/ssl.erl b/lib/ssl/src/ssl.erl index 1222fe97fd..306e3f5419 100644 --- a/lib/ssl/src/ssl.erl +++ b/lib/ssl/src/ssl.erl @@ -129,7 +129,8 @@ listen(Port, Options0) -> %% so that new and old ssl can be run by the same %% code, however the option will be ignored by old ssl %% that hardcodes reuseaddr to true in its portprogram. - Options = proplists:delete(reuseaddr, Options0), + Options1 = proplists:delete(reuseaddr, Options0), + Options = proplists:delete(ssl_imp, Options1), old_listen(Port, Options); Value -> {error, {eoptions, {ssl_imp, Value}}} diff --git a/lib/ssl/src/ssl_broker.erl b/lib/ssl/src/ssl_broker.erl index 178fb5fcb9..a7a8fe0322 100644 --- a/lib/ssl/src/ssl_broker.erl +++ b/lib/ssl/src/ssl_broker.erl @@ -333,9 +333,9 @@ init([Client, Type]) -> debug1(Debug, Type, "in start, client = ~w", [Client]), {ok, #st{brokertype = Type, server = Server, client = Client, collector = Client, debug = Debug}}; - true -> - {stop, no_ssl_server} - end. + true -> + {stop, no_ssl_server} + end. %% -- cgit v1.2.3 From a39cf4a324eca0d5ae363350b79f37401c240cb5 Mon Sep 17 00:00:00 2001 From: Dan Gudmundsson Date: Wed, 10 Feb 2010 15:27:58 +0100 Subject: Fixed bug file cache bug and improved the error messages. --- lib/ssl/src/ssl_certificate_db.erl | 41 ++++++++++++++++++++------------------ lib/ssl/src/ssl_connection.erl | 38 +++++++++++++++++++++++++---------- lib/ssl/src/ssl_manager.erl | 27 +++++++++++++------------ 3 files changed, 64 insertions(+), 42 deletions(-) (limited to 'lib/ssl/src') diff --git a/lib/ssl/src/ssl_certificate_db.erl b/lib/ssl/src/ssl_certificate_db.erl index decc6c9fea..2d729576b0 100644 --- a/lib/ssl/src/ssl_certificate_db.erl +++ b/lib/ssl/src/ssl_certificate_db.erl @@ -27,7 +27,7 @@ -export([create/0, remove/1, add_trusted_certs/3, remove_trusted_certs/2, lookup_trusted_cert/3, issuer_candidate/1, - cache_pem_file/3]). + lookup_cached_certs/1, cache_pem_file/3]). %%==================================================================== %% Internal application API @@ -74,6 +74,9 @@ lookup_trusted_cert(Ref, SerialNumber, Issuer) -> {ok, Certs} end. +lookup_cached_certs(File) -> + ets:lookup(certificate_db_name(), {file, File}). + %%-------------------------------------------------------------------- %% Function: add_trusted_certs(Pid, File, Db) -> {ok, Ref} %% Pid = pid() @@ -90,7 +93,7 @@ add_trusted_certs(Pid, File, [CertsDb, FileToRefDb, PidToFileDb]) -> undefined -> NewRef = make_ref(), add_certs_from_file(File, NewRef, CertsDb), - insert(File, NewRef, 1, FileToRefDb), + insert(File, NewRef, 1, FileToRefDb), NewRef; [OldRef] -> ref_count(File,FileToRefDb,1), @@ -104,14 +107,11 @@ add_trusted_certs(Pid, File, [CertsDb, FileToRefDb, PidToFileDb]) -> %% %% Description: Cache file as binary in DB %%-------------------------------------------------------------------- -cache_pem_file(Pid, File, [_CertsDb, FileToRefDb, PidToFileDb]) -> - try ref_count(File, FileToRefDb,1) - catch _:_ -> - {ok, Content} = public_key:pem_to_der(File), - insert(File,Content,1,FileToRefDb) - end, +cache_pem_file(Pid, File, [CertsDb, _FileToRefDb, PidToFileDb]) -> + Res = {ok, Content} = public_key:pem_to_der(File), + insert({file, File}, Content, CertsDb), insert(Pid, File, PidToFileDb), - {ok, FileToRefDb}. + Res. %%-------------------------------------------------------------------- %% Function: remove_trusted_certs(Pid, Db) -> _ @@ -123,15 +123,16 @@ remove_trusted_certs(Pid, [CertsDb, FileToRefDb, PidToFileDb]) -> Files = lookup(Pid, PidToFileDb), delete(Pid, PidToFileDb), Clear = fun(File) -> - case ref_count(File, FileToRefDb, -1) of - 0 -> - case lookup(File, FileToRefDb) of - [Ref] when is_reference(Ref) -> - remove_certs(Ref, CertsDb); - _ -> ok - end, - delete(File, FileToRefDb); - _ -> + delete({file,File}, CertsDb), + try + 0 = ref_count(File, FileToRefDb, -1), + case lookup(File, FileToRefDb) of + [Ref] when is_reference(Ref) -> + remove_certs(Ref, CertsDb); + _ -> ok + end, + delete(File, FileToRefDb) + catch _:_ -> ok end end, @@ -168,6 +169,8 @@ issuer_candidate(PrevCandidateKey) -> case ets:next(Db, PrevCandidateKey) of '$end_of_table' -> no_more_candidates; + {file, _} = Key -> + issuer_candidate(Key); Key -> [Cert] = lookup(Key, Db), {Key, Cert} @@ -189,7 +192,7 @@ ref_count(Key, Db,N) -> ets:update_counter(Db,Key,N). delete(Key, Db) -> - true = ets:delete(Db, Key). + _ = ets:delete(Db, Key). lookup(Key, Db) -> case ets:lookup(Db, Key) of diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl index 0aed85a9ef..4c8421912b 100644 --- a/lib/ssl/src/ssl_connection.erl +++ b/lib/ssl/src/ssl_connection.erl @@ -978,8 +978,14 @@ init_certificates(#ssl_options{cacertfile = CACertFile, case ssl_manager:connection_init(CACertFile, Role) of {ok, CertDbRef, CacheRef} -> init_certificates(CertDbRef, CacheRef, CertFile, Role); + {error, {badmatch, _Error}} -> + Report = io_lib:format("SSL: Error ~p Initializing: ~p ~n", + [_Error, CACertFile]), + error_logger:error_report(Report), + throw(ecacertfile); {error, _Error} -> - Report = io_lib:format("SSL: Error ~p ~n",[_Error]), + Report = io_lib:format("SSL: Error ~p Initializing: ~p ~n", + [_Error, CACertFile]), error_logger:error_report(Report), throw(ecacertfile) end. @@ -996,12 +1002,18 @@ init_certificates(CertDbRef, CacheRef, CertFile, server) -> try [OwnCert] = ssl_certificate:file_to_certificats(CertFile), {ok, CertDbRef, CacheRef, OwnCert} - catch _E:_R -> - Report = io_lib:format("SSL: ~p: ~p:~p ~p~n", - [?LINE, _E,_R, erlang:get_stacktrace()]), - error_logger:error_report(Report), - throw(ecertfile) - end. + catch + _E:{badmatch, _R={error,_}} -> + Report = io_lib:format("SSL: ~p: ~p:~p ~s~n ~p~n", + [?LINE, _E,_R, CertFile, erlang:get_stacktrace()]), + error_logger:error_report(Report), + throw(ecertfile); + _E:_R -> + Report = io_lib:format("SSL: ~p: ~p:~p ~s~n ~p~n", + [?LINE, _E,_R, CertFile, erlang:get_stacktrace()]), + error_logger:error_report(Report), + throw(ecertfile) + end. init_private_key(undefined, "", _Password, client) -> undefined; @@ -1012,9 +1024,15 @@ init_private_key(undefined, KeyFile, Password, _) -> PKey =:= rsa_private_key orelse PKey =:= dsa_private_key], {ok, Decoded} = public_key:decode_private_key(Der,Password), Decoded - catch _E:_R -> - Report = io_lib:format("SSL: ~p: ~p:~p ~p~n", - [?LINE, _E,_R, erlang:get_stacktrace()]), + catch + _E:{badmatch, _R={error,_}} -> + Report = io_lib:format("SSL: ~p: ~p:~p ~s~n ~p~n", + [?LINE, _E,_R, KeyFile, erlang:get_stacktrace()]), + error_logger:error_report(Report), + throw(ekeyfile); + _E:_R -> + Report = io_lib:format("SSL: ~p: ~p:~p ~s~n ~p~n", + [?LINE, _E,_R, KeyFile, erlang:get_stacktrace()]), error_logger:error_report(Report), throw(ekeyfile) end; diff --git a/lib/ssl/src/ssl_manager.erl b/lib/ssl/src/ssl_manager.erl index 6b83c2ea46..ff20ee6025 100644 --- a/lib/ssl/src/ssl_manager.erl +++ b/lib/ssl/src/ssl_manager.erl @@ -74,13 +74,11 @@ connection_init(TrustedcertsFile, Role) -> call({connection_init, TrustedcertsFile, Role}). cache_pem_file(File) -> - case ets:lookup(ssl_file_to_ref,File) of - [{_,_,Content}] -> + case ssl_certificate_db:lookup_cached_certs(File) of + [{_,Content}] -> {ok, Content}; [] -> - {ok, Db} = call({cache_pem, File}), - [{_,_,Content}] = ets:lookup(Db,File), - {ok, Content} + call({cache_pem, File}) end. %%-------------------------------------------------------------------- @@ -170,13 +168,14 @@ handle_call({{connection_init, TrustedcertsFile, _Role}, Pid}, _From, session_cache = Cache} = State) -> erlang:monitor(process, Pid), Result = - case (catch ssl_certificate_db:add_trusted_certs(Pid, - TrustedcertsFile, - Db)) of - {ok, Ref} -> - {ok, Ref, Cache}; - Error -> - {error, Error} + try + {ok, Ref} = ssl_certificate_db:add_trusted_certs(Pid, TrustedcertsFile, Db), + {ok, Ref, Cache} + catch + _:{badmatch, Error} -> + {error, Error}; + _E:_R -> + {error, {_R,erlang:get_stacktrace()}} end, {reply, Result, State}; @@ -198,7 +197,9 @@ handle_call({{cache_pem, File},Pid}, _, State = #state{certificate_db = Db}) -> try ssl_certificate_db:cache_pem_file(Pid,File,Db) of Result -> {reply, Result, State} - catch _:Reason -> + catch _:{badmatch, Reason} -> + {reply, Reason, State}; + _:Reason -> {reply, {error, Reason}, State} end; -- cgit v1.2.3 From 464f2bac3b5dadd35add52fdee2ccfe8e05facd9 Mon Sep 17 00:00:00 2001 From: Dan Gudmundsson Date: Thu, 11 Feb 2010 14:46:00 +0100 Subject: Fixed ssl:setopts(Socket, binary) which was didn't work for 'new' ssl. --- lib/ssl/src/ssl.erl | 6 ++++-- lib/ssl/src/ssl_connection.erl | 3 +-- 2 files changed, 5 insertions(+), 4 deletions(-) (limited to 'lib/ssl/src') diff --git a/lib/ssl/src/ssl.erl b/lib/ssl/src/ssl.erl index 306e3f5419..19ae368781 100644 --- a/lib/ssl/src/ssl.erl +++ b/lib/ssl/src/ssl.erl @@ -367,8 +367,10 @@ getopts(#sslsocket{} = Socket, Options) -> %% %% Description: %%-------------------------------------------------------------------- -setopts(#sslsocket{fd = new_ssl, pid = Pid}, Options) when is_pid(Pid) -> - ssl_connection:set_opts(Pid, Options); +setopts(#sslsocket{fd = new_ssl, pid = Pid}, Opts0) when is_pid(Pid) -> + Opts = proplists:expand([{binary, [{mode, binary}]}, + {list, [{mode, list}]}], Opts0), + ssl_connection:set_opts(Pid, Opts); setopts(#sslsocket{fd = new_ssl, pid = {ListenSocket, _}}, OptTags) -> inet:setopts(ListenSocket, OptTags); setopts(#sslsocket{} = Socket, Options) -> diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl index 4c8421912b..bbffa1e564 100644 --- a/lib/ssl/src/ssl_connection.erl +++ b/lib/ssl/src/ssl_connection.erl @@ -1061,8 +1061,7 @@ send_all_state_event(FsmPid, Event) -> gen_fsm:send_all_state_event(FsmPid, Event). sync_send_all_state_event(FsmPid, Event) -> - sync_send_all_state_event(FsmPid, Event, ?DEFAULT_TIMEOUT -). + sync_send_all_state_event(FsmPid, Event, ?DEFAULT_TIMEOUT). sync_send_all_state_event(FsmPid, Event, Timeout) -> try gen_fsm:sync_send_all_state_event(FsmPid, Event, Timeout) -- cgit v1.2.3