[erlang-patches] Fix SSL ETS table element leak and error cleanup
Henrik Nord
henrik@REDACTED
Tue Dec 10 14:43:34 CET 2013
Thank you for your contribution!
You could, in addition to the email and proper links, also create a
pullrequest for the patch.
That way it will be processed into our system.
I will create a pullrequest for this.
Thank you!
On 2013-12-10 05:44, Bernard Duggan wrote:
> Hi list,
> The SSL library maintains an internal table of CA certificates
> (ssl_otp_cacertificate_db). This is supposed to be cleaned up when the
> last connection using a certificate closes, however there's two problems
> in R16B02 (and in the current master branch on github):
>
> * When CA certificates are provided as binary blobs, rather than by
> filename (ie, #ssl_options.cacerts is set, but #ssl_options.cacertfile
> is not) the cleanup never occurs due to an incorrect pattern match in
> tls_connection:handle_trusted_certs_db/1. This causes the table to grow
> unchecked because each connection adds a new entry.
>
> * When the process exits abnormally, tls_connection:terminate/1 is never
> called because the trap_exit process flag is not set and so similarly
> the table (and everything else cleaned in terminate/1, for that matter)
> is not cleaned up. This doesn't affect "normal" termination caused by
> the connection closing because terminate/1 is called explicitly from
> handle_sync_event/4, rather that relying on gen_fsm's automatic calling.
>
> Fixes for both are here:
>
> git fetch git://github.com/bernardd/otp ssl_cert_cache_fix
> https://github.com/bernardd/otp/compare/erlang:master...ssl_cert_cache_fix
>
>
> Credit goes to my colleague Nick Marino for doing the initial legwork to
> track this down.
>
> Cheers,
>
> Bernard
>
> ________________________________
>
> This e-mail and any attachments are confidential. If it is not
> intended for you, please notify the sender, and please erase and
> ignore the contents.
> _______________________________________________
> erlang-patches mailing list
> erlang-patches@REDACTED
> http://erlang.org/mailman/listinfo/erlang-patches
--
/Henrik Nord Erlang/OTP
More information about the erlang-patches
mailing list