[erlang-patches] Fix SSL ETS table element leak and error cleanup

Henrik Nord <>
Tue Dec 10 14:43:34 CET 2013

Thank you for your contribution!

You could, in addition to the email and proper links, also create a 
pullrequest for the patch.
That way it will be processed into our system.

I will create a pullrequest for this.
Thank you!

On 2013-12-10 05:44, Bernard Duggan wrote:
> Hi list,
> The SSL library maintains an internal table of CA certificates
> (ssl_otp_cacertificate_db). This is supposed to be cleaned up when the
> last connection using a certificate closes, however there's two problems
> in R16B02 (and in the current master branch on github):
> * When CA certificates are provided as binary blobs, rather than by
> filename (ie, #ssl_options.cacerts is set, but #ssl_options.cacertfile
> is not) the cleanup never occurs due to an incorrect pattern match in
> tls_connection:handle_trusted_certs_db/1. This causes the table to grow
> unchecked because each connection adds a new entry.
> * When the process exits abnormally, tls_connection:terminate/1 is never
> called because the trap_exit process flag is not set and so similarly
> the table (and everything else cleaned in terminate/1, for that matter)
> is not cleaned up. This doesn't affect "normal" termination caused by
> the connection closing because terminate/1 is called explicitly from
> handle_sync_event/4, rather that relying on gen_fsm's automatic calling.
> Fixes for both are here:
> git fetch git://github.com/bernardd/otp ssl_cert_cache_fix
> https://github.com/bernardd/otp/compare/erlang:master...ssl_cert_cache_fix 
> Credit goes to my colleague Nick Marino for doing the initial legwork to
> track this down.
> Cheers,
> Bernard
> ________________________________
> This e-mail and any attachments are confidential. If it is not 
> intended for you, please notify the sender, and please erase and 
> ignore the contents.
> _______________________________________________
> erlang-patches mailing list
> http://erlang.org/mailman/listinfo/erlang-patches

/Henrik Nord Erlang/OTP

More information about the erlang-patches mailing list