[erlang-patches] Fix SSL ETS table element leak and error cleanup

Henrik Nord <>
Thu Feb 6 10:27:27 CET 2014


Patch solves two problems, one (trap exit) is already solved in R16B03.

The other part of the patch we do want, but it should be ammended nice 
with a test case.

On 2013-12-10 05:44, Bernard Duggan wrote:
> Hi list,
> The SSL library maintains an internal table of CA certificates
> (ssl_otp_cacertificate_db). This is supposed to be cleaned up when the
> last connection using a certificate closes, however there's two problems
> in R16B02 (and in the current master branch on github):
> * When CA certificates are provided as binary blobs, rather than by
> filename (ie, #ssl_options.cacerts is set, but #ssl_options.cacertfile
> is not) the cleanup never occurs due to an incorrect pattern match in
> tls_connection:handle_trusted_certs_db/1. This causes the table to grow
> unchecked because each connection adds a new entry.
> * When the process exits abnormally, tls_connection:terminate/1 is never
> called because the trap_exit process flag is not set and so similarly
> the table (and everything else cleaned in terminate/1, for that matter)
> is not cleaned up. This doesn't affect "normal" termination caused by
> the connection closing because terminate/1 is called explicitly from
> handle_sync_event/4, rather that relying on gen_fsm's automatic calling.
> Fixes for both are here:
> git fetch git://github.com/bernardd/otp ssl_cert_cache_fix
> https://github.com/bernardd/otp/compare/erlang:master...ssl_cert_cache_fix 
> Credit goes to my colleague Nick Marino for doing the initial legwork to
> track this down.
> Cheers,
> Bernard
> ________________________________
> This e-mail and any attachments are confidential. If it is not 
> intended for you, please notify the sender, and please erase and 
> ignore the contents.
> _______________________________________________
> erlang-patches mailing list
> http://erlang.org/mailman/listinfo/erlang-patches

/Henrik Nord Erlang/OTP

More information about the erlang-patches mailing list