[erlang-patches] Fix SSL ETS table element leak and error cleanup

Bernie Duggan <>
Mon Mar 31 13:38:38 CEST 2014


Hi Henrik,
I've trimmed the patch down to just the one remaining problem and (after much boggling over the SSL unit test system) added a unit test that checks the fix. I've rebased it to 'maint' and created a pull request. You can see the change at:

https://github.com/bernardd/otp/compare/erlang:maint...ssl_cert_cache_fix
https://github.com/bernardd/otp/compare/erlang:maint...ssl_cert_cache_fix.patch

Cheers,

Bernard
________________________________________
From: Henrik Nord []
Sent: Thursday, 6 February 2014 3:27 AM
To: Bernie Duggan; erlang patches
Subject: Re: [erlang-patches] Fix SSL ETS table element leak and error cleanup

Hi!

Patch solves two problems, one (trap exit) is already solved in R16B03.

The other part of the patch we do want, but it should be ammended nice
with a test case.



On 2013-12-10 05:44, Bernard Duggan wrote:
> Hi list,
> The SSL library maintains an internal table of CA certificates
> (ssl_otp_cacertificate_db). This is supposed to be cleaned up when the
> last connection using a certificate closes, however there's two problems
> in R16B02 (and in the current master branch on github):
>
> * When CA certificates are provided as binary blobs, rather than by
> filename (ie, #ssl_options.cacerts is set, but #ssl_options.cacertfile
> is not) the cleanup never occurs due to an incorrect pattern match in
> tls_connection:handle_trusted_certs_db/1. This causes the table to grow
> unchecked because each connection adds a new entry.
>
> * When the process exits abnormally, tls_connection:terminate/1 is never
> called because the trap_exit process flag is not set and so similarly
> the table (and everything else cleaned in terminate/1, for that matter)
> is not cleaned up. This doesn't affect "normal" termination caused by
> the connection closing because terminate/1 is called explicitly from
> handle_sync_event/4, rather that relying on gen_fsm's automatic calling.
>
> Fixes for both are here:
>
> git fetch git://github.com/bernardd/otp ssl_cert_cache_fix
> https://github.com/bernardd/otp/compare/erlang:master...ssl_cert_cache_fix
>
>
> Credit goes to my colleague Nick Marino for doing the initial legwork to
> track this down.
>
> Cheers,
>
> Bernard
>
> ________________________________
>
> This e-mail and any attachments are confidential. If it is not
> intended for you, please notify the sender, and please erase and
> ignore the contents.
> _______________________________________________
> erlang-patches mailing list
> 
> http://erlang.org/mailman/listinfo/erlang-patches

--
/Henrik Nord Erlang/OTP


________________________________

This e-mail and any attachments are confidential. If it is not intended for you, please notify the sender, and please erase and ignore the contents.


More information about the erlang-patches mailing list