[erlang-patches] Fix SSL ETS table element leak and error cleanup

Henrik Nord <>
Mon Mar 31 13:58:08 CEST 2014


Thanks!

As we are already passed the codestop for 17.0 we will put this in the 
backlog for 17.1.

Thank you for your contribution!

On 2014-03-31 13:38, Bernie Duggan wrote:
> Hi Henrik,
> I've trimmed the patch down to just the one remaining problem and (after much boggling over the SSL unit test system) added a unit test that checks the fix. I've rebased it to 'maint' and created a pull request. You can see the change at:
>
> https://github.com/bernardd/otp/compare/erlang:maint...ssl_cert_cache_fix
> https://github.com/bernardd/otp/compare/erlang:maint...ssl_cert_cache_fix.patch
>
> Cheers,
>
> Bernard
> ________________________________________
> From: Henrik Nord []
> Sent: Thursday, 6 February 2014 3:27 AM
> To: Bernie Duggan; erlang patches
> Subject: Re: [erlang-patches] Fix SSL ETS table element leak and error cleanup
>
> Hi!
>
> Patch solves two problems, one (trap exit) is already solved in R16B03.
>
> The other part of the patch we do want, but it should be ammended nice
> with a test case.
>
>
>
> On 2013-12-10 05:44, Bernard Duggan wrote:
>> Hi list,
>> The SSL library maintains an internal table of CA certificates
>> (ssl_otp_cacertificate_db). This is supposed to be cleaned up when the
>> last connection using a certificate closes, however there's two problems
>> in R16B02 (and in the current master branch on github):
>>
>> * When CA certificates are provided as binary blobs, rather than by
>> filename (ie, #ssl_options.cacerts is set, but #ssl_options.cacertfile
>> is not) the cleanup never occurs due to an incorrect pattern match in
>> tls_connection:handle_trusted_certs_db/1. This causes the table to grow
>> unchecked because each connection adds a new entry.
>>
>> * When the process exits abnormally, tls_connection:terminate/1 is never
>> called because the trap_exit process flag is not set and so similarly
>> the table (and everything else cleaned in terminate/1, for that matter)
>> is not cleaned up. This doesn't affect "normal" termination caused by
>> the connection closing because terminate/1 is called explicitly from
>> handle_sync_event/4, rather that relying on gen_fsm's automatic calling.
>>
>> Fixes for both are here:
>>
>> git fetch git://github.com/bernardd/otp ssl_cert_cache_fix
>> https://github.com/bernardd/otp/compare/erlang:master...ssl_cert_cache_fix
>>
>>
>> Credit goes to my colleague Nick Marino for doing the initial legwork to
>> track this down.
>>
>> Cheers,
>>
>> Bernard
>>
>> ________________________________
>>
>> This e-mail and any attachments are confidential. If it is not
>> intended for you, please notify the sender, and please erase and
>> ignore the contents.
>> _______________________________________________
>> erlang-patches mailing list
>> 
>> http://erlang.org/mailman/listinfo/erlang-patches
> --
> /Henrik Nord Erlang/OTP
>
>
> ________________________________
>
> This e-mail and any attachments are confidential. If it is not intended for you, please notify the sender, and please erase and ignore the contents.

-- 
/Henrik Nord Erlang/OTP



More information about the erlang-patches mailing list