diff options
| author | Ingela Anderton Andin <ingela@erlang.org> | 2019-09-20 10:38:46 +0200 |
|---|---|---|
| committer | Ingela Anderton Andin <ingela@erlang.org> | 2019-09-20 10:38:46 +0200 |
| commit | c5b02130526e3ed68b1d1983857f1f6de27741cb (patch) | |
| tree | 660cc511f4566a0ba8b2d3326b3c3728d24183d4 | |
| parent | c0de8512d69f1ef87812711619a15c873da54dda (diff) | |
| download | erlang-c5b02130526e3ed68b1d1983857f1f6de27741cb.tar.gz | |
ssl: Improve session handling
Due to legacy reasons cleaning of the session handling table was
complex and needed to be delayed. However the implementation
evolved many times since and this commit removes the need for the
delay. Hopefully this will also remove the problem with server
session tables that grow quicker than they can shrink under a
heavy load.
This also fixes TLS-1.3 compatibility with pre TLS-1.3 sessions.
| -rw-r--r-- | lib/ssl/src/dtls_connection.erl | 32 | ||||
| -rw-r--r-- | lib/ssl/src/dtls_handshake.erl | 16 | ||||
| -rw-r--r-- | lib/ssl/src/ssl_handshake.erl | 6 | ||||
| -rw-r--r-- | lib/ssl/src/ssl_manager.erl | 42 | ||||
| -rw-r--r-- | lib/ssl/src/ssl_session.erl | 89 | ||||
| -rw-r--r-- | lib/ssl/src/tls_connection.erl | 28 | ||||
| -rw-r--r-- | lib/ssl/src/tls_handshake.erl | 9 | ||||
| -rw-r--r-- | lib/ssl/src/tls_handshake_1_3.erl | 6 | ||||
| -rw-r--r-- | lib/ssl/test/ssl_session_cache_SUITE.erl | 28 |
9 files changed, 106 insertions, 150 deletions
diff --git a/lib/ssl/src/dtls_connection.erl b/lib/ssl/src/dtls_connection.erl index f8fd42e36d..50fd5d9a62 100644 --- a/lib/ssl/src/dtls_connection.erl +++ b/lib/ssl/src/dtls_connection.erl @@ -441,19 +441,19 @@ init({call, From}, {start, Timeout}, handshake_env = #handshake_env{renegotiation = {Renegotiation, _}}, connection_env = CEnv, ssl_options = #{versions := Versions} = SslOpts, - session = #session{own_certificate = Cert} = Session0, + session = #session{own_certificate = Cert} = NewSession, connection_states = ConnectionStates0 } = State0) -> + Session = ssl_session:client_select_session({Host, Port, SslOpts}, Cache, CacheCb, NewSession), Hello = dtls_handshake:client_hello(Host, Port, ConnectionStates0, SslOpts, - Cache, CacheCb, Renegotiation, Cert), + Session#session.session_id, Renegotiation, Cert), Version = Hello#client_hello.client_version, HelloVersion = dtls_record:hello_version(Version, Versions), State1 = prepare_flight(State0#state{connection_env = CEnv#connection_env{negotiated_version = Version}}), {State2, Actions} = send_handshake(Hello, State1#state{connection_env = CEnv#connection_env{negotiated_version = HelloVersion}}), State = State2#state{connection_env = CEnv#connection_env{negotiated_version = Version}, %% RequestedVersion - session = - Session0#session{session_id = Hello#client_hello.session_id}, + session = Session, start_or_recv_from = From}, next_event(hello, no_record, State, [{{timeout, handshake}, Timeout, close} | Actions]); init({call, _} = Type, Event, #state{static_env = #static_env{role = server}, @@ -521,30 +521,24 @@ hello(internal, #client_hello{cookie = <<>>, Actions); hello(internal, #hello_verify_request{cookie = Cookie}, #state{static_env = #static_env{role = client, host = Host, - port = Port, - session_cache = Cache, - session_cache_cb = CacheCb}, + port = Port}, handshake_env = #handshake_env{renegotiation = {Renegotiation, _}} = HsEnv, connection_env = CEnv, ssl_options = SslOpts, - session = #session{own_certificate = OwnCert} - = Session0, + session = #session{own_certificate = Cert, session_id = Id}, connection_states = ConnectionStates0 } = State0) -> Hello = dtls_handshake:client_hello(Host, Port, Cookie, ConnectionStates0, - SslOpts, - Cache, CacheCb, Renegotiation, OwnCert), + SslOpts, Id, Renegotiation, Cert), Version = Hello#client_hello.client_version, State1 = prepare_flight(State0#state{handshake_env = HsEnv#handshake_env{tls_handshake_history = ssl_handshake:init_handshake_history()}}), {State2, Actions} = send_handshake(Hello, State1), - State = State2#state{connection_env = CEnv#connection_env{negotiated_version = Version}, %% Requested version - session = - Session0#session{session_id = - Hello#client_hello.session_id}}, + State = State2#state{connection_env = CEnv#connection_env{negotiated_version = Version} % RequestedVersion + }, next_event(?FUNCTION_NAME, no_record, State, Actions); hello(internal, #client_hello{extensions = Extensions} = Hello, #state{ssl_options = #{handshake := hello}, @@ -702,7 +696,7 @@ connection(internal, #hello_request{}, #state{static_env = #static_env{host = Ho session_cache = Cache, session_cache_cb = CacheCb }, - handshake_env = #handshake_env{ renegotiation = {Renegotiation, _}}, + handshake_env = #handshake_env{renegotiation = {Renegotiation, _}}, connection_env = CEnv, session = #session{own_certificate = Cert} = Session0, ssl_options = #{versions := Versions} = SslOpts, @@ -710,15 +704,15 @@ connection(internal, #hello_request{}, #state{static_env = #static_env{host = Ho protocol_specific = PS } = State0) -> + Session = ssl_session:client_select_session({Host, Port, SslOpts}, Cache, CacheCb, Session0), Hello = dtls_handshake:client_hello(Host, Port, ConnectionStates0, SslOpts, - Cache, CacheCb, Renegotiation, Cert), + Session#session.session_id, Renegotiation, Cert), Version = Hello#client_hello.client_version, HelloVersion = dtls_record:hello_version(Version, Versions), State1 = prepare_flight(State0), {State2, Actions} = send_handshake(Hello, State1#state{connection_env = CEnv#connection_env{negotiated_version = HelloVersion}}), State = State2#state{protocol_specific = PS#{flight_state => initial_flight_state(DataTag)}, - session = Session0#session{session_id - = Hello#client_hello.session_id}}, + session = Session}, next_event(hello, no_record, State, Actions); connection(internal, #client_hello{} = Hello, #state{static_env = #static_env{role = server}, handshake_env = #handshake_env{allow_renegotiate = true} = HsEnv} = State) -> diff --git a/lib/ssl/src/dtls_handshake.erl b/lib/ssl/src/dtls_handshake.erl index b2a5fcfa66..8be14816ad 100644 --- a/lib/ssl/src/dtls_handshake.erl +++ b/lib/ssl/src/dtls_handshake.erl @@ -30,7 +30,7 @@ -include("ssl_alert.hrl"). %% Handshake handling --export([client_hello/8, client_hello/9, cookie/4, hello/4, +-export([client_hello/7, client_hello/8, cookie/4, hello/4, hello_verify_request/2]). %% Handshake encoding @@ -47,29 +47,29 @@ %%==================================================================== %%-------------------------------------------------------------------- -spec client_hello(ssl:host(), inet:port_number(), ssl_record:connection_states(), - ssl_options(), integer(), atom(), boolean(), der_cert()) -> + ssl_options(), binary(), boolean(), der_cert()) -> #client_hello{}. %% %% Description: Creates a client hello message. %%-------------------------------------------------------------------- client_hello(Host, Port, ConnectionStates, SslOpts, - Cache, CacheCb, Renegotiation, OwnCert) -> + Id, Renegotiation, OwnCert) -> %% First client hello (two sent in DTLS ) uses empty Cookie client_hello(Host, Port, <<>>, ConnectionStates, SslOpts, - Cache, CacheCb, Renegotiation, OwnCert). + Id, Renegotiation, OwnCert). %%-------------------------------------------------------------------- -spec client_hello(ssl:host(), inet:port_number(), term(), ssl_record:connection_states(), - ssl_options(), integer(), atom(), boolean(), der_cert()) -> + ssl_options(), binary(),boolean(), der_cert()) -> #client_hello{}. %% %% Description: Creates a client hello message. %%-------------------------------------------------------------------- -client_hello(Host, Port, Cookie, ConnectionStates, +client_hello(_Host, _Port, Cookie, ConnectionStates, #{versions := Versions, ciphers := UserSuites, fallback := Fallback} = SslOpts, - Cache, CacheCb, Renegotiation, OwnCert) -> + Id, Renegotiation, _OwnCert) -> Version = dtls_record:highest_protocol_version(Versions), Pending = ssl_record:pending_connection_state(ConnectionStates, read), SecParams = maps:get(security_parameters, Pending), @@ -79,8 +79,6 @@ client_hello(Host, Port, Cookie, ConnectionStates, Extensions = ssl_handshake:client_hello_extensions(TLSVersion, CipherSuites, SslOpts, ConnectionStates, Renegotiation, undefined), - Id = ssl_session:client_id({Host, Port, SslOpts}, Cache, CacheCb, OwnCert), - #client_hello{session_id = Id, client_version = Version, cipher_suites = diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl index 1c8a2ca452..f120bd4b4c 100644 --- a/lib/ssl/src/ssl_handshake.erl +++ b/lib/ssl/src/ssl_handshake.erl @@ -952,9 +952,9 @@ select_session(SuggestedSessionId, CipherSuites, HashSigns, Compressions, Port, Session, Version, #{ciphers := UserSuites, honor_cipher_order := HonorCipherOrder} = SslOpts, Cache, CacheCb, Cert) -> - {SessionId, Resumed} = ssl_session:server_id(Port, SuggestedSessionId, - SslOpts, Cert, - Cache, CacheCb), + {SessionId, Resumed} = ssl_session:server_select_session(Version, Port, SuggestedSessionId, + SslOpts, Cert, + Cache, CacheCb), case Resumed of undefined -> Suites = available_suites(Cert, UserSuites, Version, HashSigns, ECCCurve0), diff --git a/lib/ssl/src/ssl_manager.erl b/lib/ssl/src/ssl_manager.erl index 456a560bf6..fd842fcec4 100644 --- a/lib/ssl/src/ssl_manager.erl +++ b/lib/ssl/src/ssl_manager.erl @@ -53,7 +53,6 @@ session_lifetime :: integer(), certificate_db :: db_handle(), session_validation_timer :: reference(), - last_delay_timer = {undefined, undefined},%% Keep for testing purposes session_cache_client_max :: integer(), session_cache_server_max :: integer(), session_server_invalidator :: undefined | pid(), @@ -375,12 +374,6 @@ handle_info(validate_sessions, #state{session_cache_cb = CacheCb, session_client_invalidator = CPid, session_server_invalidator = SPid}}; - -handle_info({delayed_clean_session, Key, Cache}, #state{session_cache_cb = CacheCb - } = State) -> - CacheCb:delete(Cache, Key), - {noreply, State}; - handle_info({clean_cert_db, Ref, File}, #state{certificate_db = [CertDb, {RefDb, FileMapDb} | _]} = State) -> @@ -470,14 +463,6 @@ session_validation({{Port, _}, Session}, LifeTime) -> validate_session(Port, Session, LifeTime), LifeTime. -delay_time() -> - case application:get_env(ssl, session_delay_cleanup_time) of - {ok, Time} when is_integer(Time) -> - Time; - _ -> - ?CLEAN_SESSION_DB - end. - max_session_cache_size(CacheType) -> case application:get_env(ssl, CacheType) of {ok, Size} when is_integer(Size) -> @@ -486,36 +471,15 @@ max_session_cache_size(CacheType) -> ?DEFAULT_MAX_SESSION_CACHE end. -invalidate_session(Cache, CacheCb, Key, Session, State) -> +invalidate_session(Cache, CacheCb, Key, _Session, State) -> case CacheCb:lookup(Cache, Key) of undefined -> %% Session is already invalidated {noreply, State}; - #session{is_resumable = new} -> + #session{} -> CacheCb:delete(Cache, Key), - {noreply, State}; - _ -> - delayed_invalidate_session(CacheCb, Cache, Key, Session, State) + {noreply, State} end. -delayed_invalidate_session(CacheCb, Cache, Key, Session, - #state{last_delay_timer = LastTimer} = State) -> - %% When a registered session is invalidated we need to - %% wait a while before deleting it as there might be - %% pending connections that rightfully needs to look up - %% the session data but new connections should not get to - %% use this session. - CacheCb:update(Cache, Key, Session#session{is_resumable = false}), - TRef = - erlang:send_after(delay_time(), self(), - {delayed_clean_session, Key, Cache}), - {noreply, State#state{last_delay_timer = - last_delay_timer(Key, TRef, LastTimer)}}. - -last_delay_timer({{_,_},_}, TRef, {LastServer, _}) -> - {LastServer, TRef}; -last_delay_timer({_,_}, TRef, {_, LastClient}) -> - {TRef, LastClient}. - %% If we cannot generate a not allready in use session ID in %% ?GEN_UNIQUE_ID_MAX_TRIES we make the new session uncacheable The %% value of ?GEN_UNIQUE_ID_MAX_TRIES is stolen from open SSL which diff --git a/lib/ssl/src/ssl_session.erl b/lib/ssl/src/ssl_session.erl index fd012acd5e..b6651b4d54 100644 --- a/lib/ssl/src/ssl_session.erl +++ b/lib/ssl/src/ssl_session.erl @@ -30,7 +30,7 @@ -include("ssl_api.hrl"). %% Internal application API --export([is_new/2, client_id/4, server_id/6, valid_session/2]). +-export([is_new/2, client_select_session/4, server_select_session/7, valid_session/2]). -type seconds() :: integer(). @@ -48,41 +48,38 @@ is_new(_ClientSuggestion, _ServerDecision) -> true. %%-------------------------------------------------------------------- --spec client_id({ssl:host(), inet:port_number(), ssl_options()}, db_handle(), atom(), - undefined | binary()) -> binary(). +-spec client_select_session({ssl:host(), inet:port_number(), map()}, db_handle(), atom(), + #session{}) -> #session{}. %% %% Description: Should be called by the client side to get an id %% for the client hello message. %%-------------------------------------------------------------------- -client_id({Host, Port, #{reuse_session := SessionId}}, Cache, CacheCb, _) when is_binary(SessionId)-> - case CacheCb:lookup(Cache, {{Host, Port}, SessionId}) of - undefined -> - <<>>; - #session{} -> - SessionId - end; -client_id(ClientInfo, Cache, CacheCb, OwnCert) -> - case select_session(ClientInfo, Cache, CacheCb, OwnCert) of - no_session -> - <<>>; - SessionId -> - SessionId - end. +client_select_session({Host, Port, #{versions := Versions, + protocol := Protocol}} = ClientInfo, + Cache, CacheCb, NewSession) -> + + RecordCb = record_cb(Protocol), + Version = RecordCb:lowest_protocol_version(Versions), + + case Version of + {3, N} when N >= 4 -> + NewSession#session{session_id = crypto:strong_rand_bytes(32)}; + _ -> + do_client_select_session(ClientInfo, Cache, CacheCb, NewSession) + end. --spec valid_session(#session{}, seconds() | {invalidate_before, integer()}) -> boolean(). +%%-------------------------------------------------------------------- +-spec server_select_session(ssl_record:ssl_version(), inet:port_number(), binary(), map(), + binary(),db_handle(), atom()) -> {binary(), #session{} | undefined}. %% -%% Description: Check that the session has not expired +%% Description: Should be called by the server side to get an id +%% for the client hello message. %%-------------------------------------------------------------------- -valid_session(#session{time_stamp = TimeStamp}, {invalidate_before, Before}) -> - TimeStamp > Before; -valid_session(#session{time_stamp = TimeStamp}, LifeTime) -> - Now = erlang:monotonic_time(), - Lived = erlang:convert_time_unit(Now-TimeStamp, native, seconds), - Lived < LifeTime. - -server_id(Port, <<>>, _SslOpts, _Cert, _, _) -> +server_select_session({_, Minor}, Port, <<>>, _SslOpts, _Cert, _, _) when Minor >= 4 -> {ssl_manager:new_session_id(Port), undefined}; -server_id(Port, SuggestedId, Options, Cert, Cache, CacheCb) -> +server_select_session(_, Port, <<>>, _SslOpts, _Cert, _, _) -> + {ssl_manager:new_session_id(Port), undefined}; +server_select_session(_, Port, SuggestedId, Options, Cert, Cache, CacheCb) -> LifeTime = case application:get_env(ssl, session_lifetime) of {ok, Time} when is_integer(Time) -> Time; _ -> ?'24H_in_sec' @@ -96,11 +93,38 @@ server_id(Port, SuggestedId, Options, Cert, Cache, CacheCb) -> {ssl_manager:new_session_id(Port), undefined} end. +-spec valid_session(#session{}, seconds() | {invalidate_before, integer()}) -> boolean(). +%% +%% Description: Check that the session has not expired +%%-------------------------------------------------------------------- +valid_session(#session{time_stamp = TimeStamp}, {invalidate_before, Before}) -> + TimeStamp > Before; +valid_session(#session{time_stamp = TimeStamp}, LifeTime) -> + Now = erlang:monotonic_time(), + Lived = erlang:convert_time_unit(Now-TimeStamp, native, seconds), + Lived < LifeTime. %%-------------------------------------------------------------------- %%% Internal functions %%-------------------------------------------------------------------- + +do_client_select_session({Host, Port, #{reuse_session := SessionId}}, Cache, CacheCb, NewSession) when is_binary(SessionId)-> + case CacheCb:lookup(Cache, {{Host, Port}, SessionId}) of + undefined -> + NewSession#session{session_id = <<>>}; + #session{} = Session-> + Session + end; +do_client_select_session(ClientInfo, + Cache, CacheCb, #session{own_certificate = OwnCert} = NewSession) -> + case select_session(ClientInfo, Cache, CacheCb, OwnCert) of + no_session -> + NewSession#session{session_id = <<>>}; + Session -> + Session + end. + select_session({_, _, #{reuse_sessions := Reuse}}, _Cache, _CacheCb, _OwnCert) when Reuse =/= true -> - %% If reuse_sessions == true | save a new session should be created + %% If reuse_sessions == false | save a new session should be created no_session; select_session({HostIP, Port, SslOpts}, Cache, CacheCb, OwnCert) -> Sessions = CacheCb:select_session(Cache, {HostIP, Port}), @@ -117,7 +141,7 @@ select_session(Sessions, #{ciphers := Ciphers}, OwnCert) -> end, case lists:dropwhile(IsNotResumable, Sessions) of [] -> no_session; - [Session | _] -> Session#session.session_id + [Session | _] -> Session end. is_resumable(_, _, #{reuse_sessions := false}, _, _, _, _) -> @@ -154,3 +178,8 @@ reusable_options(#{fail_if_no_peer_cert := true, (Session#session.peer_certificate =/= undefined); reusable_options(_,_) -> true. + +record_cb(tls) -> + tls_record; +record_cb(dtls) -> + dtls_record. diff --git a/lib/ssl/src/tls_connection.erl b/lib/ssl/src/tls_connection.erl index cf104cd805..a61fe87b3c 100644 --- a/lib/ssl/src/tls_connection.erl +++ b/lib/ssl/src/tls_connection.erl @@ -544,12 +544,13 @@ init({call, From}, {start, Timeout}, connection_env = CEnv, ssl_options = #{log_level := LogLevel, versions := Versions} = SslOpts, - session = #session{own_certificate = Cert} = Session0, + session = NewSession, connection_states = ConnectionStates0 } = State0) -> KeyShare = maybe_generate_client_shares(SslOpts), + Session = ssl_session:client_select_session({Host, Port, SslOpts}, Cache, CacheCb, NewSession), Hello = tls_handshake:client_hello(Host, Port, ConnectionStates0, SslOpts, - Cache, CacheCb, Renegotiation, Cert, KeyShare), + Session#session.session_id, Renegotiation, Session#session.own_certificate, KeyShare), HelloVersion = tls_record:hello_version(Versions), Handshake0 = ssl_handshake:init_handshake_history(), @@ -561,8 +562,7 @@ init({call, From}, {start, Timeout}, State = State0#state{connection_states = ConnectionStates, connection_env = CEnv#connection_env{negotiated_version = HelloVersion}, %% Requested version - session = - Session0#session{session_id = Hello#client_hello.session_id}, + session = Session, handshake_env = HsEnv#handshake_env{tls_handshake_history = Handshake}, start_or_recv_from = From, key_share = KeyShare}, @@ -762,11 +762,12 @@ connection(internal, #hello_request{}, connection_states = ConnectionStates} = State0) -> try tls_sender:peer_renegotiate(Pid) of {ok, Write} -> + Session = ssl_session:client_select_session({Host, Port, SslOpts}, Cache, CacheCb, Session0), Hello = tls_handshake:client_hello(Host, Port, ConnectionStates, SslOpts, - Cache, CacheCb, Renegotiation, Cert, undefined), - {State, Actions} = send_handshake(Hello, State0#state{connection_states = ConnectionStates#{current_write => Write}}), - next_event(hello, no_record, State#state{session = Session0#session{session_id - = Hello#client_hello.session_id}}, Actions) + Session#session.session_id, Renegotiation, Cert, undefined), + {State, Actions} = send_handshake(Hello, State0#state{connection_states = ConnectionStates#{current_write => Write}, + session = Session}), + next_event(hello, no_record, State, Actions) catch _:_ -> {stop, {shutdown, sender_blocked}, State0} @@ -774,19 +775,16 @@ connection(internal, #hello_request{}, connection(internal, #hello_request{}, #state{static_env = #static_env{role = client, host = Host, - port = Port, - session_cache = Cache, - session_cache_cb = CacheCb}, + port = Port}, handshake_env = #handshake_env{renegotiation = {Renegotiation, _}}, - session = #session{own_certificate = Cert} = Session0, + session = #session{own_certificate = Cert}, ssl_options = SslOpts, connection_states = ConnectionStates} = State0) -> Hello = tls_handshake:client_hello(Host, Port, ConnectionStates, SslOpts, - Cache, CacheCb, Renegotiation, Cert, undefined), + <<>>, Renegotiation, Cert, undefined), {State, Actions} = send_handshake(Hello, State0), - next_event(hello, no_record, State#state{session = Session0#session{session_id - = Hello#client_hello.session_id}}, Actions); + next_event(hello, no_record, State, Actions); connection(internal, #client_hello{} = Hello, #state{static_env = #static_env{role = server}, handshake_env = #handshake_env{allow_renegotiate = true}= HsEnv, diff --git a/lib/ssl/src/tls_handshake.erl b/lib/ssl/src/tls_handshake.erl index 203f89a0b8..18a5afc4f7 100644 --- a/lib/ssl/src/tls_handshake.erl +++ b/lib/ssl/src/tls_handshake.erl @@ -36,7 +36,7 @@ -include_lib("kernel/include/logger.hrl"). %% Handshake handling --export([client_hello/9, hello/4]). +-export([client_hello/8, hello/4]). %% Handshake encoding -export([encode_handshake/2]). @@ -51,18 +51,18 @@ %%==================================================================== %%-------------------------------------------------------------------- -spec client_hello(ssl:host(), inet:port_number(), ssl_record:connection_states(), - ssl_options(), integer(), atom(), boolean(), der_cert(), + ssl_options(), binary(), boolean(), der_cert(), #key_share_client_hello{} | undefined) -> #client_hello{}. %% %% Description: Creates a client hello message. %%-------------------------------------------------------------------- -client_hello(Host, Port, ConnectionStates, +client_hello(_Host, _Port, ConnectionStates, #{versions := Versions, ciphers := UserSuites, fallback := Fallback } = SslOpts, - Cache, CacheCb, Renegotiation, OwnCert, KeyShare) -> + Id, Renegotiation, _OwnCert, KeyShare) -> Version = tls_record:highest_protocol_version(Versions), %% In TLS 1.3, the client indicates its version preferences in the @@ -85,7 +85,6 @@ client_hello(Host, Port, ConnectionStates, Renegotiation, KeyShare), CipherSuites = ssl_handshake:cipher_suites(AvailableCipherSuites, Renegotiation, Fallback), - Id = ssl_session:client_id({Host, Port, SslOpts}, Cache, CacheCb, OwnCert), #client_hello{session_id = Id, client_version = LegacyVersion, cipher_suites = CipherSuites, diff --git a/lib/ssl/src/tls_handshake_1_3.erl b/lib/ssl/src/tls_handshake_1_3.erl index 5f4c0b9a4a..0d84e1b743 100644 --- a/lib/ssl/src/tls_handshake_1_3.erl +++ b/lib/ssl/src/tls_handshake_1_3.erl @@ -595,9 +595,7 @@ do_start(#server_hello{cipher_suite = SelectedCipherSuite, host = Host, port = Port, transport_cb = Transport, - socket = Socket, - session_cache = Cache, - session_cache_cb = CacheCb}, + socket = Socket}, handshake_env = #handshake_env{renegotiation = {Renegotiation, _}, tls_handshake_history = _HHistory} = HsEnv, connection_env = CEnv, @@ -633,7 +631,7 @@ do_start(#server_hello{cipher_suite = SelectedCipherSuite, %% of the triggering HelloRetryRequest. ClientKeyShare = ssl_cipher:generate_client_shares([SelectedGroup]), Hello = tls_handshake:client_hello(Host, Port, ConnectionStates0, SslOpts, - Cache, CacheCb, Renegotiation, Cert, ClientKeyShare), + SessionId, Renegotiation, Cert, ClientKeyShare), HelloVersion = tls_record:hello_version(Versions), diff --git a/lib/ssl/test/ssl_session_cache_SUITE.erl b/lib/ssl/test/ssl_session_cache_SUITE.erl index 553c2d247b..f3b1c38d2e 100644 --- a/lib/ssl/test/ssl_session_cache_SUITE.erl +++ b/lib/ssl/test/ssl_session_cache_SUITE.erl @@ -225,15 +225,9 @@ session_cleanup(Config) when is_list(Config) -> %% Make sure session has expired and been cleaned up check_timer(SessionTimer), - ct:sleep(?DELAY *2), %% Delay time + some extra time - - {ServerDelayTimer, ClientDelayTimer} = get_delay_timers(), - - check_timer(ServerDelayTimer), - check_timer(ClientDelayTimer), - + ct:sleep(?SLEEP), %% Make sure clean has had time to run - + undefined = ssl_session_cache:lookup(ClientCache, {{Hostname, Port}, Id}), undefined = ssl_session_cache:lookup(ServerCache, {Port, Id}), @@ -524,24 +518,6 @@ check_timer(Timer) -> ct:sleep(Int), check_timer(Timer) end. - -get_delay_timers() -> - {status, _, _, StatusInfo} = sys:get_status(whereis(ssl_manager)), - [_, _,_, _, Prop] = StatusInfo, - State = ssl_test_lib:state(Prop), - case element(8, State) of - {undefined, undefined} -> - ct:sleep(?SLEEP), - get_delay_timers(); - {undefined, _} -> - ct:sleep(?SLEEP), - get_delay_timers(); - {_, undefined} -> - ct:sleep(?SLEEP), - get_delay_timers(); - DelayTimers -> - DelayTimers - end. wait_for_server() -> ct:sleep(100). |