diff options
| author | Ingela Anderton Andin <ingela@erlang.org> | 2019-09-23 12:35:14 +0200 |
|---|---|---|
| committer | Ingela Anderton Andin <ingela@erlang.org> | 2019-09-23 12:35:14 +0200 |
| commit | caa469e0f817be0283a5211bdf7c2a87c9a325c8 (patch) | |
| tree | aed10c3d532421bfc90ed6f9d803ed83c9cc5c41 | |
| parent | 70a3e70ce4fec9e5d79929aa28aecf4a81980322 (diff) | |
| parent | 34f226c6d7b3866444fcb5f6a0819af6c55f6224 (diff) | |
| download | erlang-caa469e0f817be0283a5211bdf7c2a87c9a325c8.tar.gz | |
Merge branch 'maint'
| -rw-r--r-- | lib/ssl/src/dtls_connection.erl | 32 | ||||
| -rw-r--r-- | lib/ssl/src/dtls_handshake.erl | 16 | ||||
| -rw-r--r-- | lib/ssl/src/ssl_handshake.erl | 6 | ||||
| -rw-r--r-- | lib/ssl/src/ssl_manager.erl | 42 | ||||
| -rw-r--r-- | lib/ssl/src/ssl_session.erl | 89 | ||||
| -rw-r--r-- | lib/ssl/src/tls_connection.erl | 28 | ||||
| -rw-r--r-- | lib/ssl/src/tls_handshake.erl | 9 | ||||
| -rw-r--r-- | lib/ssl/src/tls_handshake_1_3.erl | 6 | ||||
| -rw-r--r-- | lib/ssl/test/ssl_session_cache_SUITE.erl | 28 |
9 files changed, 106 insertions, 150 deletions
diff --git a/lib/ssl/src/dtls_connection.erl b/lib/ssl/src/dtls_connection.erl index f8fd42e36d..50fd5d9a62 100644 --- a/lib/ssl/src/dtls_connection.erl +++ b/lib/ssl/src/dtls_connection.erl @@ -441,19 +441,19 @@ init({call, From}, {start, Timeout}, handshake_env = #handshake_env{renegotiation = {Renegotiation, _}}, connection_env = CEnv, ssl_options = #{versions := Versions} = SslOpts, - session = #session{own_certificate = Cert} = Session0, + session = #session{own_certificate = Cert} = NewSession, connection_states = ConnectionStates0 } = State0) -> + Session = ssl_session:client_select_session({Host, Port, SslOpts}, Cache, CacheCb, NewSession), Hello = dtls_handshake:client_hello(Host, Port, ConnectionStates0, SslOpts, - Cache, CacheCb, Renegotiation, Cert), + Session#session.session_id, Renegotiation, Cert), Version = Hello#client_hello.client_version, HelloVersion = dtls_record:hello_version(Version, Versions), State1 = prepare_flight(State0#state{connection_env = CEnv#connection_env{negotiated_version = Version}}), {State2, Actions} = send_handshake(Hello, State1#state{connection_env = CEnv#connection_env{negotiated_version = HelloVersion}}), State = State2#state{connection_env = CEnv#connection_env{negotiated_version = Version}, %% RequestedVersion - session = - Session0#session{session_id = Hello#client_hello.session_id}, + session = Session, start_or_recv_from = From}, next_event(hello, no_record, State, [{{timeout, handshake}, Timeout, close} | Actions]); init({call, _} = Type, Event, #state{static_env = #static_env{role = server}, @@ -521,30 +521,24 @@ hello(internal, #client_hello{cookie = <<>>, Actions); hello(internal, #hello_verify_request{cookie = Cookie}, #state{static_env = #static_env{role = client, host = Host, - port = Port, - session_cache = Cache, - session_cache_cb = CacheCb}, + port = Port}, handshake_env = #handshake_env{renegotiation = {Renegotiation, _}} = HsEnv, connection_env = CEnv, ssl_options = SslOpts, - session = #session{own_certificate = OwnCert} - = Session0, + session = #session{own_certificate = Cert, session_id = Id}, connection_states = ConnectionStates0 } = State0) -> Hello = dtls_handshake:client_hello(Host, Port, Cookie, ConnectionStates0, - SslOpts, - Cache, CacheCb, Renegotiation, OwnCert), + SslOpts, Id, Renegotiation, Cert), Version = Hello#client_hello.client_version, State1 = prepare_flight(State0#state{handshake_env = HsEnv#handshake_env{tls_handshake_history = ssl_handshake:init_handshake_history()}}), {State2, Actions} = send_handshake(Hello, State1), - State = State2#state{connection_env = CEnv#connection_env{negotiated_version = Version}, %% Requested version - session = - Session0#session{session_id = - Hello#client_hello.session_id}}, + State = State2#state{connection_env = CEnv#connection_env{negotiated_version = Version} % RequestedVersion + }, next_event(?FUNCTION_NAME, no_record, State, Actions); hello(internal, #client_hello{extensions = Extensions} = Hello, #state{ssl_options = #{handshake := hello}, @@ -702,7 +696,7 @@ connection(internal, #hello_request{}, #state{static_env = #static_env{host = Ho session_cache = Cache, session_cache_cb = CacheCb }, - handshake_env = #handshake_env{ renegotiation = {Renegotiation, _}}, + handshake_env = #handshake_env{renegotiation = {Renegotiation, _}}, connection_env = CEnv, session = #session{own_certificate = Cert} = Session0, ssl_options = #{versions := Versions} = SslOpts, @@ -710,15 +704,15 @@ connection(internal, #hello_request{}, #state{static_env = #static_env{host = Ho protocol_specific = PS } = State0) -> + Session = ssl_session:client_select_session({Host, Port, SslOpts}, Cache, CacheCb, Session0), Hello = dtls_handshake:client_hello(Host, Port, ConnectionStates0, SslOpts, - Cache, CacheCb, Renegotiation, Cert), + Session#session.session_id, Renegotiation, Cert), Version = Hello#client_hello.client_version, HelloVersion = dtls_record:hello_version(Version, Versions), State1 = prepare_flight(State0), {State2, Actions} = send_handshake(Hello, State1#state{connection_env = CEnv#connection_env{negotiated_version = HelloVersion}}), State = State2#state{protocol_specific = PS#{flight_state => initial_flight_state(DataTag)}, - session = Session0#session{session_id - = Hello#client_hello.session_id}}, + session = Session}, next_event(hello, no_record, State, Actions); connection(internal, #client_hello{} = Hello, #state{static_env = #static_env{role = server}, handshake_env = #handshake_env{allow_renegotiate = true} = HsEnv} = State) -> diff --git a/lib/ssl/src/dtls_handshake.erl b/lib/ssl/src/dtls_handshake.erl index b2a5fcfa66..8be14816ad 100644 --- a/lib/ssl/src/dtls_handshake.erl +++ b/lib/ssl/src/dtls_handshake.erl @@ -30,7 +30,7 @@ -include("ssl_alert.hrl"). %% Handshake handling --export([client_hello/8, client_hello/9, cookie/4, hello/4, +-export([client_hello/7, client_hello/8, cookie/4, hello/4, hello_verify_request/2]). %% Handshake encoding @@ -47,29 +47,29 @@ %%==================================================================== %%-------------------------------------------------------------------- -spec client_hello(ssl:host(), inet:port_number(), ssl_record:connection_states(), - ssl_options(), integer(), atom(), boolean(), der_cert()) -> + ssl_options(), binary(), boolean(), der_cert()) -> #client_hello{}. %% %% Description: Creates a client hello message. %%-------------------------------------------------------------------- client_hello(Host, Port, ConnectionStates, SslOpts, - Cache, CacheCb, Renegotiation, OwnCert) -> + Id, Renegotiation, OwnCert) -> %% First client hello (two sent in DTLS ) uses empty Cookie client_hello(Host, Port, <<>>, ConnectionStates, SslOpts, - Cache, CacheCb, Renegotiation, OwnCert). + Id, Renegotiation, OwnCert). %%-------------------------------------------------------------------- -spec client_hello(ssl:host(), inet:port_number(), term(), ssl_record:connection_states(), - ssl_options(), integer(), atom(), boolean(), der_cert()) -> + ssl_options(), binary(),boolean(), der_cert()) -> #client_hello{}. %% %% Description: Creates a client hello message. %%-------------------------------------------------------------------- -client_hello(Host, Port, Cookie, ConnectionStates, +client_hello(_Host, _Port, Cookie, ConnectionStates, #{versions := Versions, ciphers := UserSuites, fallback := Fallback} = SslOpts, - Cache, CacheCb, Renegotiation, OwnCert) -> + Id, Renegotiation, _OwnCert) -> Version = dtls_record:highest_protocol_version(Versions), Pending = ssl_record:pending_connection_state(ConnectionStates, read), SecParams = maps:get(security_parameters, Pending), @@ -79,8 +79,6 @@ client_hello(Host, Port, Cookie, ConnectionStates, Extensions = ssl_handshake:client_hello_extensions(TLSVersion, CipherSuites, SslOpts, ConnectionStates, Renegotiation, undefined), - Id = ssl_session:client_id({Host, Port, SslOpts}, Cache, CacheCb, OwnCert), - #client_hello{session_id = Id, client_version = Version, cipher_suites = diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl index a407694617..541f32c4dd 100644 --- a/lib/ssl/src/ssl_handshake.erl +++ b/lib/ssl/src/ssl_handshake.erl @@ -952,9 +952,9 @@ select_session(SuggestedSessionId, CipherSuites, HashSigns, Compressions, Port, Session, Version, #{ciphers := UserSuites, honor_cipher_order := HonorCipherOrder} = SslOpts, Cache, CacheCb, Cert) -> - {SessionId, Resumed} = ssl_session:server_id(Port, SuggestedSessionId, - SslOpts, Cert, - Cache, CacheCb), + {SessionId, Resumed} = ssl_session:server_select_session(Version, Port, SuggestedSessionId, + SslOpts, Cert, + Cache, CacheCb), case Resumed of undefined -> Suites = available_suites(Cert, UserSuites, Version, HashSigns, ECCCurve0), diff --git a/lib/ssl/src/ssl_manager.erl b/lib/ssl/src/ssl_manager.erl index 456a560bf6..fd842fcec4 100644 --- a/lib/ssl/src/ssl_manager.erl +++ b/lib/ssl/src/ssl_manager.erl @@ -53,7 +53,6 @@ session_lifetime :: integer(), certificate_db :: db_handle(), session_validation_timer :: reference(), - last_delay_timer = {undefined, undefined},%% Keep for testing purposes session_cache_client_max :: integer(), session_cache_server_max :: integer(), session_server_invalidator :: undefined | pid(), @@ -375,12 +374,6 @@ handle_info(validate_sessions, #state{session_cache_cb = CacheCb, session_client_invalidator = CPid, session_server_invalidator = SPid}}; - -handle_info({delayed_clean_session, Key, Cache}, #state{session_cache_cb = CacheCb - } = State) -> - CacheCb:delete(Cache, Key), - {noreply, State}; - handle_info({clean_cert_db, Ref, File}, #state{certificate_db = [CertDb, {RefDb, FileMapDb} | _]} = State) -> @@ -470,14 +463,6 @@ session_validation({{Port, _}, Session}, LifeTime) -> validate_session(Port, Session, LifeTime), LifeTime. -delay_time() -> - case application:get_env(ssl, session_delay_cleanup_time) of - {ok, Time} when is_integer(Time) -> - Time; - _ -> - ?CLEAN_SESSION_DB - end. - max_session_cache_size(CacheType) -> case application:get_env(ssl, CacheType) of {ok, Size} when is_integer(Size) -> @@ -486,36 +471,15 @@ max_session_cache_size(CacheType) -> ?DEFAULT_MAX_SESSION_CACHE end. -invalidate_session(Cache, CacheCb, Key, Session, State) -> +invalidate_session(Cache, CacheCb, Key, _Session, State) -> case CacheCb:lookup(Cache, Key) of undefined -> %% Session is already invalidated {noreply, State}; - #session{is_resumable = new} -> + #session{} -> CacheCb:delete(Cache, Key), - {noreply, State}; - _ -> - delayed_invalidate_session(CacheCb, Cache, Key, Session, State) + {noreply, State} end. -delayed_invalidate_session(CacheCb, Cache, Key, Session, - #state{last_delay_timer = LastTimer} = State) -> - %% When a registered session is invalidated we need to - %% wait a while before deleting it as there might be - %% pending connections that rightfully needs to look up - %% the session data but new connections should not get to - %% use this session. - CacheCb:update(Cache, Key, Session#session{is_resumable = false}), - TRef = - erlang:send_after(delay_time(), self(), - {delayed_clean_session, Key, Cache}), - {noreply, State#state{last_delay_timer = - last_delay_timer(Key, TRef, LastTimer)}}. - -last_delay_timer({{_,_},_}, TRef, {LastServer, _}) -> - {LastServer, TRef}; -last_delay_timer({_,_}, TRef, {_, LastClient}) -> - {TRef, LastClient}. - %% If we cannot generate a not allready in use session ID in %% ?GEN_UNIQUE_ID_MAX_TRIES we make the new session uncacheable The %% value of ?GEN_UNIQUE_ID_MAX_TRIES is stolen from open SSL which diff --git a/lib/ssl/src/ssl_session.erl b/lib/ssl/src/ssl_session.erl index fd012acd5e..b6651b4d54 100644 --- a/lib/ssl/src/ssl_session.erl +++ b/lib/ssl/src/ssl_session.erl @@ -30,7 +30,7 @@ -include("ssl_api.hrl"). %% Internal application API --export([is_new/2, client_id/4, server_id/6, valid_session/2]). +-export([is_new/2, client_select_session/4, server_select_session/7, valid_session/2]). -type seconds() :: integer(). @@ -48,41 +48,38 @@ is_new(_ClientSuggestion, _ServerDecision) -> true. %%-------------------------------------------------------------------- --spec client_id({ssl:host(), inet:port_number(), ssl_options()}, db_handle(), atom(), - undefined | binary()) -> binary(). +-spec client_select_session({ssl:host(), inet:port_number(), map()}, db_handle(), atom(), + #session{}) -> #session{}. %% %% Description: Should be called by the client side to get an id %% for the client hello message. %%-------------------------------------------------------------------- -client_id({Host, Port, #{reuse_session := SessionId}}, Cache, CacheCb, _) when is_binary(SessionId)-> - case CacheCb:lookup(Cache, {{Host, Port}, SessionId}) of - undefined -> - <<>>; - #session{} -> - SessionId - end; -client_id(ClientInfo, Cache, CacheCb, OwnCert) -> - case select_session(ClientInfo, Cache, CacheCb, OwnCert) of - no_session -> - <<>>; - SessionId -> - SessionId - end. +client_select_session({Host, Port, #{versions := Versions, + protocol := Protocol}} = ClientInfo, + Cache, CacheCb, NewSession) -> + + RecordCb = record_cb(Protocol), + Version = RecordCb:lowest_protocol_version(Versions), + + case Version of + {3, N} when N >= 4 -> + NewSession#session{session_id = crypto:strong_rand_bytes(32)}; + _ -> + do_client_select_session(ClientInfo, Cache, CacheCb, NewSession) + end. --spec valid_session(#session{}, seconds() | {invalidate_before, integer()}) -> boolean(). +%%-------------------------------------------------------------------- +-spec server_select_session(ssl_record:ssl_version(), inet:port_number(), binary(), map(), + binary(),db_handle(), atom()) -> {binary(), #session{} | undefined}. %% -%% Description: Check that the session has not expired +%% Description: Should be called by the server side to get an id +%% for the client hello message. %%-------------------------------------------------------------------- -valid_session(#session{time_stamp = TimeStamp}, {invalidate_before, Before}) -> - TimeStamp > Before; -valid_session(#session{time_stamp = TimeStamp}, LifeTime) -> - Now = erlang:monotonic_time(), - Lived = erlang:convert_time_unit(Now-TimeStamp, native, seconds), - Lived < LifeTime. - -server_id(Port, <<>>, _SslOpts, _Cert, _, _) -> +server_select_session({_, Minor}, Port, <<>>, _SslOpts, _Cert, _, _) when Minor >= 4 -> {ssl_manager:new_session_id(Port), undefined}; -server_id(Port, SuggestedId, Options, Cert, Cache, CacheCb) -> +server_select_session(_, Port, <<>>, _SslOpts, _Cert, _, _) -> + {ssl_manager:new_session_id(Port), undefined}; +server_select_session(_, Port, SuggestedId, Options, Cert, Cache, CacheCb) -> LifeTime = case application:get_env(ssl, session_lifetime) of {ok, Time} when is_integer(Time) -> Time; _ -> ?'24H_in_sec' @@ -96,11 +93,38 @@ server_id(Port, SuggestedId, Options, Cert, Cache, CacheCb) -> {ssl_manager:new_session_id(Port), undefined} end. +-spec valid_session(#session{}, seconds() | {invalidate_before, integer()}) -> boolean(). +%% +%% Description: Check that the session has not expired +%%-------------------------------------------------------------------- +valid_session(#session{time_stamp = TimeStamp}, {invalidate_before, Before}) -> + TimeStamp > Before; +valid_session(#session{time_stamp = TimeStamp}, LifeTime) -> + Now = erlang:monotonic_time(), + Lived = erlang:convert_time_unit(Now-TimeStamp, native, seconds), + Lived < LifeTime. %%-------------------------------------------------------------------- %%% Internal functions %%-------------------------------------------------------------------- + +do_client_select_session({Host, Port, #{reuse_session := SessionId}}, Cache, CacheCb, NewSession) when is_binary(SessionId)-> + case CacheCb:lookup(Cache, {{Host, Port}, SessionId}) of + undefined -> + NewSession#session{session_id = <<>>}; + #session{} = Session-> + Session + end; +do_client_select_session(ClientInfo, + Cache, CacheCb, #session{own_certificate = OwnCert} = NewSession) -> + case select_session(ClientInfo, Cache, CacheCb, OwnCert) of + no_session -> + NewSession#session{session_id = <<>>}; + Session -> + Session + end. + select_session({_, _, #{reuse_sessions := Reuse}}, _Cache, _CacheCb, _OwnCert) when Reuse =/= true -> - %% If reuse_sessions == true | save a new session should be created + %% If reuse_sessions == false | save a new session should be created no_session; select_session({HostIP, Port, SslOpts}, Cache, CacheCb, OwnCert) -> Sessions = CacheCb:select_session(Cache, {HostIP, Port}), @@ -117,7 +141,7 @@ select_session(Sessions, #{ciphers := Ciphers}, OwnCert) -> end, case lists:dropwhile(IsNotResumable, Sessions) of [] -> no_session; - [Session | _] -> Session#session.session_id + [Session | _] -> Session end. is_resumable(_, _, #{reuse_sessions := false}, _, _, _, _) -> @@ -154,3 +178,8 @@ reusable_options(#{fail_if_no_peer_cert := true, (Session#session.peer_certificate =/= undefined); reusable_options(_,_) -> true. + +record_cb(tls) -> + tls_record; +record_cb(dtls) -> + dtls_record. diff --git a/lib/ssl/src/tls_connection.erl b/lib/ssl/src/tls_connection.erl index cf104cd805..a61fe87b3c 100644 --- a/lib/ssl/src/tls_connection.erl +++ b/lib/ssl/src/tls_connection.erl @@ -544,12 +544,13 @@ init({call, From}, {start, Timeout}, connection_env = CEnv, ssl_options = #{log_level := LogLevel, versions := Versions} = SslOpts, - session = #session{own_certificate = Cert} = Session0, + session = NewSession, connection_states = ConnectionStates0 } = State0) -> KeyShare = maybe_generate_client_shares(SslOpts), + Session = ssl_session:client_select_session({Host, Port, SslOpts}, Cache, CacheCb, NewSession), Hello = tls_handshake:client_hello(Host, Port, ConnectionStates0, SslOpts, - Cache, CacheCb, Renegotiation, Cert, KeyShare), + Session#session.session_id, Renegotiation, Session#session.own_certificate, KeyShare), HelloVersion = tls_record:hello_version(Versions), Handshake0 = ssl_handshake:init_handshake_history(), @@ -561,8 +562,7 @@ init({call, From}, {start, Timeout}, State = State0#state{connection_states = ConnectionStates, connection_env = CEnv#connection_env{negotiated_version = HelloVersion}, %% Requested version - session = - Session0#session{session_id = Hello#client_hello.session_id}, + session = Session, handshake_env = HsEnv#handshake_env{tls_handshake_history = Handshake}, start_or_recv_from = From, key_share = KeyShare}, @@ -762,11 +762,12 @@ connection(internal, #hello_request{}, connection_states = ConnectionStates} = State0) -> try tls_sender:peer_renegotiate(Pid) of {ok, Write} -> + Session = ssl_session:client_select_session({Host, Port, SslOpts}, Cache, CacheCb, Session0), Hello = tls_handshake:client_hello(Host, Port, ConnectionStates, SslOpts, - Cache, CacheCb, Renegotiation, Cert, undefined), - {State, Actions} = send_handshake(Hello, State0#state{connection_states = ConnectionStates#{current_write => Write}}), - next_event(hello, no_record, State#state{session = Session0#session{session_id - = Hello#client_hello.session_id}}, Actions) + Session#session.session_id, Renegotiation, Cert, undefined), + {State, Actions} = send_handshake(Hello, State0#state{connection_states = ConnectionStates#{current_write => Write}, + session = Session}), + next_event(hello, no_record, State, Actions) catch _:_ -> {stop, {shutdown, sender_blocked}, State0} @@ -774,19 +775,16 @@ connection(internal, #hello_request{}, connection(internal, #hello_request{}, #state{static_env = #static_env{role = client, host = Host, - port = Port, - session_cache = Cache, - session_cache_cb = CacheCb}, + port = Port}, handshake_env = #handshake_env{renegotiation = {Renegotiation, _}}, - session = #session{own_certificate = Cert} = Session0, + session = #session{own_certificate = Cert}, ssl_options = SslOpts, connection_states = ConnectionStates} = State0) -> Hello = tls_handshake:client_hello(Host, Port, ConnectionStates, SslOpts, - Cache, CacheCb, Renegotiation, Cert, undefined), + <<>>, Renegotiation, Cert, undefined), {State, Actions} = send_handshake(Hello, State0), - next_event(hello, no_record, State#state{session = Session0#session{session_id - = Hello#client_hello.session_id}}, Actions); + next_event(hello, no_record, State, Actions); connection(internal, #client_hello{} = Hello, #state{static_env = #static_env{role = server}, handshake_env = #handshake_env{allow_renegotiate = true}= HsEnv, diff --git a/lib/ssl/src/tls_handshake.erl b/lib/ssl/src/tls_handshake.erl index 203f89a0b8..18a5afc4f7 100644 --- a/lib/ssl/src/tls_handshake.erl +++ b/lib/ssl/src/tls_handshake.erl @@ -36,7 +36,7 @@ -include_lib("kernel/include/logger.hrl"). %% Handshake handling --export([client_hello/9, hello/4]). +-export([client_hello/8, hello/4]). %% Handshake encoding -export([encode_handshake/2]). @@ -51,18 +51,18 @@ %%==================================================================== %%-------------------------------------------------------------------- -spec client_hello(ssl:host(), inet:port_number(), ssl_record:connection_states(), - ssl_options(), integer(), atom(), boolean(), der_cert(), + ssl_options(), binary(), boolean(), der_cert(), #key_share_client_hello{} | undefined) -> #client_hello{}. %% %% Description: Creates a client hello message. %%-------------------------------------------------------------------- -client_hello(Host, Port, ConnectionStates, +client_hello(_Host, _Port, ConnectionStates, #{versions := Versions, ciphers := UserSuites, fallback := Fallback } = SslOpts, - Cache, CacheCb, Renegotiation, OwnCert, KeyShare) -> + Id, Renegotiation, _OwnCert, KeyShare) -> Version = tls_record:highest_protocol_version(Versions), %% In TLS 1.3, the client indicates its version preferences in the @@ -85,7 +85,6 @@ client_hello(Host, Port, ConnectionStates, Renegotiation, KeyShare), CipherSuites = ssl_handshake:cipher_suites(AvailableCipherSuites, Renegotiation, Fallback), - Id = ssl_session:client_id({Host, Port, SslOpts}, Cache, CacheCb, OwnCert), #client_hello{session_id = Id, client_version = LegacyVersion, cipher_suites = CipherSuites, diff --git a/lib/ssl/src/tls_handshake_1_3.erl b/lib/ssl/src/tls_handshake_1_3.erl index 5f4c0b9a4a..0d84e1b743 100644 --- a/lib/ssl/src/tls_handshake_1_3.erl +++ b/lib/ssl/src/tls_handshake_1_3.erl @@ -595,9 +595,7 @@ do_start(#server_hello{cipher_suite = SelectedCipherSuite, host = Host, port = Port, transport_cb = Transport, - socket = Socket, - session_cache = Cache, - session_cache_cb = CacheCb}, + socket = Socket}, handshake_env = #handshake_env{renegotiation = {Renegotiation, _}, tls_handshake_history = _HHistory} = HsEnv, connection_env = CEnv, @@ -633,7 +631,7 @@ do_start(#server_hello{cipher_suite = SelectedCipherSuite, %% of the triggering HelloRetryRequest. ClientKeyShare = ssl_cipher:generate_client_shares([SelectedGroup]), Hello = tls_handshake:client_hello(Host, Port, ConnectionStates0, SslOpts, - Cache, CacheCb, Renegotiation, Cert, ClientKeyShare), + SessionId, Renegotiation, Cert, ClientKeyShare), HelloVersion = tls_record:hello_version(Versions), diff --git a/lib/ssl/test/ssl_session_cache_SUITE.erl b/lib/ssl/test/ssl_session_cache_SUITE.erl index 553c2d247b..f3b1c38d2e 100644 --- a/lib/ssl/test/ssl_session_cache_SUITE.erl +++ b/lib/ssl/test/ssl_session_cache_SUITE.erl @@ -225,15 +225,9 @@ session_cleanup(Config) when is_list(Config) -> %% Make sure session has expired and been cleaned up check_timer(SessionTimer), - ct:sleep(?DELAY *2), %% Delay time + some extra time - - {ServerDelayTimer, ClientDelayTimer} = get_delay_timers(), - - check_timer(ServerDelayTimer), - check_timer(ClientDelayTimer), - + ct:sleep(?SLEEP), %% Make sure clean has had time to run - + undefined = ssl_session_cache:lookup(ClientCache, {{Hostname, Port}, Id}), undefined = ssl_session_cache:lookup(ServerCache, {Port, Id}), @@ -524,24 +518,6 @@ check_timer(Timer) -> ct:sleep(Int), check_timer(Timer) end. - -get_delay_timers() -> - {status, _, _, StatusInfo} = sys:get_status(whereis(ssl_manager)), - [_, _,_, _, Prop] = StatusInfo, - State = ssl_test_lib:state(Prop), - case element(8, State) of - {undefined, undefined} -> - ct:sleep(?SLEEP), - get_delay_timers(); - {undefined, _} -> - ct:sleep(?SLEEP), - get_delay_timers(); - {_, undefined} -> - ct:sleep(?SLEEP), - get_delay_timers(); - DelayTimers -> - DelayTimers - end. wait_for_server() -> ct:sleep(100). |