diff options
| author | Ingela Anderton Andin <ingela@erlang.org> | 2020-02-12 14:50:52 +0100 |
|---|---|---|
| committer | Péter Dimitrov <peterdmv@erlang.org> | 2020-02-24 09:58:53 +0100 |
| commit | 6aebaa11abb36a09f2b800c59b35ed59cff333b0 (patch) | |
| tree | e335332fa47155b2c2f8403b8120f46914bd8430 /lib/ssl/src/ssl_connection.erl | |
| parent | 60d3c955652cbd44e9d1e300b4834e16db565ce1 (diff) | |
| download | erlang-6aebaa11abb36a09f2b800c59b35ed59cff333b0.tar.gz | |
ssl: Invalidate session on abrupt close during initial handshake
Diffstat (limited to 'lib/ssl/src/ssl_connection.erl')
| -rw-r--r-- | lib/ssl/src/ssl_connection.erl | 29 |
1 files changed, 25 insertions, 4 deletions
diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl index 955841a7a4..6630e417f9 100644 --- a/lib/ssl/src/ssl_connection.erl +++ b/lib/ssl/src/ssl_connection.erl @@ -53,7 +53,8 @@ %% Alert and close handling -export([handle_own_alert/4, handle_alert/3, handle_normal_shutdown/3, - handle_trusted_certs_db/1]). + handle_trusted_certs_db/1, + maybe_invalidate_session/6]). %% Data handling -export([read_application_data/2, internal_renegotiation/2]). @@ -325,6 +326,7 @@ dist_handshake_complete(ConnectionPid, DHandle) -> prf(ConnectionPid, Secret, Label, Seed, WantedLength) -> call(ConnectionPid, {prf, Secret, Label, Seed, WantedLength}). + %%==================================================================== %% Alert and close handling %%==================================================================== @@ -442,6 +444,13 @@ handle_alert(#alert{level = ?WARNING} = Alert, StateName, Alert#alert{role = opposite_role(Role)}), Connection:next_event(StateName, no_record, State). +maybe_invalidate_session(undefined,_, _, _, _, _) -> + ok; +maybe_invalidate_session({3, 4},_, _, _, _, _) -> + ok; +maybe_invalidate_session({3, N}, Type, Role, Host, Port, Session) when N < 4 -> + maybe_invalidate_session(Type, Role, Host, Port, Session). + %%==================================================================== %% Data handling %%==================================================================== @@ -1492,16 +1501,23 @@ handle_call(_,_,_,_,_) -> handle_info({ErrorTag, Socket, econnaborted}, StateName, #state{static_env = #static_env{role = Role, + host = Host, + port = Port, socket = Socket, transport_cb = Transport, error_tag = ErrorTag, trackers = Trackers, protocol_cb = Connection}, - start_or_recv_from = StartFrom - } = State) when StateName =/= connection -> + handshake_env = #handshake_env{renegotiation = Type}, + connection_env = #connection_env{negotiated_version = Version}, + session = Session, + start_or_recv_from = StartFrom + } = State) when StateName =/= connection -> + + maybe_invalidate_session(Version, Type, Role, Host, Port, Session), Pids = Connection:pids(State), alert_user(Pids, Transport, Trackers,Socket, - StartFrom, ?ALERT_REC(?FATAL, ?CLOSE_NOTIFY), Role, StateName, Connection), + StartFrom, ?ALERT_REC(?FATAL, ?CLOSE_NOTIFY), Role, StateName, Connection), {stop, {shutdown, normal}, State}; handle_info({ErrorTag, Socket, Reason}, StateName, #state{static_env = #static_env{ @@ -3009,6 +3025,11 @@ log_alert(Level, Role, ProtocolName, StateName, Alert) -> alert => Alert, alerter => peer}, Alert#alert.where). +maybe_invalidate_session({false, first}, server = Role, Host, Port, Session) -> + invalidate_session(Role, Host, Port, Session); +maybe_invalidate_session(_, _, _, _, _) -> + ok. + invalidate_session(client, Host, Port, Session) -> ssl_manager:invalidate_session(Host, Port, Session); invalidate_session(server, _, Port, Session) -> |