File 0435-ssl-internal-doc-and-code-comments-for-PEM... of Package erlang

Overview Repositories Revisions Requests Users Attributes Meta

File 0435-ssl-internal-doc-and-code-comments-for-PEM-cert-cach.patch of Package erlang

From 53baff501d7fe39f9ab900be0419564ec40e6f36 Mon Sep 17 00:00:00 2001
From: Jakub Witczak <kuba@erlang.org>
Date: Fri, 29 Jul 2022 11:37:53 +0200
Subject: [PATCH 1/2] ssl: internal doc and code comments for PEM, cert cache

---
 lib/ssl/internal_doc/pem_and_cert_cache.md |  39 +++++++
 lib/ssl/src/ssl_manager.erl                |   2 +
 lib/ssl/src/ssl_pem_cache.erl              |   2 +
 lib/ssl/test/ssl_pem_cache_SUITE.erl       | 121 ++++++++++++++++++---
 4 files changed, 148 insertions(+), 16 deletions(-)
 create mode 100644 lib/ssl/internal_doc/pem_and_cert_cache.md

diff --git a/lib/ssl/internal_doc/pem_and_cert_cache.md b/lib/ssl/internal_doc/pem_and_cert_cache.md
new file mode 100644
index 0000000000..52fac1e6fe
--- /dev/null
+++ b/lib/ssl/internal_doc/pem_and_cert_cache.md
@@ -0,0 +1,39 @@
+# Notes on the PEM and cert caches
+## Data relations
+
+     |---------------|                 |------------------------|
+     | PemCache      |                 | CertDb                 |
+     |---------------|               * |------------------------|
+     | FilePath (PK) |           +---- | {Ref, SN, Issuer} (PK) |
+     | FileContent   |           |     | Cert (Subject)         |
+     |---------------|           |     |------------------------|
+        |0,1                     |
+        |            +-----------+
+        |0,1         |1
+     |-----------------|               |------------|
+     | FileMapDb       |               | RefDb      |
+     |-----------------|1           1  |------------|
+     | CaCertFile (PK) |---------------| Ref (PK)   |
+     | Ref (FK)        |               | Counter    |
+     |-----------------|               |------------|
+
+### PemCache
+1. stores a copy of file content in memory
+2. includes files from cacertfile, certfile, keyfile options
+3. content is added unless FileMapDb table contains entry with specified path
+
+### FileMapDb
+1. holds relation between specific path (PEM file with CA certificates) and a ref
+2. ref is generated when file from path is added for 1st time
+3. ref is used as path identifier in CertDb and RefDb tables
+
+### RefDb
+1. holds an active connections counter for a specific ref
+2. when counter reaches zero - related data in CertDb, FileMapDb, RefDb is deleted
+
+### CertDb
+1. holds decoded CA ceritificates (only those taken from cacertfile option)
+2. used for building certificate chains
+3. it is an ETS set table - when iterating in search of Issuer certificate,
+   processing order is not guaranted
+4. Table key is: {Ref, SerialNumber, Issuer}
diff --git a/lib/ssl/src/ssl_manager.erl b/lib/ssl/src/ssl_manager.erl
index a4fb07c795..5071bcadff 100644
--- a/lib/ssl/src/ssl_manager.erl
+++ b/lib/ssl/src/ssl_manager.erl
@@ -20,6 +20,8 @@
 
 %%----------------------------------------------------------------------
 %% Purpose: Manages ssl sessions and trusted certifacates
+%% (Note: See the document internal_doc/pem_and_cert_cache.md additional
+%% information)
 %%----------------------------------------------------------------------
 
 -module(ssl_manager).
diff --git a/lib/ssl/src/ssl_pem_cache.erl b/lib/ssl/src/ssl_pem_cache.erl
index 2c24351714..2c3d65c0a1 100644
--- a/lib/ssl/src/ssl_pem_cache.erl
+++ b/lib/ssl/src/ssl_pem_cache.erl
@@ -20,6 +20,8 @@
 
 %%----------------------------------------------------------------------
 %% Purpose: Manages ssl sessions and trusted certifacates
+%% (Note: See the document internal_doc/pem_and_cert_cache.md additional
+%% information)
 %%----------------------------------------------------------------------
 
 -module(ssl_pem_cache).
-- 
2.35.3

Places

File 0435-ssl-internal-doc-and-code-comments-for-PEM-cert-cach.patch of Package erlang

Places