From d5aedaac7daa9237f3af71f3fe6532feac7c829d Mon Sep 17 00:00:00 2001 From: Andrew Mayorov Date: Tue, 6 Jun 2023 11:21:03 +0300 Subject: [PATCH] fix(tlslib): append random suffix to managed certfiles In order to lessen the chance of ambiguity in determining collectable certfiles during GC. --- apps/emqx/src/emqx_tls_lib.erl | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/apps/emqx/src/emqx_tls_lib.erl b/apps/emqx/src/emqx_tls_lib.erl index 157040c30..3540bddd5 100644 --- a/apps/emqx/src/emqx_tls_lib.erl +++ b/apps/emqx/src/emqx_tls_lib.erl @@ -389,7 +389,7 @@ is_pem(MaybePem) -> %% Also a potentially half-written PEM file (e.g. due to power outage) %% can be corrected with an overwrite. save_pem_file(Dir, KeyPath, Pem, DryRun) -> - Path = pem_file_name(Dir, KeyPath, Pem), + Path = pem_file_name(Dir, KeyPath), case filelib:ensure_dir(Path) of ok when DryRun -> {ok, Path}; @@ -412,9 +412,8 @@ is_managed_ssl_file(Filename) -> _ -> false end. -pem_file_name(Dir, KeyPath, Pem) -> - <> = crypto:hash(md5, Pem), - Suffix = binary:encode_hex(CK), +pem_file_name(Dir, KeyPath) -> + Suffix = binary:encode_hex(crypto:strong_rand_bytes(8)), Segments = lists:map(fun ensure_bin/1, KeyPath), Filename0 = iolist_to_binary(lists:join(<<"_">>, Segments)), Filename1 = binary:replace(Filename0, <<"file">>, <<>>),