yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix(tlslib): append random suffix to managed certfiles 

In order to lessen the chance of ambiguity in determining collectable
certfiles during GC.
This commit is contained in:
Andrew Mayorov 2023-06-06 11:21:03 +03:00
parent 750b7158d4
commit d5aedaac7d
No known key found for this signature in database
GPG Key ID: 2837C62ACFBFED5D
1 changed files with 3 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
apps/emqx/src/emqx_tls_lib.erl
View File

@ -389,7 +389,7 @@ is_pem(MaybePem) ->
%% Also a potentially half-written PEM file (e.g. due to power outage) %% Also a potentially half-written PEM file (e.g. due to power outage)
%% can be corrected with an overwrite. %% can be corrected with an overwrite.
save_pem_file(Dir, KeyPath, Pem, DryRun) -> save_pem_file(Dir, KeyPath, Pem, DryRun) ->
Path = pem_file_name(Dir, KeyPath, Pem), Path = pem_file_name(Dir, KeyPath),
case filelib:ensure_dir(Path) of case filelib:ensure_dir(Path) of
ok when DryRun -> ok when DryRun ->
{ok, Path}; {ok, Path};
@ -412,9 +412,8 @@ is_managed_ssl_file(Filename) ->
_ -> false _ -> false
end. end.
pem_file_name(Dir, KeyPath, Pem) -> pem_file_name(Dir, KeyPath) ->
<<CK:8/binary, _/binary>> = crypto:hash(md5, Pem), Suffix = binary:encode_hex(crypto:strong_rand_bytes(8)),
Suffix = binary:encode_hex(CK),
Segments = lists:map(fun ensure_bin/1, KeyPath), Segments = lists:map(fun ensure_bin/1, KeyPath),
Filename0 = iolist_to_binary(lists:join(<<"_">>, Segments)), Filename0 = iolist_to_binary(lists:join(<<"_">>, Segments)),
Filename1 = binary:replace(Filename0, <<"file">>, <<>>), Filename1 = binary:replace(Filename0, <<"file">>, <<>>),