diff options
author | Michael Bridgen <mikeb@rabbitmq.com> | 2012-04-10 17:04:47 +0100 |
---|---|---|
committer | Michael Bridgen <mikeb@rabbitmq.com> | 2012-04-10 17:04:47 +0100 |
commit | 4f2bdcf7a08409d1c2c16337096626b562c7ae7f (patch) | |
tree | 884f8f6f6cfe132bec03ea294bb9bf36074a52c7 | |
parent | 5a593e4b540c26e7eba3bd44527d929b99c999cb (diff) | |
download | rabbitmq-server-4f2bdcf7a08409d1c2c16337096626b562c7ae7f.tar.gz |
Instead of reading the directory and parsing the certificates every time a connection opens, make a file with all the certificates every time the directory contents change.
The aggregate file is named for the /expected/ mtime of the directory once it's been written (to a resolution of one second). This avoids the memory blowout caused by supplying the certificate binaries with every connection -- those don't get garbage collected -- and is much faster, much the same as just using a static cacertfile.
-rw-r--r-- | src/rabbit_net.erl | 42 |
1 files changed, 33 insertions, 9 deletions
diff --git a/src/rabbit_net.erl b/src/rabbit_net.erl index 914c99d6..3c1ad6c2 100644 --- a/src/rabbit_net.erl +++ b/src/rabbit_net.erl @@ -84,7 +84,7 @@ ssl_info(_Sock) -> ssl_opts(SslOpts0) -> case proplists:lookup(cacertdir, SslOpts0) of {cacertdir, Dir} -> - [{cacerts, load_cacerts_dir(Dir)} | SslOpts0]; + [{cacertfile, load_cacerts_dir(Dir)} | SslOpts0]; none -> SslOpts0 end. @@ -175,11 +175,35 @@ connection_string(Sock, Direction) -> end. load_cacerts_dir(Dir) -> - filelib:fold_files( - Dir, ".*\\.pem", false, - fun (F, Certs) -> - {ok, PemBin} = file:read_file(F), - Ders = [Cert || {'Certificate', Cert, not_encrypted} - <- public_key:pem_decode(PemBin)], - Ders ++ Certs - end, []). + LastModified = filelib:last_modified(Dir), + Stamp = integer_to_list( + calendar:datetime_to_gregorian_seconds(LastModified)), + CurrentFilename = filename:join(Dir, Stamp ++ ".ca"), + case filelib:is_file(CurrentFilename) of + true -> + CurrentFilename; + false -> + NewContents = + filelib:fold_files( + Dir, ".*\\.pem", false, + fun (F, Certs) -> + {ok, PemBin} = file:read_file(F), + [PemBin | Certs] + end, []), + %% Remove old files + filelib:fold_files( + Dir, "[0-9]*\\.ca", false, + fun (F, _) -> + file:delete(F) + end, undefined), + %% Create a new file name with the expected mtime of the + %% directory once we've written to it. This will + %% occasionally miss; this assumes it's not a huge deal to + %% re-generate it. + NewStamp = integer_to_list( + calendar:datetime_to_gregorian_seconds( + calendar:local_time())), + NewFilename = filename:join(Dir, NewStamp ++ ".ca"), + file:write_file(NewFilename, NewContents), + NewFilename + end. |