Instead of reading the directory and parsing the certificates every time a connection opens, make a file with all the certificates every time the directory contents change.

The aggregate file is named for the /expected/ mtime of the directory once it's been written (to a resolution of one second). This avoids the memory blowout caused by supplying the certificate binaries with every connection -- those don't get garbage collected -- and is much faster, much the same as just using a static cacertfile.
author: Michael Bridgen <mikeb@rabbitmq.com> 2012-04-10 17:04:47 +0100
committer: Michael Bridgen <mikeb@rabbitmq.com> 2012-04-10 17:04:47 +0100
commit: 4f2bdcf7a08409d1c2c16337096626b562c7ae7f (patch)
tree: 884f8f6f6cfe132bec03ea294bb9bf36074a52c7
parent: 5a593e4b540c26e7eba3bd44527d929b99c999cb (diff)
download: rabbitmq-server-4f2bdcf7a08409d1c2c16337096626b562c7ae7f.tar.gz
1 files changed, 33 insertions, 9 deletions
diff --git a/src/rabbit_net.erl b/src/rabbit_net.erl
index 914c99d6..3c1ad6c2 100644
--- a/src/rabbit_net.erl
+++ b/src/rabbit_net.erl
@@ -84,7 +84,7 @@ ssl_info(_Sock) ->
 ssl_opts(SslOpts0) ->
     case proplists:lookup(cacertdir, SslOpts0) of
         {cacertdir, Dir} ->
-            [{cacerts, load_cacerts_dir(Dir)} | SslOpts0];
+            [{cacertfile, load_cacerts_dir(Dir)} | SslOpts0];
         none ->
             SslOpts0
     end.
@@ -175,11 +175,35 @@ connection_string(Sock, Direction) ->
     end.
 
 load_cacerts_dir(Dir) ->
-    filelib:fold_files(
-      Dir, ".*\\.pem", false,
-      fun (F, Certs) ->
-              {ok, PemBin} = file:read_file(F),
-              Ders = [Cert || {'Certificate', Cert, not_encrypted}
-                                  <- public_key:pem_decode(PemBin)],
-              Ders ++ Certs
-      end, []).
+    LastModified = filelib:last_modified(Dir),
+    Stamp = integer_to_list(
+              calendar:datetime_to_gregorian_seconds(LastModified)),
+    CurrentFilename = filename:join(Dir, Stamp ++ ".ca"),
+    case filelib:is_file(CurrentFilename) of
+        true ->
+            CurrentFilename;
+        false ->
+            NewContents =
+                filelib:fold_files(
+                  Dir, ".*\\.pem", false,
+                  fun (F, Certs) ->
+                          {ok, PemBin} = file:read_file(F),
+                          [PemBin | Certs]
+                  end, []),
+            %% Remove old files
+            filelib:fold_files(
+              Dir, "[0-9]*\\.ca", false,
+              fun (F, _) ->
+                      file:delete(F)
+              end, undefined),
+            %% Create a new file name with the expected mtime of the
+            %% directory once we've written to it. This will
+            %% occasionally miss; this assumes it's not a huge deal to
+            %% re-generate it.
+            NewStamp = integer_to_list(
+                         calendar:datetime_to_gregorian_seconds(
+                           calendar:local_time())),
+            NewFilename = filename:join(Dir, NewStamp ++ ".ca"),
+            file:write_file(NewFilename, NewContents),
+            NewFilename
+    end.
author	Michael Bridgen <mikeb@rabbitmq.com>	2012-04-10 17:04:47 +0100
committer	Michael Bridgen <mikeb@rabbitmq.com>	2012-04-10 17:04:47 +0100
commit	4f2bdcf7a08409d1c2c16337096626b562c7ae7f (patch)
tree	884f8f6f6cfe132bec03ea294bb9bf36074a52c7
parent	5a593e4b540c26e7eba3bd44527d929b99c999cb (diff)
download	rabbitmq-server-4f2bdcf7a08409d1c2c16337096626b562c7ae7f.tar.gz