File 0435-ssl-internal-doc-and-code-comments-for-PEM-cert-cach.patch of Package erlang
From 53baff501d7fe39f9ab900be0419564ec40e6f36 Mon Sep 17 00:00:00 2001
From: Jakub Witczak <kuba@erlang.org>
Date: Fri, 29 Jul 2022 11:37:53 +0200
Subject: [PATCH 1/2] ssl: internal doc and code comments for PEM, cert cache
---
lib/ssl/internal_doc/pem_and_cert_cache.md | 39 +++++++
lib/ssl/src/ssl_manager.erl | 2 +
lib/ssl/src/ssl_pem_cache.erl | 2 +
lib/ssl/test/ssl_pem_cache_SUITE.erl | 121 ++++++++++++++++++---
4 files changed, 148 insertions(+), 16 deletions(-)
create mode 100644 lib/ssl/internal_doc/pem_and_cert_cache.md
diff --git a/lib/ssl/internal_doc/pem_and_cert_cache.md b/lib/ssl/internal_doc/pem_and_cert_cache.md
new file mode 100644
index 0000000000..52fac1e6fe
--- /dev/null
+++ b/lib/ssl/internal_doc/pem_and_cert_cache.md
@@ -0,0 +1,39 @@
+# Notes on the PEM and cert caches
+## Data relations
+
+ |---------------| |------------------------|
+ | PemCache | | CertDb |
+ |---------------| * |------------------------|
+ | FilePath (PK) | +---- | {Ref, SN, Issuer} (PK) |
+ | FileContent | | | Cert (Subject) |
+ |---------------| | |------------------------|
+ |0,1 |
+ | +-----------+
+ |0,1 |1
+ |-----------------| |------------|
+ | FileMapDb | | RefDb |
+ |-----------------|1 1 |------------|
+ | CaCertFile (PK) |---------------| Ref (PK) |
+ | Ref (FK) | | Counter |
+ |-----------------| |------------|
+
+### PemCache
+1. stores a copy of file content in memory
+2. includes files from cacertfile, certfile, keyfile options
+3. content is added unless FileMapDb table contains entry with specified path
+
+### FileMapDb
+1. holds relation between specific path (PEM file with CA certificates) and a ref
+2. ref is generated when file from path is added for 1st time
+3. ref is used as path identifier in CertDb and RefDb tables
+
+### RefDb
+1. holds an active connections counter for a specific ref
+2. when counter reaches zero - related data in CertDb, FileMapDb, RefDb is deleted
+
+### CertDb
+1. holds decoded CA ceritificates (only those taken from cacertfile option)
+2. used for building certificate chains
+3. it is an ETS set table - when iterating in search of Issuer certificate,
+ processing order is not guaranted
+4. Table key is: {Ref, SerialNumber, Issuer}
diff --git a/lib/ssl/src/ssl_manager.erl b/lib/ssl/src/ssl_manager.erl
index a4fb07c795..5071bcadff 100644
--- a/lib/ssl/src/ssl_manager.erl
+++ b/lib/ssl/src/ssl_manager.erl
@@ -20,6 +20,8 @@
%%----------------------------------------------------------------------
%% Purpose: Manages ssl sessions and trusted certifacates
+%% (Note: See the document internal_doc/pem_and_cert_cache.md additional
+%% information)
%%----------------------------------------------------------------------
-module(ssl_manager).
diff --git a/lib/ssl/src/ssl_pem_cache.erl b/lib/ssl/src/ssl_pem_cache.erl
index 2c24351714..2c3d65c0a1 100644
--- a/lib/ssl/src/ssl_pem_cache.erl
+++ b/lib/ssl/src/ssl_pem_cache.erl
@@ -20,6 +20,8 @@
%%----------------------------------------------------------------------
%% Purpose: Manages ssl sessions and trusted certifacates
+%% (Note: See the document internal_doc/pem_and_cert_cache.md additional
+%% information)
%%----------------------------------------------------------------------
-module(ssl_pem_cache).
--
2.35.3
