CRL cache key being the path part of the distribution endpoint leads to clash #8891

zmstone · 2024-10-03T07:01:28Z

Describe the bug

The CRL cache key is the extracted path part of a CRL DP URI.

Lines 155 to 158 in f587482

    
           do_insert(URI, CRLs) -> 
        
               case uri_string:normalize(URI, [return_map]) of 
        
           	#{scheme := "http", path := Path} -> 
        
           	    ssl_manager:insert_crls(string:trim(Path, leading, "/"), CRLs);

This leads to clash when two DPs share the same path.

To Reproduce

Test with two different client certificates, having the same CRL DP URI path.

Expected behavior

Work with multiple CRL DPs

Affected versions

ALL?

IngelaAndin · 2024-10-22T09:26:09Z

Well the solution to that, should be using more parts of the URI in the key. I think using the host, and port parts should suffice. Will include it for next sprint planning to fix it.

zmstone added the bug Issue is reported as a bug label Oct 3, 2024

u3s added the team:PS Assigned to OTP team PS label Oct 3, 2024

IngelaAndin self-assigned this Oct 8, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CRL cache key being the path part of the distribution endpoint leads to clash #8891

CRL cache key being the path part of the distribution endpoint leads to clash #8891

zmstone commented Oct 3, 2024

IngelaAndin commented Oct 22, 2024

CRL cache key being the path part of the distribution endpoint leads to clash #8891

CRL cache key being the path part of the distribution endpoint leads to clash #8891

Comments

zmstone commented Oct 3, 2024

IngelaAndin commented Oct 22, 2024