feat(ssl): supports configuration of keyfile password

2020-12-11 09:45:49 +08:00 · 2020-12-11 09:45:49 +08:00 · 17e0409c09
parent e539180659
commit 17e0409c09
2 changed files with 36 additions and 0 deletions
--- a/etc/emqx.conf
+++ b/etc/emqx.conf
@ -1329,6 +1329,12 @@ listener.ssl.external.handshake_timeout = 15s
 ## Value: Number
 #listener.ssl.external.depth = 10

+## String containing the user's password. Only used if the private keyfile
+## is password-protected.
+##
+## Value: String
+## listener.ssl.external.key_password = yourpass
+
 ## Path to the file containing the user's private PEM-encoded key.
 ##
 ## See: http://erlang.org/doc/man/ssl.html
@ -1794,6 +1800,22 @@ listener.wss.external.certfile = {{ platform_etc_dir }}/certs/cert.pem
 ## Value: File
 ## listener.wss.external.cacertfile = {{ platform_etc_dir }}/certs/cacert.pem

+## Maximum number of non-self-issued intermediate certificates that
+## can follow the peer certificate in a valid certification path.
+##
+## See: listener.ssl.external.depth
+##
+## Value: Number
+## listener.wss.external.depth = 10
+
+## String containing the user's password. Only used if the private keyfile
+## is password-protected.
+##
+## See: listener.ssl.$name.key_password
+##
+## Value: String
+## listener.wss.external.key_password = yourpass
+
 ## See: listener.ssl.$name.dhfile
 ##
 ## Value: File
--- a/priv/emqx.schema
+++ b/priv/emqx.schema
@ -1383,6 +1383,10 @@ end}.
  {datatype, integer}
 ]}.

+{mapping, "listener.ssl.$name.key_password", "emqx.listeners", [
+  {datatype, string}
+]}.
+
 {mapping, "listener.ssl.$name.dhfile", "emqx.listeners", [
  {datatype, string}
 ]}.
@ -1703,6 +1707,15 @@ end}.
  {datatype, string}
 ]}.

+{mapping, "listener.wss.$name.depth", "emqx.listeners", [
+  {default, 10},
+  {datatype, integer}
+]}.
+
+{mapping, "listener.wss.$name.key_password", "emqx.listeners", [
+  {datatype, string}
+]}.
+
 {mapping, "listener.wss.$name.verify", "emqx.listeners", [
  {datatype, atom}
 ]}.
@ -1895,6 +1908,7 @@ end}.
                          {user_lookup_fun, UserLookupFun},
                          {handshake_timeout, cuttlefish:conf_get(Prefix ++ ".handshake_timeout", Conf, undefined)},
                          {depth, cuttlefish:conf_get(Prefix ++ ".depth", Conf, undefined)},
+                          {password, cuttlefish:conf_get(Prefix ++ ".key_password", Conf, undefined)},
                          {dhfile, cuttlefish:conf_get(Prefix ++ ".dhfile", Conf, undefined)},
                          {keyfile,    cuttlefish:conf_get(Prefix ++ ".keyfile", Conf, undefined)},
                          {certfile,   cuttlefish:conf_get(Prefix ++ ".certfile", Conf, undefined)},