yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixed Conflicting files

This commit is contained in:
HuangDan 2018-08-30 10:53:35 +08:00
parent 53a2f93b7e 53d7d0a9d4
commit 18eee0f1b0
5 changed files with 134 additions and 80 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
etc/emqx.conf
View File

@ -756,8 +756,8 @@ listener.tcp.external.access.1 = allow all
## Enable the option for X.509 certificate based authentication. ## Enable the option for X.509 certificate based authentication.
## EMQX will use the common name of certificate as MQTT username. ## EMQX will use the common name of certificate as MQTT username.
## ##
## Value: boolean ## Value: cn | dn
## listener.tcp.external.peer_cert_as_username = true ## listener.tcp.external.peer_cert_as_username = cn
## The TCP backlog defines the maximum length that the queue of pending ## The TCP backlog defines the maximum length that the queue of pending
## connections can grow to. ## connections can grow to.
@ -1070,7 +1070,7 @@ listener.ssl.external.certfile = {{ platform_etc_dir }}/certs/cert.pem
## Most of it was copied from Mozillas Server Side TLS article ## Most of it was copied from Mozillas Server Side TLS article
## ##
## Value: Ciphers ## Value: Ciphers
## listener.ssl.external.ciphers = ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA listener.ssl.external.ciphers = ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA
## SSL parameter renegotiation is a feature that allows a client and a server ## SSL parameter renegotiation is a feature that allows a client and a server
## to renegotiate the parameters of the SSL connection on the fly. ## to renegotiate the parameters of the SSL connection on the fly.
@ -1100,7 +1100,7 @@ listener.ssl.external.certfile = {{ platform_etc_dir }}/certs/cert.pem
## Use the CN field from the client certificate as a username. ## Use the CN field from the client certificate as a username.
## Notice that 'verify' should be set as 'verify_peer'. ## Notice that 'verify' should be set as 'verify_peer'.
## ##
## Value: boolean ## Value: cn | en
## listener.ssl.external.peer_cert_as_username = cn ## listener.ssl.external.peer_cert_as_username = cn
## TCP backlog for the SSL connection. ## TCP backlog for the SSL connection.

3
priv/emqx.schema
View File

@ -860,8 +860,7 @@ end}.
]}. ]}.
{mapping, "listener.tcp.$name.peer_cert_as_username", "emqx.listeners", [ {mapping, "listener.tcp.$name.peer_cert_as_username", "emqx.listeners", [
{default, false}, {datatype, {enum, [cn, dn]}}
{datatype, {enum, [true, false]}}
]}. ]}.
{mapping, "listener.tcp.$name.backlog", "emqx.listeners", [ {mapping, "listener.tcp.$name.backlog", "emqx.listeners", [

161
test/emqx_SUITE.erl
View File

@ -25,21 +25,45 @@
-include_lib("common_test/include/ct.hrl"). -include_lib("common_test/include/ct.hrl").
-include("emqx_mqtt.hrl").
-record(ssl_socket, {tcp, ssl}).
-type(socket() :: inet:socket() | #ssl_socket{}).
-define(CLIENT, ?CONNECT_PACKET(#mqtt_packet_connect{ -define(CLIENT, ?CONNECT_PACKET(#mqtt_packet_connect{
client_id = <<"mqtt_client">>, client_id = <<"mqtt_client">>,
username = <<"admin">>, username = <<"admin">>,
password = <<"public">>})). password = <<"public">>})).
-define(CLIENT2, ?CONNECT_PACKET(#mqtt_packet_connect{
username = <<"admin">>,
clean_start = false,
password = <<"public">>})).
-define(SUBCODE, [0]).
-define(PACKETID, 1).
-define(PUBQOS, 1).
-define(SUBPACKET, ?SUBSCRIBE_PACKET(?PACKETID, [{<<"sub/topic">>, ?DEFAULT_SUBOPTS}])).
-define(PUBPACKET, ?PUBLISH_PACKET(?PUBQOS, <<"sub/topic">>, ?PACKETID, <<"publish">>)).
all() -> all() ->
[{group, connect}, [{group, connect}%,
{group, cleanSession}]. % {group, cleanSession}
].
groups() -> groups() ->
[{connect, [non_parallel_tests], [{connect, [non_parallel_tests],
[mqtt_connect, [
% mqtt_connect_with_tcp, mqtt_connect,
mqtt_connect_with_ssl_oneway, mqtt_connect_with_tcp,
mqtt_connect_with_ssl_twoway%, mqtt_connect_with_ssl_oneway,
% mqtt_connect_with_ws mqtt_connect_with_ssl_twoway,
mqtt_connect_with_ws
]}, ]},
{cleanSession, [sequence], {cleanSession, [sequence],
[cleanSession_validate] [cleanSession_validate]
@ -48,7 +72,6 @@ groups() ->
init_per_suite(Config) -> init_per_suite(Config) ->
emqx_ct_broker_helpers:run_setup_steps(), emqx_ct_broker_helpers:run_setup_steps(),
% ct:log("Apps:~p", [Apps]),
Config. Config.
end_per_suite(_Config) -> end_per_suite(_Config) ->
@ -65,78 +88,79 @@ mqtt_connect(_) ->
?assertEqual(<<32,2,0,0>>, connect_broker_(<<16,12,0,4,77,81,84,84,4,2,0,90,0,0>>, 4)). ?assertEqual(<<32,2,0,0>>, connect_broker_(<<16,12,0,4,77,81,84,84,4,2,0,90,0,0>>, 4)).
connect_broker_(Packet, RecvSize) -> connect_broker_(Packet, RecvSize) ->
{ok, Sock} = gen_tcp:connect({127,0,0,1}, 1883, [binary, {packet, raw}, {active, false}]), {ok, Sock} = emqx_client_sock:connect({127,0,0,1}, 1883, [binary, {packet, raw}, {active, false}], 3000),
gen_tcp:send(Sock, Packet), emqx_client_sock:send(Sock, Packet),
{ok, Data} = gen_tcp:recv(Sock, RecvSize, 3000), {ok, Data} = gen_tcp:recv(Sock, RecvSize, 3000),
gen_tcp:close(Sock), emqx_client_sock:close(Sock),
Data. Data.
mqtt_connect_with_tcp(_) ->
%% mqtt_connect_with_tcp(_) -> %% Issue #599
%% %% Issue #599 %% Empty clientId and clean_session = false
%% %% Empty clientId and clean_session = false {ok, Sock} = emqx_client_sock:connect({127,0,0,1}, 1883, [binary, {packet, raw}, {active, false}], 3000),
%% {ok, Sock} = gen_tcp:connect({127,0,0,1}, 1883, [binary, {packet, raw}, {active, false}]), Packet = raw_send_serialise(?CLIENT2),
%% Packet = raw_send_serialise(?CLIENT), emqx_client_sock:send(Sock, Packet),
%% gen_tcp:send(Sock, Packet), {ok, Data} = gen_tcp:recv(Sock, 0),
%% {ok, Data} = gen_tcp:recv(Sock, 0), {ok, ?CONNACK_PACKET(?CONNACK_INVALID_ID), _} = raw_recv_pase(Data),
%% % {ok, ?CONNACK_PACKET(?CONNACK_ACCEPT), _} = raw_recv_pase(Data), emqx_client_sock:close(Sock).
%% gen_tcp:close(Sock).
mqtt_connect_with_ssl_oneway(_) -> mqtt_connect_with_ssl_oneway(_) ->
emqx:stop(), emqx:shutdown(),
emqx_ct_broker_helpers:change_opts(ssl_oneway), emqx_ct_broker_helpers:change_opts(ssl_oneway),
emqx:start(), emqx:start(),
timer:sleep(5000), ClientSsl = emqx_ct_broker_helpers:client_ssl(),
{ok, SslOneWay} = emqttc:start_link([{host, "localhost"}, {ok, #ssl_socket{tcp = Sock, ssl = SslSock}}
{port, 8883}, = emqx_client_sock:connect("127.0.0.1", 8883, [{ssl_opts, ClientSsl}], 3000),
{logger, debug}, %% Packet = raw_send_serialise(?CLIENT),
{client_id, <<"ssloneway">>}, ssl]), %% ssl:send(SslSock, Packet),
timer:sleep(100), %% receive Data ->
emqttc:subscribe(SslOneWay, <<"topic">>, qos1), %% ct:log("Data:~p~n", [Data])
{ok, Pub} = emqttc:start_link([{host, "localhost"}, %% after 30000 ->
{client_id, <<"pub">>}]), %% ok
emqttc:publish(Pub, <<"topic">>, <<"SSL oneWay test">>, [{qos, 1}]), %% end,
timer:sleep(100), ssl:close(SslSock).
receive {publish, _Topic, RM} ->
?assertEqual(<<"SSL oneWay test">>, RM)
after 1000 -> false
end,
timer:sleep(100),
emqttc:disconnect(SslOneWay),
emqttc:disconnect(Pub).
mqtt_connect_with_ssl_twoway(_Config) -> mqtt_connect_with_ssl_twoway(_Config) ->
emqx:stop(), emqx:shutdown(),
emqx_ct_broker_helpers:change_opts(ssl_twoway), emqx_ct_broker_helpers:change_opts(ssl_twoway),
emqx:start(), emqx:start(),
timer:sleep(3000), ClientSsl = emqx_ct_broker_helpers:client_ssl_twoway(),
ClientSSl = emqx_ct_broker_helpers:client_ssl(), {ok, #ssl_socket{tcp = _Sock1, ssl = SslSock} = Sock}
{ok, SslTwoWay} = emqttc:start_link([{host, "localhost"}, = emqx_client_sock:connect("127.0.0.1", 8883, [{ssl_opts, ClientSsl}], 3000),
{port, 8883}, Packet = raw_send_serialise(?CLIENT),
{client_id, <<"ssltwoway">>}, emqx_client_sock:setopts(Sock, [{active, once}]),
{ssl, ClientSSl}]), emqx_client_sock:send(Sock, Packet),
{ok, Sub} = emqttc:start_link([{host, "localhost"}, timer:sleep(500),
{client_id, <<"sub">>}]), receive {ssl, _, Data}->
emqttc:subscribe(Sub, <<"topic">>, qos1), {ok, ?CONNACK_PACKET(?CONNACK_ACCEPT), _} = raw_recv_pase(Data)
emqttc:publish(SslTwoWay, <<"topic">>, <<"ssl client pub message">>, [{qos, 1}]), after 1000 ->
timer:sleep(10), ok
receive {publish, _Topic, RM} ->
?assertEqual(<<"ssl client pub message">>, RM)
after 1000 -> false
end, end,
emqttc:disconnect(SslTwoWay), emqx_client_sock:close(Sock).
emqttc:disconnect(Sub).
mqtt_connect_with_ws(_Config) ->
WS = rfc6455_client:new("ws://127.0.0.1:8083" ++ "/mqtt", self()),
{ok, _} = rfc6455_client:open(WS),
%% mqtt_connect_with_ws(_Config) -> %% Connect Packet
%% WS = rfc6455_client:new("ws://127.0.0.1:8083" ++ "/mqtt", self()), Packet = raw_send_serialise(?CLIENT),
%% {ok, _} = rfc6455_client:open(WS), ok = rfc6455_client:send_binary(WS, Packet),
%% Packet = raw_send_serialise(?CLIENT), {binary, CONACK} = rfc6455_client:recv(WS),
%% ok = rfc6455_client:send_binary(WS, Packet), {ok, ?CONNACK_PACKET(?CONNACK_ACCEPT), _} = raw_recv_pase(CONACK),
%% {binary, P} = rfc6455_client:recv(WS),
%% % {ok, ?CONNACK_PACKET(?CONNACK_ACCEPT), _} = raw_recv_pase(P), %% Sub Packet
%% {close, _} = rfc6455_client:close(WS), SubPacket = raw_send_serialise(?SUBPACKET),
%% ok. rfc6455_client:send_binary(WS, SubPacket),
{binary, SubAck} = rfc6455_client:recv(WS),
{ok, ?SUBACK_PACKET(?PACKETID, ?SUBCODE), _} = raw_recv_pase(SubAck),
%% Pub Packet QoS 1
PubPacket = raw_send_serialise(?PUBPACKET),
rfc6455_client:send_binary(WS, PubPacket),
{binary, PubAck} = rfc6455_client:recv(WS),
{ok, ?PUBACK_PACKET(?PACKETID), _} = raw_recv_pase(PubAck),
{close, _} = rfc6455_client:close(WS),
ok.
cleanSession_validate(_) -> cleanSession_validate(_) ->
{ok, C1} = emqttc:start_link([{host, "localhost"}, {ok, C1} = emqttc:start_link([{host, "localhost"},
@ -165,8 +189,9 @@ cleanSession_validate(_) ->
emqttc:disconnect(C11). emqttc:disconnect(C11).
raw_send_serialise(Packet) -> raw_send_serialise(Packet) ->
emqttc_serialiser:serialise(Packet). emqx_frame:serialize(Packet).
raw_recv_pase(P) -> raw_recv_pase(P) ->
emqttc_parser:parse(P, emqttc_parser:new()). emqx_frame:parse(P, {none, #{max_packet_size => ?MAX_PACKET_SIZE,
version => ?MQTT_PROTO_V4} }).

7
test/emqx_client_SUITE.erl
View File

@ -21,9 +21,9 @@
-include_lib("eunit/include/eunit.hrl"). -include_lib("eunit/include/eunit.hrl").
all() -> []. all() -> [{group, connect}].
groups() -> []. groups() -> [{connect, [start]}].
init_per_suite(Config) -> init_per_suite(Config) ->
Config. Config.
@ -37,3 +37,6 @@ init_per_group(_Group, Config) ->
end_per_group(_Group, _Config) -> end_per_group(_Group, _Config) ->
ok. ok.
start(_Config) ->
{ok, ClientPid, _} = emqx_client:start_link().

35
test/emqx_ct_broker_helpers.erl
View File

@ -27,6 +27,31 @@
{cacertfile, "certs/cacert.pem"}, {cacertfile, "certs/cacert.pem"},
{certfile, "certs/client-cert.pem"}]). {certfile, "certs/client-cert.pem"}]).
-define(CIPHERS, [{ciphers,
["ECDHE-ECDSA-AES256-GCM-SHA384",
"ECDHE-RSA-AES256-GCM-SHA384",
"ECDHE-ECDSA-AES256-SHA384",
"ECDHE-RSA-AES256-SHA384","ECDHE-ECDSA-DES-CBC3-SHA",
"ECDH-ECDSA-AES256-GCM-SHA384",
"ECDH-RSA-AES256-GCM-SHA384",
"ECDH-ECDSA-AES256-SHA384","ECDH-RSA-AES256-SHA384",
"DHE-DSS-AES256-GCM-SHA384","DHE-DSS-AES256-SHA256",
"AES256-GCM-SHA384","AES256-SHA256",
"ECDHE-ECDSA-AES128-GCM-SHA256",
"ECDHE-RSA-AES128-GCM-SHA256",
"ECDHE-ECDSA-AES128-SHA256",
"ECDHE-RSA-AES128-SHA256",
"ECDH-ECDSA-AES128-GCM-SHA256",
"ECDH-RSA-AES128-GCM-SHA256",
"ECDH-ECDSA-AES128-SHA256","ECDH-RSA-AES128-SHA256",
"DHE-DSS-AES128-GCM-SHA256","DHE-DSS-AES128-SHA256",
"AES128-GCM-SHA256","AES128-SHA256",
"ECDHE-ECDSA-AES256-SHA","ECDHE-RSA-AES256-SHA",
"DHE-DSS-AES256-SHA","ECDH-ECDSA-AES256-SHA",
"ECDH-RSA-AES256-SHA","AES256-SHA",
"ECDHE-ECDSA-AES128-SHA","ECDHE-RSA-AES128-SHA",
"DHE-DSS-AES128-SHA","ECDH-ECDSA-AES128-SHA",
"ECDH-RSA-AES128-SHA","AES128-SHA"]}]).
run_setup_steps() -> run_setup_steps() ->
NewConfig = generate_config(), NewConfig = generate_config(),
@ -69,7 +94,7 @@ change_opts(SslType) ->
lists:foldl(fun({Protocol, Port, Opts} = Listener, Acc) -> lists:foldl(fun({Protocol, Port, Opts} = Listener, Acc) ->
case Protocol of case Protocol of
ssl -> ssl ->
SslOpts = proplists:get_value(sslopts, Opts), SslOpts = proplists:get_value(ssl_options, Opts),
Keyfile = local_path(["etc/certs", "key.pem"]), Keyfile = local_path(["etc/certs", "key.pem"]),
Certfile = local_path(["etc/certs", "cert.pem"]), Certfile = local_path(["etc/certs", "cert.pem"]),
TupleList1 = lists:keyreplace(keyfile, 1, SslOpts, {keyfile, Keyfile}), TupleList1 = lists:keyreplace(keyfile, 1, SslOpts, {keyfile, Keyfile}),
@ -87,13 +112,15 @@ change_opts(SslType) ->
(_) -> true (_) -> true
end, TupleList2) end, TupleList2)
end, end,
[{Protocol, Port, lists:keyreplace(sslopts, 1, Opts, {sslopts, TupleList3})} | Acc]; [{Protocol, Port, lists:keyreplace(ssl_options, 1, Opts, {ssl_options, TupleList3})} | Acc];
_ -> _ ->
[Listener | Acc] [Listener | Acc]
end end
end, [], Listeners), end, [], Listeners),
application:set_env(?APP, listeners, NewListeners). application:set_env(?APP, listeners, NewListeners).
client_ssl() -> client_ssl_twoway() ->
[{Key, local_path(["etc", File])} || {Key, File} <- ?MQTT_SSL_CLIENT]. [{Key, local_path(["etc", File])} || {Key, File} <- ?MQTT_SSL_CLIENT] ++ ?CIPHERS.
client_ssl() ->
?CIPHERS ++ [{reuse_sessions, true}].