From 19e8a187e4826c95c5cbc3357df794274c75968e Mon Sep 17 00:00:00 2001
From: JianBo He <heeejianbo@gmail.com>
Date: Fri, 11 Dec 2020 09:45:49 +0800
Subject: [PATCH] feat(ssl): supports configuration of keyfile password

---
 etc/emqx.conf    | 22 ++++++++++++++++++++++
 priv/emqx.schema | 14 ++++++++++++++
 2 files changed, 36 insertions(+)

diff --git a/etc/emqx.conf b/etc/emqx.conf
index c58c66a46..d6d8eb3b1 100644
--- a/etc/emqx.conf
+++ b/etc/emqx.conf
@@ -1323,6 +1323,12 @@ listener.ssl.external.handshake_timeout = 15s
 ## Value: Number
 ## listener.ssl.external.depth = 10
 
+## String containing the user's password. Only used if the private keyfile
+## is password-protected.
+##
+## Value: String
+## listener.ssl.external.key_password = yourpass
+
 ## Path to the file containing the user's private PEM-encoded key.
 ##
 ## See: http://erlang.org/doc/man/ssl.html
@@ -1788,6 +1794,22 @@ listener.wss.external.certfile = {{ platform_etc_dir }}/certs/cert.pem
 ## Value: File
 ## listener.wss.external.cacertfile = {{ platform_etc_dir }}/certs/cacert.pem
 
+## Maximum number of non-self-issued intermediate certificates that
+## can follow the peer certificate in a valid certification path.
+##
+## See: listener.ssl.external.depth
+##
+## Value: Number
+## listener.wss.external.depth = 10
+
+## String containing the user's password. Only used if the private keyfile
+## is password-protected.
+##
+## See: listener.ssl.$name.key_password
+##
+## Value: String
+## listener.wss.external.key_password = yourpass
+
 ## See: listener.ssl.$name.dhfile
 ##
 ## Value: File
diff --git a/priv/emqx.schema b/priv/emqx.schema
index ccecd8315..54c107016 100644
--- a/priv/emqx.schema
+++ b/priv/emqx.schema
@@ -1373,6 +1373,10 @@ end}.
   {datatype, integer}
 ]}.
 
+{mapping, "listener.ssl.$name.key_password", "emqx.listeners", [
+  {datatype, string}
+]}.
+
 {mapping, "listener.ssl.$name.dhfile", "emqx.listeners", [
   {datatype, string}
 ]}.
@@ -1693,6 +1697,15 @@ end}.
   {datatype, string}
 ]}.
 
+{mapping, "listener.wss.$name.depth", "emqx.listeners", [
+  {default, 10},
+  {datatype, integer}
+]}.
+
+{mapping, "listener.wss.$name.key_password", "emqx.listeners", [
+  {datatype, string}
+]}.
+
 {mapping, "listener.wss.$name.verify", "emqx.listeners", [
   {datatype, atom}
 ]}.
@@ -1884,6 +1897,7 @@ end}.
                           {user_lookup_fun, UserLookupFun},
                           {handshake_timeout, cuttlefish:conf_get(Prefix ++ ".handshake_timeout", Conf, undefined)},
                           {depth, cuttlefish:conf_get(Prefix ++ ".depth", Conf, undefined)},
+                          {password, cuttlefish:conf_get(Prefix ++ ".key_password", Conf, undefined)},
                           {dhfile, cuttlefish:conf_get(Prefix ++ ".dhfile", Conf, undefined)},
                           {keyfile,    cuttlefish:conf_get(Prefix ++ ".keyfile", Conf, undefined)},
                           {certfile,   cuttlefish:conf_get(Prefix ++ ".certfile", Conf, undefined)},