chore: fix nit

2024-05-02 10:13:57 +02:00 · 2024-05-02 10:13:57 +02:00 · 1a4a4bb3a5
parent fb30207ef3
commit 1a4a4bb3a5
2 changed files with 8 additions and 10 deletions
--- a/apps/emqx/src/emqx_const_v2.erl
+++ b/apps/emqx/src/emqx_const_v2.erl
@ -49,8 +49,8 @@ make_tls_root_fun(cacert_from_cacertfile, [TrustedOne, TrustedTwo]) ->
    end.

 make_tls_verify_fun(verify_cert_extKeyUsage, KeyUsages) ->
-    AllowedKeyUsages = ext_key_opts(KeyUsages),
-    {fun verify_fun_peer_extKeyUsage/3, AllowedKeyUsages}.
+    RequiredKeyUsages = ext_key_opts(KeyUsages),
+    {fun verify_fun_peer_extKeyUsage/3, RequiredKeyUsages}.

 verify_fun_peer_extKeyUsage(_, {bad_cert, invalid_ext_key_usage}, UserState) ->
    %% !! Override OTP verify peer default
@ -69,17 +69,17 @@ verify_fun_peer_extKeyUsage(
    #'OTPCertificate'{tbsCertificate = #'OTPTBSCertificate'{extensions = ExtL}},
    %% valid peer cert
    valid_peer,
-    AllowedKeyUsages
+    RequiredKeyUsages
 ) ->
    %% override OTP verify_peer default
    %% must have id-ce-extKeyUsage
    case lists:keyfind(?'id-ce-extKeyUsage', 2, ExtL) of
        #'Extension'{extnID = ?'id-ce-extKeyUsage', extnValue = VL} ->
-            case do_verify_ext_key_usage(VL, AllowedKeyUsages) of
+            case do_verify_ext_key_usage(VL, RequiredKeyUsages) of
                true ->
                    %% pass the check,
                    %% fallback to OTP verify_peer default
-                    {valid, AllowedKeyUsages};
+                    {valid, RequiredKeyUsages};
                false ->
                    {fail, extKeyUsage_unmatched}
            end;
@ -100,9 +100,7 @@ do_verify_ext_key_usage(CertExtL, [Usage | T] = _Required) ->
    end.

 %% @doc Helper tls cert extension
-spec ext_key_opts
-    (string()) -> [OidString :: string() | public_key:oid()];
-    (undefined) -> undefined.
+-spec ext_key_opts(string()) -> [OidString :: string() | public_key:oid()].
 ext_key_opts(Str) ->
    Usages = string:tokens(Str, ","),
    lists:map(
@ -119,7 +117,7 @@ ext_key_opts(Str) ->
                ?'id-kp-timeStamping';
            ("ocspSigning") ->
                ?'id-kp-OCSPSigning';
-            ([$O, $I, $D, $: | OidStr]) ->
+            ("OID:" ++ OidStr) ->
                OidList = string:tokens(OidStr, "."),
                list_to_tuple(lists:map(fun list_to_integer/1, OidList))
        end,
--- a/apps/emqx/test/emqx_test_tls_certs_helper.erl
+++ b/apps/emqx/test/emqx_test_tls_certs_helper.erl
@ -46,7 +46,7 @@ emqx_start_listener(Name, ssl, Port, #{ssl_options := SslOptions} = Opts0) ->
        zone => default,
        ssl_options => maps:from_list(SslOptions)
    },
-    ct:pal("start listsner with ~p ~p", [Name, Opts]),
+    ct:pal("start listener with ~p ~p", [Name, Opts]),
    emqx_listeners:start_listener(ssl, Name, Opts).

 %%-------------------------------------------------------------------------------