diff --git a/etc/emqx.conf b/etc/emqx.conf index 16f1eaae3..4a953ddb4 100644 --- a/etc/emqx.conf +++ b/etc/emqx.conf @@ -1087,16 +1087,16 @@ listener.tcp.external.access.1 = allow all ## Enable the option for X.509 certificate based authentication. ## EMQX will use the common name of certificate as MQTT username. -## 'pem' encodes CRT in base64, and md5 is the md5 hash of CRT. +## The proxy-protocol protocol can get the certificate CN through tcp ## -## Value: cn | dn | crt | pem | md5 +## Value: cn ## listener.tcp.external.peer_cert_as_username = cn ## Enable the option for X.509 certificate based authentication. ## EMQX will use the common name of certificate as MQTT clientid. -## 'pem' encodes CRT in base64, and md5 is the md5 hash of CRT. +## The proxy-protocol protocol can get the certificate CN through tcp ## -## Value: cn | dn | crt | pem | md5 +## Value: cn ## listener.tcp.external.peer_cert_as_clientid = cn ## The TCP backlog defines the maximum length that the queue of pending diff --git a/priv/emqx.schema b/priv/emqx.schema index 0e933c44f..2e1248c50 100644 --- a/priv/emqx.schema +++ b/priv/emqx.schema @@ -1211,12 +1211,14 @@ end}. {datatype, {duration, ms}} ]}. +%% The proxy-protocol protocol can get the certificate CN through tcp {mapping, "listener.tcp.$name.peer_cert_as_username", "emqx.listeners", [ - {datatype, {enum, [cn, dn, crt, pem, md5]}} + {datatype, {enum, [cn]}} ]}. +%% The proxy-protocol protocol can get the certificate CN through tcp {mapping, "listener.tcp.$name.peer_cert_as_clientid", "emqx.listeners", [ - {datatype, {enum, [cn, dn, crt, pem, md5]}} + {datatype, {enum, [cn]}} ]}. {mapping, "listener.tcp.$name.backlog", "emqx.listeners", [