Merge pull request #10058 from qzhuyan/dev/william/deprecated-unsupp-quic-TLS-options

fix: deprecate unsupp quic TLS options
2023-03-07 09:29:52 +01:00 · 2023-03-07 09:29:52 +01:00 · 2b1cf2fa52
parent 422f8e3be3 6649a4f7d1
commit 2b1cf2fa52
3 changed files with 42 additions and 1 deletions
--- a/apps/emqx/src/emqx_schema.erl
+++ b/apps/emqx/src/emqx_schema.erl
@ -1280,7 +1280,18 @@ fields("listener_wss_opts") ->
        true
    );
 fields("listener_quic_ssl_opts") ->
-    server_ssl_opts_schema(#{}, false);
+    %% Mark unsupported TLS options deprecated.
+    lists:map(
+        fun({Name, Schema}) ->
+            case is_quic_ssl_opts(Name) of
+                true ->
+                    {Name, Schema};
+                false ->
+                    {Name, Schema#{deprecated => {since, "5.0.20"}}}
+            end
+        end,
+        server_ssl_opts_schema(#{}, false)
+    );
 fields("ssl_client_opts") ->
    client_ssl_opts_schema(#{});
 fields("deflate_opts") ->
@ -2841,3 +2852,18 @@ quic_lowlevel_settings_uint(Low, High, Desc) ->
            desc => Desc
        }
    ).
+
+-spec is_quic_ssl_opts(string()) -> boolean().
+is_quic_ssl_opts(Name) ->
+    lists:member(Name, [
+        "cacertfile",
+        "certfile",
+        "keyfile",
+        "verify"
+        %% Followings are planned
+        %% , "password"
+        %% , "hibernate_after"
+        %% , "fail_if_no_peer_cert"
+        %% , "handshake_timeout"
+        %% , "gc_after_handshake"
+    ]).
--- a/changes/ce/fix-10058.en.md
+++ b/changes/ce/fix-10058.en.md
@ -0,0 +1,7 @@
+Deprecate unused QUIC TLS options.
+Only following TLS options are kept for the QUIC listeners: 
+
+- cacertfile
+- certfile
+- keyfile
+- verify
--- a/changes/ce/fix-10058.zh.md
+++ b/changes/ce/fix-10058.zh.md
@ -0,0 +1,8 @@
+废弃未使用的 QUIC TLS 选项。
+QUIC 监听器只保留以下 TLS 选项:
+
+- cacertfile
+- certfile
+- keyfile
+- verify
+