From 3027bc3a0c0bcba6fa85f84427de760252b8bb48 Mon Sep 17 00:00:00 2001 From: Zaiming Shi Date: Wed, 22 Sep 2021 23:47:36 +0200 Subject: [PATCH] fix(schema): sll key and cert files are nullable --- apps/emqx/src/emqx_schema.erl | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/apps/emqx/src/emqx_schema.erl b/apps/emqx/src/emqx_schema.erl index 63eff5f61..27688a868 100644 --- a/apps/emqx/src/emqx_schema.erl +++ b/apps/emqx/src/emqx_schema.erl @@ -926,16 +926,39 @@ common_ssl_opts_schema(Defaults) -> , {"cacertfile", sc(string(), #{ default => D("cacertfile") + , nullable => true + , desc => +"""Trusted PEM format CA certificates bundle file.
+The certificates in this file are used to verify the TLS peer's certificates. +Append new certificates to the file if new CAs are to be trusted. +There is no need to restart EMQ X to have the updated file loaded, because +the system regularly checks if file has been updated (and reload).
+NOTE: invalidating (deleting) a certificate from the file will not affect +already established connections. +""" }) } , {"certfile", sc(string(), #{ default => D("certfile") + , nullable => true + , desc => +"""PEM format certificates chain file.
+The certificates in this file should be in reversed order of the certificate +issue chain. That is, the host's certificate should be placed in the beginning +of the file, followed by the immediate issuer certificate and so on. +Although the root CA certificate is optional, it should placed at the end of +the file if it is to be added. +""" }) } , {"keyfile", sc(string(), #{ default => D("keyfile") + , nullable => true + , desc => +"""PEM format private key file.
+""" }) } , {"verify",