fix: only fill cerf_file default in server side

2023-05-11 17:33:18 +08:00 · 2023-05-11 17:33:18 +08:00 · 3d41449fde
parent d9f9e951ec
commit 3d41449fde
1 changed files with 12 additions and 12 deletions
--- a/apps/emqx/src/emqx_schema.erl
+++ b/apps/emqx/src/emqx_schema.erl
@ -2189,8 +2189,8 @@ filter(Opts) ->

 %% @private This function defines the SSL opts which are commonly used by
 %% SSL listener and client.
-spec common_ssl_opts_schema(map()) -> hocon_schema:field_schema().
-common_ssl_opts_schema(Defaults) ->
+-spec common_ssl_opts_schema(map(), server | client) -> hocon_schema:field_schema().
+common_ssl_opts_schema(Defaults, Type) ->
    D = fun(Field) -> maps:get(to_atom(Field), Defaults, undefined) end,
    Df = fun(Field, Default) -> maps:get(to_atom(Field), Defaults, Default) end,
    Collection = maps:get(versions, Defaults, tls_all_available),
@ -2200,7 +2200,7 @@ common_ssl_opts_schema(Defaults) ->
            sc(
                binary(),
                #{
-                    default => cert_file("cacert.pem"),
+                    default => cert_file("cacert.pem", Type),
                    required => false,
                    desc => ?DESC(common_ssl_opts_schema_cacertfile)
                }
@ -2209,7 +2209,7 @@ common_ssl_opts_schema(Defaults) ->
            sc(
                binary(),
                #{
-                    default => cert_file("cert.pem"),
+                    default => cert_file("cert.pem", Type),
                    required => false,
                    desc => ?DESC(common_ssl_opts_schema_certfile)
                }
@ -2218,7 +2218,7 @@ common_ssl_opts_schema(Defaults) ->
            sc(
                binary(),
                #{
-                    default => cert_file("key.pem"),
+                    default => cert_file("key.pem", Type),
                    required => false,
                    desc => ?DESC(common_ssl_opts_schema_keyfile)
                }
@ -2305,7 +2305,7 @@ common_ssl_opts_schema(Defaults) ->
 server_ssl_opts_schema(Defaults, IsRanchListener) ->
    D = fun(Field) -> maps:get(to_atom(Field), Defaults, undefined) end,
    Df = fun(Field, Default) -> maps:get(to_atom(Field), Defaults, Default) end,
-    common_ssl_opts_schema(Defaults) ++
+    common_ssl_opts_schema(Defaults, server) ++
        [
            {"dhfile",
                sc(
@ -2431,7 +2431,7 @@ crl_outer_validator(_SSLOpts) ->
 %% @doc Make schema for SSL client.
 -spec client_ssl_opts_schema(map()) -> hocon_schema:field_schema().
 client_ssl_opts_schema(Defaults) ->
-    common_ssl_opts_schema(Defaults) ++
+    common_ssl_opts_schema(Defaults, client) ++
        [
            {"enable",
                sc(
@ -3252,9 +3252,9 @@ default_listener(ws) ->
 default_listener(SSLListener) ->
    %% The env variable is resolved in emqx_tls_lib by calling naive_env_interpolate
    SslOptions = #{
-        <<"cacertfile">> => cert_file(<<"cacert.pem">>),
-        <<"certfile">> => cert_file(<<"cert.pem">>),
-        <<"keyfile">> => cert_file(<<"key.pem">>)
+        <<"cacertfile">> => cert_file(<<"cacert.pem">>, server),
+        <<"certfile">> => cert_file(<<"cert.pem">>, server),
+        <<"keyfile">> => cert_file(<<"key.pem">>, server)
    },
    case SSLListener of
        ssl ->
@ -3372,5 +3372,5 @@ ensure_default_listener(Map, ListenerType) ->
    NewMap = Map#{<<"default">> => default_listener(ListenerType)},
    keep_default_tombstone(NewMap, #{}).

-cert_file(File) ->
-    iolist_to_binary(filename:join(["${EMQX_ETC_DIR}", "certs", File])).
+cert_file(_File, client) -> undefined;
+cert_file(File, server) -> iolist_to_binary(filename:join(["${EMQX_ETC_DIR}", "certs", File])).