Merge branch 'emq20' of github.com:emqtt/emqttd into emq20

2016-10-31 19:17:06 +08:00 · 2016-10-31 19:17:06 +08:00 · 3ea2c2f0c8
parent 7819d235b7 d5bf129381
commit 3ea2c2f0c8
5 changed files with 30 additions and 100 deletions
--- a/etc/certs/make_certs
+++ b/etc/certs/make_certs
@ -1,24 +0,0 @@
 #!/bin/sh
 rm -rf temp
 mkdir temp
 echo 01 > temp/serial
 touch temp/index.txt
 ## create ca certificate
 openssl req -x509 -config openssl.cnf -newkey rsa:2048 -days 365  -out cacert.pem -outform PEM -subj /CN=MyTestCA/ -nodes
 openssl x509 -in cacert.pem -out temp/cacert.cer -outform DER
 ## create server certificate
 openssl genrsa -out server-key.pem 2048
 openssl req -new -key server-key.pem -out temp/server-req.pem -outform PEM -subj /CN=$(hostname)/O=server/ -nodes
 openssl ca -config openssl.cnf -in temp/server-req.pem -out server-cert.pem -notext -batch -extensions server_ca_extensions
 ## create client certificate
 openssl genrsa -out client-key.pem 2048
 openssl req -new -key client-key.pem -out temp/client-req.pem -outform PEM -subj /CN=$(hostname)/O=client/ -nodes
 openssl ca -config openssl.cnf -in temp/client-req.pem -out client-cert.pem -notext -batch -extensions client_ca_extensions
 rm -rf temp
--- a/etc/certs/openssl.cnf
+++ b/etc/certs/openssl.cnf
@ -1,54 +0,0 @@
 [ ca ]
 default_ca = testca
 [ testca ]
 dir = .
 certificate = $dir/cacert.pem
 database = $dir/temp/index.txt
 new_certs_dir = $dir/temp
 private_key = $dir/temp/cakey.pem
 serial = $dir/temp/serial
 default_crl_days = 7
 default_days = 365
 default_md = sha256
 policy = testca_policy
 x509_extensions = certificate_extensions
 [ testca_policy ]
 commonName = supplied
 stateOrProvinceName = optional
 countryName = optional
 emailAddress = optional
 organizationName = optional
 organizationalUnitName = optional
 domainComponent = optional
 [ certificate_extensions ]
 basicConstraints = CA:false
 [ req ]
 default_bits = 2048
 default_keyfile = ./temp/cakey.pem
 default_md = sha256
 prompt = yes
 distinguished_name = root_ca_distinguished_name
 x509_extensions = root_ca_extensions
 [ root_ca_distinguished_name ]
 commonName = hostname
 [ root_ca_extensions ]
 basicConstraints = CA:true
 keyUsage = keyCertSign, cRLSign
 [ client_ca_extensions ]
 basicConstraints = CA:false
 keyUsage = digitalSignature
 extendedKeyUsage = 1.3.6.1.5.5.7.3.2
 [ server_ca_extensions ]
 basicConstraints = CA:false
 keyUsage = keyEncipherment
 extendedKeyUsage = 1.3.6.1.5.5.7.3.1
--- a/etc/emq.conf
+++ b/etc/emq.conf
@ -237,7 +237,7 @@ mqtt.listener.ssl.max_clients = 512
 ## Configuring SSL Options
 ## See http://erlang.org/doc/man/ssl.html
-mqtt.listener.ssl.handshake_timeout = 15
+mqtt.listener.ssl.handshake_timeout = 2000
 mqtt.listener.ssl.keyfile = etc/certs/key.pem
 mqtt.listener.ssl.certfile = etc/certs/cert.pem
 ## mqtt.listener.ssl.cacertfile = etc/certs/cacert.pem
--- a/test/emqttd_SUITE_data/emqttd.conf
+++ b/test/emqttd_SUITE_data/emqttd.conf
@ -80,6 +80,9 @@ mqtt.client_idle_timeout = 30
 ## Allow Anonymous authentication
 mqtt.allow_anonymous = true
 ## Default ACL File
 mqtt.acl_file = etc/acl.conf
 ##--------------------------------------------------------------------
 ## MQTT Session
 ##--------------------------------------------------------------------
@ -161,10 +164,10 @@ mqtt.bridge.ping_down_interval = 1
 ##-------------------------------------------------------------------
 ## Dir of plugins' config
-##mqtt.plugins.etc_dir = etc/plugins/
+mqtt.plugins.etc_dir = etc/plugins/
 ## File to store loaded plugin names.
-##mqtt.plugins.loaded_file = data/loaded_plugins
+mqtt.plugins.loaded_file = data/loaded_plugins
 ##-------------------------------------------------------------------
 ## MQTT Modules
@ -186,8 +189,7 @@ mqtt.module.retainer.max_payload_size = 64KB
 mqtt.module.retainer.expired_after = 0
 ## Enable presence module
-## Client presence management module. Publish presence messages when
+## Publish presence messages when client connected or disconnected.
 ## client connected or disconnected.
 mqtt.module.presence = on
 mqtt.module.presence.qos = 0
@ -235,26 +237,26 @@ mqtt.listener.ssl.max_clients = 512
 ## Configuring SSL Options
 ## See http://erlang.org/doc/man/ssl.html
-mqtt.listener.ssl.handshake_timeout = 15 #seconds
+mqtt.listener.ssl.handshake_timeout = 15
-mqtt.listener.ssl.keyfile = etc/ssl/key.pem
+mqtt.listener.ssl.keyfile = etc/certs/key.pem
-mqtt.listener.ssl.certfile = etc/ssl/cert.pem
+mqtt.listener.ssl.certfile = etc/certs/cert.pem
-mqtt.listener.ssl.cacertfile = etc/ssl/cacert.pem
+## mqtt.listener.ssl.cacertfile = etc/certs/cacert.pem
 ## mqtt.listener.ssl.verify = verify_peer
 ## mqtt.listener.ssl.failed_if_no_peer_cert = true
-## HTTP Listener
+## HTTP and WebSocket Listener
 mqtt.listener.http = 8083
 mqtt.listener.http.acceptors = 4
 mqtt.listener.http.max_clients = 64
 ## HTTP(SSL) Listener
-mqtt.listener.https = 8084
+## mqtt.listener.https = 8084
-mqtt.listener.https.acceptors = 4
+## mqtt.listener.https.acceptors = 4
-mqtt.listener.https.max_clients = 64
+## mqtt.listener.https.max_clients = 64
-mqtt.listener.https.handshake_timeout = 10 #seconds
+## mqtt.listener.https.handshake_timeout = 10
-mqtt.listener.https.certfile = etc/ssl/cert.pem
+## mqtt.listener.https.certfile = etc/certs/cert.pem
-mqtt.listener.https.keyfile = etc/ssl/key.pem
+## mqtt.listener.https.keyfile = etc/certs/key.pem
-mqtt.listener.https.cacertfile = etc/ssl/cacert.pem
+## mqtt.listener.https.cacertfile = etc/certs/cacert.pem
 ## mqtt.listener.https.verify = verify_peer
 ## mqtt.listener.https.failed_if_no_peer_cert = true
--- a/test/emqttd_SUITE_data/emqttd.schema
+++ b/test/emqttd_SUITE_data/emqttd.schema
@ -261,6 +261,12 @@ end}.
  hidden
 ]}.
 %% @doc Default ACL File
 {mapping, "mqtt.acl_file", "emqttd.acl_file", [
  {datatype, string},
  hidden
 ]}.
 %%--------------------------------------------------------------------
 %% MQTT Session
 %%--------------------------------------------------------------------
@ -527,7 +533,7 @@ end}.
 ]}.
 {mapping, "mqtt.listener.ssl.verify", "emqttd.listeners", [
-  {datatype, string}
+  {datatype, atom}
 ]}.
 {mapping, "mqtt.listener.ssl.failed_if_no_peer_cert", "emqttd.listeners", [
@ -583,7 +589,7 @@ end}.
 ]}.
 {mapping, "mqtt.listener.https.verify", "emqttd.listeners", [
-  {datatype, string}
+  {datatype, atom}
 ]}.
 {mapping, "mqtt.listener.https.failed_if_no_peer_cert", "emqttd.listeners", [
@ -609,8 +615,8 @@ end}.
                          {keyfile,    cuttlefish:conf_get(Prefix ++ ".keyfile", Conf, undefined)},
                          {certfile,   cuttlefish:conf_get(Prefix ++ ".certfile", Conf, undefined)},
                          {cacertfile, cuttlefish:conf_get(Prefix ++ ".cacertfile", Conf, undefined)},
-                          {verify,     cuttlefish:conf_get(Prefix ++ ".verify_peer", Conf, undefined)},
+                          {verify,     cuttlefish:conf_get(Prefix ++ ".verify", Conf, undefined)},
-                          {failed_if_no_peer_cert, cuttlefish:conf_get(Prefix ++ "failed_if_no_peer_cert", Conf, undefined)}])
+                          {failed_if_no_peer_cert, cuttlefish:conf_get(Prefix ++ ".failed_if_no_peer_cert", Conf, undefined)}])
              end,
    Listeners = fun(Name) when is_atom(Name) ->
@ -703,7 +709,7 @@ end}.
                                      {list_to_binary(Topic), list_to_integer(Qos)}
                                  end || S <- string:tokens(Topics, ",")]
               end,
-    SubOpts = fun(Prefix) -> [{topics, ParseFun(cuttlefish:conf_get(Prefix ++ ".topics", Conf))}] end,
+    SubOpts = fun(Prefix) -> ParseFun(cuttlefish:conf_get(Prefix ++ ".topics", Conf)) end,
    lists:append([WithMod(retainer, RetainOpts), WithMod(presence, PresOpts), WithMod(subscription, SubOpts)])
 end}.