Merge branch 'emq20' of github.com:emqtt/emqttd into emq20

etc/certs/make_certs

@@ -1,24 +0,0 @@
-#!/bin/sh
-
-rm -rf temp
-
-mkdir temp
-
-echo 01 > temp/serial
-touch temp/index.txt
-
-## create ca certificate
-openssl req -x509 -config openssl.cnf -newkey rsa:2048 -days 365  -out cacert.pem -outform PEM -subj /CN=MyTestCA/ -nodes
-openssl x509 -in cacert.pem -out temp/cacert.cer -outform DER
-
-## create server certificate
-openssl genrsa -out server-key.pem 2048
-openssl req -new -key server-key.pem -out temp/server-req.pem -outform PEM -subj /CN=$(hostname)/O=server/ -nodes
-openssl ca -config openssl.cnf -in temp/server-req.pem -out server-cert.pem -notext -batch -extensions server_ca_extensions
-
-## create client certificate
-openssl genrsa -out client-key.pem 2048
-openssl req -new -key client-key.pem -out temp/client-req.pem -outform PEM -subj /CN=$(hostname)/O=client/ -nodes
-openssl ca -config openssl.cnf -in temp/client-req.pem -out client-cert.pem -notext -batch -extensions client_ca_extensions
-
-rm -rf temp

etc/certs/openssl.cnf

@@ -1,54 +0,0 @@
-[ ca ]
-default_ca = testca
-
-[ testca ]
-dir = .
-certificate = $dir/cacert.pem
-database = $dir/temp/index.txt
-new_certs_dir = $dir/temp
-private_key = $dir/temp/cakey.pem
-serial = $dir/temp/serial
-
-default_crl_days = 7
-default_days = 365
-default_md = sha256
-
-policy = testca_policy
-x509_extensions = certificate_extensions
-
-[ testca_policy ]
-commonName = supplied
-stateOrProvinceName = optional
-countryName = optional
-emailAddress = optional
-organizationName = optional
-organizationalUnitName = optional
-domainComponent = optional
-
-[ certificate_extensions ]
-basicConstraints = CA:false
-
-[ req ]
-default_bits = 2048
-default_keyfile = ./temp/cakey.pem
-default_md = sha256
-prompt = yes
-distinguished_name = root_ca_distinguished_name
-x509_extensions = root_ca_extensions
-
-[ root_ca_distinguished_name ]
-commonName = hostname
-
-[ root_ca_extensions ]
-basicConstraints = CA:true
-keyUsage = keyCertSign, cRLSign
-
-[ client_ca_extensions ]
-basicConstraints = CA:false
-keyUsage = digitalSignature
-extendedKeyUsage = 1.3.6.1.5.5.7.3.2
-
-[ server_ca_extensions ]
-basicConstraints = CA:false
-keyUsage = keyEncipherment
-extendedKeyUsage = 1.3.6.1.5.5.7.3.1

etc/emq.conf

@@ -237,7 +237,7 @@ mqtt.listener.ssl.max_clients = 512
 
 ## Configuring SSL Options
 ## See http://erlang.org/doc/man/ssl.html
-mqtt.listener.ssl.handshake_timeout = 15
+mqtt.listener.ssl.handshake_timeout = 2000
 mqtt.listener.ssl.keyfile = etc/certs/key.pem
 mqtt.listener.ssl.certfile = etc/certs/cert.pem
 ## mqtt.listener.ssl.cacertfile = etc/certs/cacert.pem

test/emqttd_SUITE_data/emqttd.conf

@@ -80,6 +80,9 @@ mqtt.client_idle_timeout = 30
 ## Allow Anonymous authentication
 mqtt.allow_anonymous = true
 
+## Default ACL File
+mqtt.acl_file = etc/acl.conf
+
 ##--------------------------------------------------------------------
 ## MQTT Session
 ##--------------------------------------------------------------------
@@ -161,10 +164,10 @@ mqtt.bridge.ping_down_interval = 1
 ##-------------------------------------------------------------------
 
 ## Dir of plugins' config
-##mqtt.plugins.etc_dir = etc/plugins/
+mqtt.plugins.etc_dir = etc/plugins/
 
 ## File to store loaded plugin names.
-##mqtt.plugins.loaded_file = data/loaded_plugins
+mqtt.plugins.loaded_file = data/loaded_plugins
 
 ##-------------------------------------------------------------------
 ## MQTT Modules
@@ -186,8 +189,7 @@ mqtt.module.retainer.max_payload_size = 64KB
 mqtt.module.retainer.expired_after = 0
 
 ## Enable presence module
-## Client presence management module. Publish presence messages when
-## client connected or disconnected.
+## Publish presence messages when client connected or disconnected.
 mqtt.module.presence = on
 
 mqtt.module.presence.qos = 0
@@ -235,26 +237,26 @@ mqtt.listener.ssl.max_clients = 512
 
 ## Configuring SSL Options
 ## See http://erlang.org/doc/man/ssl.html
-mqtt.listener.ssl.handshake_timeout = 15 #seconds
-mqtt.listener.ssl.keyfile = etc/ssl/key.pem
-mqtt.listener.ssl.certfile = etc/ssl/cert.pem
-mqtt.listener.ssl.cacertfile = etc/ssl/cacert.pem
+mqtt.listener.ssl.handshake_timeout = 15
+mqtt.listener.ssl.keyfile = etc/certs/key.pem
+mqtt.listener.ssl.certfile = etc/certs/cert.pem
+## mqtt.listener.ssl.cacertfile = etc/certs/cacert.pem
 ## mqtt.listener.ssl.verify = verify_peer
 ## mqtt.listener.ssl.failed_if_no_peer_cert = true
 
-## HTTP Listener
+## HTTP and WebSocket Listener
 mqtt.listener.http = 8083
 mqtt.listener.http.acceptors = 4
 mqtt.listener.http.max_clients = 64
 
 ## HTTP(SSL) Listener
-mqtt.listener.https = 8084
-mqtt.listener.https.acceptors = 4
-mqtt.listener.https.max_clients = 64
-mqtt.listener.https.handshake_timeout = 10 #seconds
-mqtt.listener.https.certfile = etc/ssl/cert.pem
-mqtt.listener.https.keyfile = etc/ssl/key.pem
-mqtt.listener.https.cacertfile = etc/ssl/cacert.pem
+## mqtt.listener.https = 8084
+## mqtt.listener.https.acceptors = 4
+## mqtt.listener.https.max_clients = 64
+## mqtt.listener.https.handshake_timeout = 10
+## mqtt.listener.https.certfile = etc/certs/cert.pem
+## mqtt.listener.https.keyfile = etc/certs/key.pem
+## mqtt.listener.https.cacertfile = etc/certs/cacert.pem
 ## mqtt.listener.https.verify = verify_peer
 ## mqtt.listener.https.failed_if_no_peer_cert = true
 

test/emqttd_SUITE_data/emqttd.schema

@@ -261,6 +261,12 @@ end}.
   hidden
 ]}.
 
+%% @doc Default ACL File
+{mapping, "mqtt.acl_file", "emqttd.acl_file", [
+  {datatype, string},
+  hidden
+]}.
+
 %%--------------------------------------------------------------------
 %% MQTT Session
 %%--------------------------------------------------------------------
@@ -527,7 +533,7 @@ end}.
 ]}.
 
 {mapping, "mqtt.listener.ssl.verify", "emqttd.listeners", [
-  {datatype, string}
+  {datatype, atom}
 ]}.
 
 {mapping, "mqtt.listener.ssl.failed_if_no_peer_cert", "emqttd.listeners", [
@@ -583,7 +589,7 @@ end}.
 ]}.
 
 {mapping, "mqtt.listener.https.verify", "emqttd.listeners", [
-  {datatype, string}
+  {datatype, atom}
 ]}.
 
 {mapping, "mqtt.listener.https.failed_if_no_peer_cert", "emqttd.listeners", [
@@ -609,8 +615,8 @@ end}.
                           {keyfile,    cuttlefish:conf_get(Prefix ++ ".keyfile", Conf, undefined)},
                           {certfile,   cuttlefish:conf_get(Prefix ++ ".certfile", Conf, undefined)},
                           {cacertfile, cuttlefish:conf_get(Prefix ++ ".cacertfile", Conf, undefined)},
-                          {verify,     cuttlefish:conf_get(Prefix ++ ".verify_peer", Conf, undefined)},
-                          {failed_if_no_peer_cert, cuttlefish:conf_get(Prefix ++ "failed_if_no_peer_cert", Conf, undefined)}])
+                          {verify,     cuttlefish:conf_get(Prefix ++ ".verify", Conf, undefined)},
+                          {failed_if_no_peer_cert, cuttlefish:conf_get(Prefix ++ ".failed_if_no_peer_cert", Conf, undefined)}])
               end,
 
     Listeners = fun(Name) when is_atom(Name) ->
@@ -703,7 +709,7 @@ end}.
                                       {list_to_binary(Topic), list_to_integer(Qos)}
                                   end || S <- string:tokens(Topics, ",")]
                end,
-    SubOpts = fun(Prefix) -> [{topics, ParseFun(cuttlefish:conf_get(Prefix ++ ".topics", Conf))}] end,
+    SubOpts = fun(Prefix) -> ParseFun(cuttlefish:conf_get(Prefix ++ ".topics", Conf)) end,
     lists:append([WithMod(retainer, RetainOpts), WithMod(presence, PresOpts), WithMod(subscription, SubOpts)])
 end}.