Support use certifate as username
Prior to this change, you can just use CN or EN field from the client certificate as username. This change add a new option to allow user to use Certificate directly as username.
This commit is contained in:
Gilbert Wong
parent
873a08dc94
commit
3f761cbe6a
|
|
@ -1159,10 +1159,10 @@ listener.ssl.external.ciphers = ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-G
|
||||||
## Value: on | off
|
## Value: on | off
|
||||||
## listener.ssl.external.honor_cipher_order = on
|
## listener.ssl.external.honor_cipher_order = on
|
||||||
|
|
||||||
## Use the CN field from the client certificate as a username.
|
## Use the CN, EN or CRT field from the client certificate as a username.
|
||||||
## Notice that 'verify' should be set as 'verify_peer'.
|
## Notice that 'verify' should be set as 'verify_peer'.
|
||||||
##
|
##
|
||||||
## Value: cn | en
|
## Value: cn | en | crt
|
||||||
## listener.ssl.external.peer_cert_as_username = cn
|
## listener.ssl.external.peer_cert_as_username = cn
|
||||||
|
|
||||||
## TCP backlog for the SSL connection.
|
## TCP backlog for the SSL connection.
|
||||||
|
|
@ -1522,7 +1522,7 @@ listener.wss.external.certfile = {{ platform_etc_dir }}/certs/cert.pem
|
||||||
|
|
||||||
## See: listener.ssl.$name.peer_cert_as_username
|
## See: listener.ssl.$name.peer_cert_as_username
|
||||||
##
|
##
|
||||||
## Value: cn | dn
|
## Value: cn | dn | crt
|
||||||
## listener.wss.external.peer_cert_as_username = cn
|
## listener.wss.external.peer_cert_as_username = cn
|
||||||
|
|
||||||
## TCP backlog for the WebSocket/SSL connection.
|
## TCP backlog for the WebSocket/SSL connection.
|
||||||
|
|
|
||||||
|
|
@ -949,7 +949,7 @@ end}.
|
||||||
]}.
|
]}.
|
||||||
|
|
||||||
{mapping, "listener.tcp.$name.peer_cert_as_username", "emqx.listeners", [
|
{mapping, "listener.tcp.$name.peer_cert_as_username", "emqx.listeners", [
|
||||||
{datatype, {enum, [cn, dn]}}
|
{datatype, {enum, [cn, dn, crt]}}
|
||||||
]}.
|
]}.
|
||||||
|
|
||||||
{mapping, "listener.tcp.$name.backlog", "emqx.listeners", [
|
{mapping, "listener.tcp.$name.backlog", "emqx.listeners", [
|
||||||
|
|
@ -1139,7 +1139,7 @@ end}.
|
||||||
]}.
|
]}.
|
||||||
|
|
||||||
{mapping, "listener.ssl.$name.peer_cert_as_username", "emqx.listeners", [
|
{mapping, "listener.ssl.$name.peer_cert_as_username", "emqx.listeners", [
|
||||||
{datatype, {enum, [cn, dn]}}
|
{datatype, {enum, [cn, dn, crt]}}
|
||||||
]}.
|
]}.
|
||||||
|
|
||||||
%%--------------------------------------------------------------------
|
%%--------------------------------------------------------------------
|
||||||
|
|
@ -1400,7 +1400,7 @@ end}.
|
||||||
]}.
|
]}.
|
||||||
|
|
||||||
{mapping, "listener.wss.$name.peer_cert_as_username", "emqx.listeners", [
|
{mapping, "listener.wss.$name.peer_cert_as_username", "emqx.listeners", [
|
||||||
{datatype, {enum, [cn, dn]}}
|
{datatype, {enum, [cn, dn, crt]}}
|
||||||
]}.
|
]}.
|
||||||
|
|
||||||
{translation, "emqx.listeners", fun(Conf) ->
|
{translation, "emqx.listeners", fun(Conf) ->
|
||||||
|
|
|
||||||
|
|
@ -108,6 +108,7 @@ init_username(Peercert, Options) ->
|
||||||
case proplists:get_value(peer_cert_as_username, Options) of
|
case proplists:get_value(peer_cert_as_username, Options) of
|
||||||
cn -> esockd_peercert:common_name(Peercert);
|
cn -> esockd_peercert:common_name(Peercert);
|
||||||
dn -> esockd_peercert:subject(Peercert);
|
dn -> esockd_peercert:subject(Peercert);
|
||||||
|
crt -> Peercert;
|
||||||
_ -> undefined
|
_ -> undefined
|
||||||
end.
|
end.
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue