yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #9356 from zhongwencool/tls-version-validation 

feat: validate tls_versions value
This commit is contained in:
zhongwencool 2022-11-14 20:12:09 +08:00 committed by GitHub
parent e667b564d8 dfa3f4b5f7
commit 5e3814c480
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 14 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
changes/v4.3.22-en.md
View File

@ -3,6 +3,8 @@
## Enhancements ## Enhancements
- Make sure listener's `tls_versions` config value is one or more of `tlsv1`, `tlsv1.1`, `tlsv1.2`, `tlsv1.3` [#9260](https://github.com/emqx/emqx/pull/9260).
- Remove useless information from the dashboard listener failure log [#9260](https://github.com/emqx/emqx/pull/9260). - Remove useless information from the dashboard listener failure log [#9260](https://github.com/emqx/emqx/pull/9260).
- We now trigger the `'message.acked'` hook after the CoAP gateway sends a message to the device and receives the ACK from the device [#9264](https://github.com/emqx/emqx/pull/9264). - We now trigger the `'message.acked'` hook after the CoAP gateway sends a message to the device and receives the ACK from the device [#9264](https://github.com/emqx/emqx/pull/9264).

2
changes/v4.3.22-zh.md
View File

@ -2,6 +2,8 @@
## 增强 ## 增强
- 检查监听器的 `tls_versions` 配置值是 `tlsv1``tlsv1.1``tlsv1.2``tlsv1.3` 中的一个或多个组合 [#9260](https://github.com/emqx/emqx/pull/9260)。
- 删除 Dashboard 监听器失败时日志中的无用信息 [#9260](https://github.com/emqx/emqx/pull/9260). - 删除 Dashboard 监听器失败时日志中的无用信息 [#9260](https://github.com/emqx/emqx/pull/9260).
- 当 CoAP 网关给设备投递消息并收到设备发来的确认之后,回调 `'message.acked'` 钩子 [#9264](https://github.com/emqx/emqx/pull/9264)。 - 当 CoAP 网关给设备投递消息并收到设备发来的确认之后,回调 `'message.acked'` 钩子 [#9264](https://github.com/emqx/emqx/pull/9264)。

11
priv/emqx.schema
View File

@ -2203,7 +2203,16 @@ end}.
SslOpts = fun(Prefix) -> SslOpts = fun(Prefix) ->
Versions = case SplitFun(cuttlefish:conf_get(Prefix ++ ".tls_versions", Conf, undefined)) of Versions = case SplitFun(cuttlefish:conf_get(Prefix ++ ".tls_versions", Conf, undefined)) of
undefined -> undefined; undefined -> undefined;
L -> [list_to_atom(V) || V <- L] L ->
Versions0 = [list_to_atom(V) || V <- L],
SupportVersions = ['tlsv1', 'tlsv1.1', 'tlsv1.2', 'tlsv1.3'],
case lists:all(fun(V) -> lists:member(V, SupportVersions) end, Versions0) of
false ->
cuttlefish:invalid(
lists:flatten(io_lib:format("tls_versions: only support ~p", [SupportVersions])));
true ->
Versions0
end
end, end,
TLSCiphers = cuttlefish:conf_get(Prefix++".ciphers", Conf, undefined), TLSCiphers = cuttlefish:conf_get(Prefix++".ciphers", Conf, undefined),
PSKCiphers = cuttlefish:conf_get(Prefix++".psk_ciphers", Conf, undefined), PSKCiphers = cuttlefish:conf_get(Prefix++".psk_ciphers", Conf, undefined),