From 61da68ff40b608897f566a8305bee5582a7a26e5 Mon Sep 17 00:00:00 2001
From: "Zaiming (Stone) Shi" <zmstone@gmail.com>
Date: Wed, 7 Dec 2022 16:54:53 +0100
Subject: [PATCH] fix(emqx_schema): handshake_timeout is common for all
 listeners

---
 apps/emqx/src/emqx_schema.erl        | 36 +++++++++++++---------------
 apps/emqx/test/emqx_schema_tests.erl |  4 ++--
 changes/v5.0.12-en.md                |  8 +++----
 changes/v5.0.12-zh.md                |  8 +++----
 4 files changed, 26 insertions(+), 30 deletions(-)

diff --git a/apps/emqx/src/emqx_schema.erl b/apps/emqx/src/emqx_schema.erl
index f2358aa32..171b6dc42 100644
--- a/apps/emqx/src/emqx_schema.erl
+++ b/apps/emqx/src/emqx_schema.erl
@@ -1942,7 +1942,6 @@ common_ssl_opts_schema(Defaults) ->
     ].
 
 %% @doc Make schema for SSL listener options.
-%% When it's for ranch listener, an extra field `handshake_timeout' is added.
 -spec server_ssl_opts_schema(map(), boolean()) -> hocon_schema:field_schema().
 server_ssl_opts_schema(Defaults, IsRanchListener) ->
     D = fun(Field) -> maps:get(to_atom(Field), Defaults, undefined) end,
@@ -1981,26 +1980,23 @@ server_ssl_opts_schema(Defaults, IsRanchListener) ->
                         default => Df("client_renegotiation", true),
                         desc => ?DESC(server_ssl_opts_schema_client_renegotiation)
                     }
+                )},
+            {"handshake_timeout",
+                sc(
+                    duration(),
+                    #{
+                        default => Df("handshake_timeout", "15s"),
+                        desc => ?DESC(server_ssl_opts_schema_handshake_timeout)
+                    }
                 )}
-            | [
-                {"handshake_timeout",
-                    sc(
-                        duration(),
-                        #{
-                            default => Df("handshake_timeout", "15s"),
-                            desc => ?DESC(server_ssl_opts_schema_handshake_timeout)
-                        }
-                    )}
-             || IsRanchListener
-            ] ++
-                [
-                    {"gc_after_handshake",
-                        sc(boolean(), #{
-                            default => false,
-                            desc => ?DESC(server_ssl_opts_schema_gc_after_handshake)
-                        })}
-                 || not IsRanchListener
-                ]
+        ] ++
+        [
+            {"gc_after_handshake",
+                sc(boolean(), #{
+                    default => false,
+                    desc => ?DESC(server_ssl_opts_schema_gc_after_handshake)
+                })}
+         || not IsRanchListener
         ].
 
 %% @doc Make schema for SSL client.
diff --git a/apps/emqx/test/emqx_schema_tests.erl b/apps/emqx/test/emqx_schema_tests.erl
index fdda9ef44..fba70e303 100644
--- a/apps/emqx/test/emqx_schema_tests.erl
+++ b/apps/emqx/test/emqx_schema_tests.erl
@@ -37,11 +37,11 @@ ssl_opts_dtls_test() ->
 ssl_opts_tls_1_3_test() ->
     Sc = emqx_schema:server_ssl_opts_schema(#{}, false),
     Checked = validate(Sc, #{<<"versions">> => [<<"tlsv1.3">>]}),
-    ?assertNot(maps:is_key(handshake_timeout, Checked)),
     ?assertMatch(
         #{
             versions := ['tlsv1.3'],
-            ciphers := []
+            ciphers := [],
+            handshake_timeout := _
         },
         Checked
     ).
diff --git a/changes/v5.0.12-en.md b/changes/v5.0.12-en.md
index 97992568f..3363d9766 100644
--- a/changes/v5.0.12-en.md
+++ b/changes/v5.0.12-en.md
@@ -28,6 +28,8 @@ Please note, the request body of `/bridges` API to configure MQTT brdige is chan
 
 - HTTP client library `ehttpc` upgraded from `0.4.0` to `0.4.2` [#9520](https://github.com/emqx/emqx/pull/9520).
 
+- Add `handshake_timeout` option to MQTT SSL listener [#9502](https://github.com/emqx/emqx/pull/9502).
+
 - Upgrade dashboard to [v1.1.3](https://github.com/emqx/emqx-dashboard-web-new/releases/tag/v1.1.3).
 
 ## Bug fixes
@@ -40,11 +42,9 @@ Please note, the request body of `/bridges` API to configure MQTT brdige is chan
 
 - Fix some potential MQTT packet parse errors [#9477](https://github.com/emqx/emqx/pull/9477).
 
-- Fixed EMQX Helm Chart deployment error [#9509](https://github.com/emqx/emqx/pull/9509)
-
+- Fixed EMQX Helm Chart deployment error [#9509](https://github.com/emqx/emqx/pull/9509).
   - Fixed the `Discovery error: no such service` error occurred during helm chart deployment, resulting in an abnormal discovery of cluster nodes.
-
-  - Fixed that caused EMQX Helm Chart to fail when modifying some of EMQX's configuration items via environment variables
+  - Fixed issue that caused EMQX Helm Chart to fail when modifying some of EMQX's configuration items via environment variables.
 
 - Fix shadowing `'client.authenticate'` callbacks by `emqx_authenticator`. Now `emqx_authenticator`
   passes execution to the further callbacks if none of the authenticators matches [#9496](https://github.com/emqx/emqx/pull/9496).
diff --git a/changes/v5.0.12-zh.md b/changes/v5.0.12-zh.md
index a0d67424e..ffbb713c1 100644
--- a/changes/v5.0.12-zh.md
+++ b/changes/v5.0.12-zh.md
@@ -27,6 +27,8 @@ v5.0.11 或更早版本创建的配置文件，在新版本中会被自动转换
 
 - HTTP 客户端库 `ehttpc` 从 `0.4.0` 升级到 `0.4.2` [#9520](https://github.com/emqx/emqx/pull/9520)。
 
+- 为 MQTT SSL 监听器增加配置 `handshake_timeout` [#9502](https://github.com/emqx/emqx/pull/9502)。
+
 - Dashboard 更新到 [v1.1.3](https://github.com/emqx/emqx-dashboard-web-new/releases/tag/v1.1.3)。
 
 ## 修复
@@ -39,11 +41,9 @@ v5.0.11 或更早版本创建的配置文件，在新版本中会被自动转换
 
 - 修复了一些 MQTT 协议包的潜在解析错误 [#9477](https://github.com/emqx/emqx/pull/9477)。
 
-- 修复了 EMQX Helm Chart 部署的一些问题 [#9509](https://github.com/emqx/emqx/pull/9509)
-
+- 修复了 EMQX Helm Chart 部署的一些问题 [#9509](https://github.com/emqx/emqx/pull/9509)。
   - 修复了 EMQX Helm Chart 部署时出现 `Discovery error: no such service` 错误，导致集群节点发现异常。
-
-  - 修复了 EMQX Helm Chart 通过环境变量修改部分 EMQX 的配置项时的错误
+  - 修复了 EMQX Helm Chart 通过环境变量修改部分 EMQX 的配置项时的错误。
 
 - 通过 `emqx_authenticator` 修复隐藏 `'client.authenticate'` 回调。 现在 `emqx_authenticator` 如果没有任何验证器匹配，则将执行传递给进一步的回调 [#9496](https://github.com/emqx/emqx/pull/9496)。