From 6f7a4344dc1fcc3015a3cea8976bb8d207eb109c Mon Sep 17 00:00:00 2001 From: "Zaiming (Stone) Shi" Date: Wed, 27 Sep 2023 23:08:26 +0200 Subject: [PATCH] fix: do not gc sso saml SP singing keys --- apps/emqx/src/emqx_tls_certfile_gc.erl | 5 ++++- apps/emqx/src/emqx_tls_lib.erl | 8 +++++++- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/apps/emqx/src/emqx_tls_certfile_gc.erl b/apps/emqx/src/emqx_tls_certfile_gc.erl index 9e2e98b7f..ccac02471 100644 --- a/apps/emqx/src/emqx_tls_certfile_gc.erl +++ b/apps/emqx/src/emqx_tls_certfile_gc.erl @@ -271,9 +271,12 @@ find_config_references(Root) -> is_file_reference(Stack) -> lists:any( fun(KP) -> lists:prefix(lists:reverse(KP), Stack) end, - emqx_tls_lib:ssl_file_conf_keypaths() + conf_keypaths() ). +conf_keypaths() -> + emqx_tls_lib:ssl_file_conf_keypaths(). + mk_fileref(AbsPath) -> case emqx_utils_fs:read_info(AbsPath) of {ok, Info} -> diff --git a/apps/emqx/src/emqx_tls_lib.erl b/apps/emqx/src/emqx_tls_lib.erl index 9113bd5e6..0b9bfe805 100644 --- a/apps/emqx/src/emqx_tls_lib.erl +++ b/apps/emqx/src/emqx_tls_lib.erl @@ -50,11 +50,17 @@ -define(IS_FALSE(Val), ((Val =:= false) orelse (Val =:= <<"false">>))). -define(SSL_FILE_OPT_PATHS, [ + %% common ssl options [<<"keyfile">>], [<<"certfile">>], [<<"cacertfile">>], - [<<"ocsp">>, <<"issuer_pem">>] + %% OCSP + [<<"ocsp">>, <<"issuer_pem">>], + %% SSO + [<<"sp_public_key">>], + [<<"sp_private_key">>] ]). + -define(SSL_FILE_OPT_PATHS_A, [ [keyfile], [certfile],