From 8eb463c58d6f8548e3c4088b9c05cf187bb27d49 Mon Sep 17 00:00:00 2001
From: William Yang <mscame@gmail.com>
Date: Thu, 5 Oct 2023 16:25:09 +0200
Subject: [PATCH] feat(tls): update schema for TLS keyusage

---
 apps/emqx/src/emqx_schema.erl | 8 ++++++++
 rel/i18n/emqx_schema.hocon    | 6 ++++++
 2 files changed, 14 insertions(+)

diff --git a/apps/emqx/src/emqx_schema.erl b/apps/emqx/src/emqx_schema.erl
index 83d5dd2c1..46337c422 100644
--- a/apps/emqx/src/emqx_schema.erl
+++ b/apps/emqx/src/emqx_schema.erl
@@ -2117,6 +2117,14 @@ common_ssl_opts_schema(Defaults, Type) ->
                     desc => ?DESC(common_ssl_opts_schema_partial_chain)
                 }
             )},
+        {"verify_peer_ext_key_usage",
+            sc(
+                string(),
+                #{
+                    required => false,
+                    desc => ?DESC(common_ssl_opts_verify_peer_ext_key_usage)
+                }
+            )},
         {"reuse_sessions",
             sc(
                 boolean(),
diff --git a/rel/i18n/emqx_schema.hocon b/rel/i18n/emqx_schema.hocon
index 225e88a35..2df26b2d3 100644
--- a/rel/i18n/emqx_schema.hocon
+++ b/rel/i18n/emqx_schema.hocon
@@ -684,6 +684,12 @@ common_ssl_opts_schema_partial_chain.desc:
 common_ssl_opts_schema_partial_chain.label:
 """Partial chain"""
 
+common_ssl_opts_verify_peer_ext_key_usage.desc:
+"""Verify Extended Key Usage in Peer's certificate"""
+
+common_ssl_opts_verify_peer_ext_key_usage.label:
+"""Verify KeyUsage in cert"""
+
 fields_listeners_ssl.desc:
 """SSL listeners."""