diff --git a/docs/source/config.rst b/docs/source/config.rst index e6f786812..0ef44c644 100644 --- a/docs/source/config.rst +++ b/docs/source/config.rst @@ -453,7 +453,7 @@ SSL Listener - 8883 mqtt.listener.ssl.certfile = etc/certs/cert.pem mqtt.listener.ssl.cacertfile = etc/certs/cacert.pem ## mqtt.listener.ssl.verify = verify_peer - ## mqtt.listener.ssl.failed_if_no_peer_cert = true + ## mqtt.listener.ssl.fail_if_no_peer_cert = true HTTP/WS Listener - 8083 ----------------------- @@ -480,7 +480,7 @@ HTTPS/WSS Listener - 8084 mqtt.listener.https.cacertfile = etc/certs/cacert.pem ## 开启双向认证 ## mqtt.listener.https.verify = verify_peer - ## mqtt.listener.https.failed_if_no_peer_cert = true + ## mqtt.listener.https.fail_if_no_peer_cert = true -------------- System Monitor diff --git a/docs/source/plugins.rst b/docs/source/plugins.rst index 183446ea5..983beb3ca 100644 --- a/docs/source/plugins.rst +++ b/docs/source/plugins.rst @@ -167,7 +167,7 @@ etc/plugins/emq_dashboard.conf: ## dashboard.listener.https.keyfile = etc/certs/key.pem ## dashboard.listener.https.cacertfile = etc/certs/cacert.pem ## dashboard.listener.https.verify = verify_peer - ## dashboard.listener.https.failed_if_no_peer_cert = true + ## dashboard.listener.https.fail_if_no_peer_cert = true ------------------------------- emq_auth_ldap: LDAP Auth Plugin diff --git a/etc/emq.conf b/etc/emq.conf index 48c437cf1..e4434283a 100644 --- a/etc/emq.conf +++ b/etc/emq.conf @@ -206,12 +206,12 @@ mqtt.listener.ssl.max_clients = 512 ## Configuring SSL Options ## See http://erlang.org/doc/man/ssl.html -mqtt.listener.ssl.handshake_timeout = 2000 +mqtt.listener.ssl.handshake_timeout = 15 mqtt.listener.ssl.keyfile = etc/certs/key.pem mqtt.listener.ssl.certfile = etc/certs/cert.pem ## mqtt.listener.ssl.cacertfile = etc/certs/cacert.pem ## mqtt.listener.ssl.verify = verify_peer -## mqtt.listener.ssl.failed_if_no_peer_cert = true +## mqtt.listener.ssl.fail_if_no_peer_cert = true ## HTTP and WebSocket Listener mqtt.listener.http = 8083 @@ -222,12 +222,12 @@ mqtt.listener.http.max_clients = 64 ## mqtt.listener.https = 8084 ## mqtt.listener.https.acceptors = 4 ## mqtt.listener.https.max_clients = 64 -## mqtt.listener.https.handshake_timeout = 2000 +## mqtt.listener.https.handshake_timeout = 15 ## mqtt.listener.https.certfile = etc/certs/cert.pem ## mqtt.listener.https.keyfile = etc/certs/key.pem ## mqtt.listener.https.cacertfile = etc/certs/cacert.pem ## mqtt.listener.https.verify = verify_peer -## mqtt.listener.https.failed_if_no_peer_cert = true +## mqtt.listener.https.fail_if_no_peer_cert = true ##------------------------------------------------------------------- ## System Monitor diff --git a/priv/emq.schema b/priv/emq.schema index a9d04575c..2c73482ed 100644 --- a/priv/emq.schema +++ b/priv/emq.schema @@ -536,7 +536,7 @@ end}. {datatype, atom} ]}. -{mapping, "mqtt.listener.ssl.failed_if_no_peer_cert", "emqttd.listeners", [ +{mapping, "mqtt.listener.ssl.fail_if_no_peer_cert", "emqttd.listeners", [ {datatype, {enum, [true, false]}} ]}. @@ -592,7 +592,7 @@ end}. {datatype, atom} ]}. -{mapping, "mqtt.listener.https.failed_if_no_peer_cert", "emqttd.listeners", [ +{mapping, "mqtt.listener.https.fail_if_no_peer_cert", "emqttd.listeners", [ {datatype, {enum, [true, false]}} ]}. @@ -611,12 +611,12 @@ end}. {nodelay, cuttlefish:conf_get(Prefix ++ ".nodelay", Conf, true)}]) end, SslOpts = fun(Prefix) -> - Filter([{handshake_timeout, cuttlefish:conf_get(Prefix ++ ".handshake_timeout", Conf)}, + Filter([{handshake_timeout, cuttlefish:conf_get(Prefix ++ ".handshake_timeout", Conf) * 1000}, {keyfile, cuttlefish:conf_get(Prefix ++ ".keyfile", Conf, undefined)}, {certfile, cuttlefish:conf_get(Prefix ++ ".certfile", Conf, undefined)}, {cacertfile, cuttlefish:conf_get(Prefix ++ ".cacertfile", Conf, undefined)}, {verify, cuttlefish:conf_get(Prefix ++ ".verify", Conf, undefined)}, - {failed_if_no_peer_cert, cuttlefish:conf_get(Prefix ++ ".failed_if_no_peer_cert", Conf, undefined)}]) + {fail_if_no_peer_cert, cuttlefish:conf_get(Prefix ++ ".fail_if_no_peer_cert", Conf, undefined)}]) end, Listeners = fun(Name) when is_atom(Name) -> diff --git a/src/emqttd_http.erl b/src/emqttd_http.erl index 9abdf7973..2f1d32a44 100644 --- a/src/emqttd_http.erl +++ b/src/emqttd_http.erl @@ -137,8 +137,7 @@ authorized(Req) -> case emqttd_access_control:auth(#mqtt_client{username = Username, peername = Peer}, Password) of ok -> true; - %% http publish is_super to true? - {ok, IsSuper} -> + {ok, _IsSuper} -> true; {error, Reason} -> lager:error("HTTP Auth failure: username=~s, reason=~p", [Username, Reason]), diff --git a/test/emqttd_SUITE_data/emqttd.conf b/test/emqttd_SUITE_data/emqttd.conf index 694f0fc1e..e4434283a 100644 --- a/test/emqttd_SUITE_data/emqttd.conf +++ b/test/emqttd_SUITE_data/emqttd.conf @@ -206,12 +206,12 @@ mqtt.listener.ssl.max_clients = 512 ## Configuring SSL Options ## See http://erlang.org/doc/man/ssl.html -mqtt.listener.ssl.handshake_timeout = 2000 +mqtt.listener.ssl.handshake_timeout = 15 mqtt.listener.ssl.keyfile = etc/certs/key.pem mqtt.listener.ssl.certfile = etc/certs/cert.pem ## mqtt.listener.ssl.cacertfile = etc/certs/cacert.pem ## mqtt.listener.ssl.verify = verify_peer -## mqtt.listener.ssl.failed_if_no_peer_cert = true +## mqtt.listener.ssl.fail_if_no_peer_cert = true ## HTTP and WebSocket Listener mqtt.listener.http = 8083 @@ -222,12 +222,12 @@ mqtt.listener.http.max_clients = 64 ## mqtt.listener.https = 8084 ## mqtt.listener.https.acceptors = 4 ## mqtt.listener.https.max_clients = 64 -## mqtt.listener.https.handshake_timeout = 10 +## mqtt.listener.https.handshake_timeout = 15 ## mqtt.listener.https.certfile = etc/certs/cert.pem ## mqtt.listener.https.keyfile = etc/certs/key.pem ## mqtt.listener.https.cacertfile = etc/certs/cacert.pem ## mqtt.listener.https.verify = verify_peer -## mqtt.listener.https.failed_if_no_peer_cert = true +## mqtt.listener.https.fail_if_no_peer_cert = true ##------------------------------------------------------------------- ## System Monitor diff --git a/test/emqttd_SUITE_data/emqttd.schema b/test/emqttd_SUITE_data/emqttd.schema index a9d04575c..2c73482ed 100644 --- a/test/emqttd_SUITE_data/emqttd.schema +++ b/test/emqttd_SUITE_data/emqttd.schema @@ -536,7 +536,7 @@ end}. {datatype, atom} ]}. -{mapping, "mqtt.listener.ssl.failed_if_no_peer_cert", "emqttd.listeners", [ +{mapping, "mqtt.listener.ssl.fail_if_no_peer_cert", "emqttd.listeners", [ {datatype, {enum, [true, false]}} ]}. @@ -592,7 +592,7 @@ end}. {datatype, atom} ]}. -{mapping, "mqtt.listener.https.failed_if_no_peer_cert", "emqttd.listeners", [ +{mapping, "mqtt.listener.https.fail_if_no_peer_cert", "emqttd.listeners", [ {datatype, {enum, [true, false]}} ]}. @@ -611,12 +611,12 @@ end}. {nodelay, cuttlefish:conf_get(Prefix ++ ".nodelay", Conf, true)}]) end, SslOpts = fun(Prefix) -> - Filter([{handshake_timeout, cuttlefish:conf_get(Prefix ++ ".handshake_timeout", Conf)}, + Filter([{handshake_timeout, cuttlefish:conf_get(Prefix ++ ".handshake_timeout", Conf) * 1000}, {keyfile, cuttlefish:conf_get(Prefix ++ ".keyfile", Conf, undefined)}, {certfile, cuttlefish:conf_get(Prefix ++ ".certfile", Conf, undefined)}, {cacertfile, cuttlefish:conf_get(Prefix ++ ".cacertfile", Conf, undefined)}, {verify, cuttlefish:conf_get(Prefix ++ ".verify", Conf, undefined)}, - {failed_if_no_peer_cert, cuttlefish:conf_get(Prefix ++ ".failed_if_no_peer_cert", Conf, undefined)}]) + {fail_if_no_peer_cert, cuttlefish:conf_get(Prefix ++ ".fail_if_no_peer_cert", Conf, undefined)}]) end, Listeners = fun(Name) when is_atom(Name) ->