From 9f135d1f2bcedd7376937424ec4783a498d3e4ee Mon Sep 17 00:00:00 2001
From: "Zaiming (Stone) Shi" <zmstone@gmail.com>
Date: Sat, 10 Jun 2023 11:52:03 +0200
Subject: [PATCH] fix(quic): environment variables as cert file prefix for quic
 listener

---
 apps/emqx/src/emqx_listeners.erl | 10 ++++++----
 apps/emqx/src/emqx_schema.erl    |  4 +++-
 changes/ee/fix-11006.en.md       |  3 +++
 3 files changed, 12 insertions(+), 5 deletions(-)
 create mode 100644 changes/ee/fix-11006.en.md

diff --git a/apps/emqx/src/emqx_listeners.erl b/apps/emqx/src/emqx_listeners.erl
index f560c9ce9..f0dc47c7b 100644
--- a/apps/emqx/src/emqx_listeners.erl
+++ b/apps/emqx/src/emqx_listeners.erl
@@ -423,8 +423,8 @@ do_start_listener(quic, ListenerName, #{bind := Bind} = Opts) ->
             ),
             ListenOpts =
                 [
-                    {certfile, str(maps:get(certfile, SSLOpts))},
-                    {keyfile, str(maps:get(keyfile, SSLOpts))},
+                    {certfile, emqx_schema:naive_env_interpolation(maps:get(certfile, SSLOpts))},
+                    {keyfile, emqx_schema:naive_env_interpolation(maps:get(keyfile, SSLOpts))},
                     {alpn, ["mqtt"]},
                     {conn_acceptors, lists:max([DefAcceptors, maps:get(acceptors, Opts, 0)])},
                     {keep_alive_interval_ms, maps:get(keep_alive_interval, Opts, 0)},
@@ -434,8 +434,10 @@ do_start_listener(quic, ListenerName, #{bind := Bind} = Opts) ->
                     {verify, maps:get(verify, SSLOpts, verify_none)}
                 ] ++
                     case maps:get(cacertfile, SSLOpts, undefined) of
-                        undefined -> [];
-                        CaCertFile -> [{cacertfile, str(CaCertFile)}]
+                        undefined ->
+                            [];
+                        CaCertFile ->
+                            [{cacertfile, emqx_schema:naive_env_interpolation(CaCertFile)}]
                     end ++
                     case maps:get(password, SSLOpts, undefined) of
                         undefined -> [];
diff --git a/apps/emqx/src/emqx_schema.erl b/apps/emqx/src/emqx_schema.erl
index 8c520d14f..bb9dd7b3a 100644
--- a/apps/emqx/src/emqx_schema.erl
+++ b/apps/emqx/src/emqx_schema.erl
@@ -1435,7 +1435,9 @@ fields("listener_quic_ssl_opts") ->
                 true ->
                     {Name, Schema};
                 false ->
-                    {Name, Schema#{deprecated => {since, "5.0.20"}}}
+                    {Name, Schema#{
+                        deprecated => {since, "5.0.20"}, importance => ?IMPORTANCE_HIDDEN
+                    }}
             end
         end,
         Schema1
diff --git a/changes/ee/fix-11006.en.md b/changes/ee/fix-11006.en.md
new file mode 100644
index 000000000..5570e78fc
--- /dev/null
+++ b/changes/ee/fix-11006.en.md
@@ -0,0 +1,3 @@
+Fix QUIC listeners's default cert file paths.
+
+Prior to this change, the default cert file paths are prefixed with environment variable `${EMQX_ETC_DIR}` which were not interpolated before used in QUIC listeners.