diff --git a/.gitignore b/.gitignore index aaec950d4..2e19823c3 100644 --- a/.gitignore +++ b/.gitignore @@ -41,3 +41,4 @@ erlang.mk *.coverdata etc/emqx.conf.rendered Mnesia.*/ +.stamp diff --git a/etc/listeners.conf b/etc/listeners.conf index c7d11967d..034321b2a 100644 --- a/etc/listeners.conf +++ b/etc/listeners.conf @@ -301,6 +301,11 @@ listener.ssl.external.access.1 = allow all ## Value: Duration listener.ssl.external.handshake_timeout = 15s +## Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path. +## +## Value: Number +## listener.ssl.external.depth = 10 + ## Path to the file containing the user's private PEM-encoded key. ## ## See: http://erlang.org/doc/man/ssl.html @@ -932,4 +937,4 @@ listener.wss.external.send_timeout_close = on ## Whether a WebSocket message is allowed to contain multiple MQTT packets ## ## Value: single | multiple -listener.wss.external.mqtt_piggyback = multiple \ No newline at end of file +listener.wss.external.mqtt_piggyback = multiple diff --git a/priv/emqx.schema b/priv/emqx.schema index 21047aaaa..830a0e934 100644 --- a/priv/emqx.schema +++ b/priv/emqx.schema @@ -1372,6 +1372,11 @@ end}. {datatype, {duration, ms}} ]}. +{mapping, "listener.ssl.$name.depth", "emqx.listeners", [ + {default, 10}, + {datatype, integer} +]}. + {mapping, "listener.ssl.$name.dhfile", "emqx.listeners", [ {datatype, string} ]}. @@ -1890,6 +1895,7 @@ end}. {ciphers, Ciphers}, {user_lookup_fun, UserLookupFun}, {handshake_timeout, cuttlefish:conf_get(Prefix ++ ".handshake_timeout", Conf, undefined)}, + {depth, cuttlefish:conf_get(Prefix ++ ".depth", Conf, undefined)}, {dhfile, cuttlefish:conf_get(Prefix ++ ".dhfile", Conf, undefined)}, {keyfile, cuttlefish:conf_get(Prefix ++ ".keyfile", Conf, undefined)}, {certfile, cuttlefish:conf_get(Prefix ++ ".certfile", Conf, undefined)},