From a3cdae3b42d9b55201b3927f23d3d93c9505f401 Mon Sep 17 00:00:00 2001
From: zhanghongtong <rory-z@outlook.com>
Date: Mon, 30 Nov 2020 17:28:03 +0800
Subject: [PATCH] feat(listener): add depth for ssl listener

---
 .gitignore         | 1 +
 etc/listeners.conf | 7 ++++++-
 priv/emqx.schema   | 6 ++++++
 3 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/.gitignore b/.gitignore
index aaec950d4..2e19823c3 100644
--- a/.gitignore
+++ b/.gitignore
@@ -41,3 +41,4 @@ erlang.mk
 *.coverdata
 etc/emqx.conf.rendered
 Mnesia.*/
+.stamp
diff --git a/etc/listeners.conf b/etc/listeners.conf
index c7d11967d..034321b2a 100644
--- a/etc/listeners.conf
+++ b/etc/listeners.conf
@@ -301,6 +301,11 @@ listener.ssl.external.access.1 = allow all
 ## Value: Duration
 listener.ssl.external.handshake_timeout = 15s
 
+## Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.
+##
+## Value: Number
+## listener.ssl.external.depth = 10
+
 ## Path to the file containing the user's private PEM-encoded key.
 ##
 ## See: http://erlang.org/doc/man/ssl.html
@@ -932,4 +937,4 @@ listener.wss.external.send_timeout_close = on
 ## Whether a WebSocket message is allowed to contain multiple MQTT packets
 ##
 ## Value: single | multiple
-listener.wss.external.mqtt_piggyback = multiple
\ No newline at end of file
+listener.wss.external.mqtt_piggyback = multiple
diff --git a/priv/emqx.schema b/priv/emqx.schema
index 21047aaaa..830a0e934 100644
--- a/priv/emqx.schema
+++ b/priv/emqx.schema
@@ -1372,6 +1372,11 @@ end}.
   {datatype, {duration, ms}}
 ]}.
 
+{mapping, "listener.ssl.$name.depth", "emqx.listeners", [
+  {default, 10},
+  {datatype, integer}
+]}.
+
 {mapping, "listener.ssl.$name.dhfile", "emqx.listeners", [
   {datatype, string}
 ]}.
@@ -1890,6 +1895,7 @@ end}.
                           {ciphers, Ciphers},
                           {user_lookup_fun, UserLookupFun},
                           {handshake_timeout, cuttlefish:conf_get(Prefix ++ ".handshake_timeout", Conf, undefined)},
+                          {depth, cuttlefish:conf_get(Prefix ++ ".depth", Conf, undefined)},
                           {dhfile, cuttlefish:conf_get(Prefix ++ ".dhfile", Conf, undefined)},
                           {keyfile,    cuttlefish:conf_get(Prefix ++ ".keyfile", Conf, undefined)},
                           {certfile,   cuttlefish:conf_get(Prefix ++ ".certfile", Conf, undefined)},