feat(listener): add depth for ssl listener

.gitignore

@@ -41,3 +41,4 @@ erlang.mk
 *.coverdata
 etc/emqx.conf.rendered
 Mnesia.*/
+.stamp

etc/listeners.conf

@@ -301,6 +301,11 @@ listener.ssl.external.access.1 = allow all
 ## Value: Duration
 listener.ssl.external.handshake_timeout = 15s
 
+## Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.
+##
+## Value: Number
+## listener.ssl.external.depth = 10
+
 ## Path to the file containing the user's private PEM-encoded key.
 ##
 ## See: http://erlang.org/doc/man/ssl.html
@@ -932,4 +937,4 @@ listener.wss.external.send_timeout_close = on
 ## Whether a WebSocket message is allowed to contain multiple MQTT packets
 ##
 ## Value: single | multiple
-listener.wss.external.mqtt_piggyback = multiple
+listener.wss.external.mqtt_piggyback = multiple

priv/emqx.schema

@@ -1372,6 +1372,11 @@ end}.
   {datatype, {duration, ms}}
 ]}.
 
+{mapping, "listener.ssl.$name.depth", "emqx.listeners", [
+  {default, 10},
+  {datatype, integer}
+]}.
+
 {mapping, "listener.ssl.$name.dhfile", "emqx.listeners", [
   {datatype, string}
 ]}.
@@ -1890,6 +1895,7 @@ end}.
                           {ciphers, Ciphers},
                           {user_lookup_fun, UserLookupFun},
                           {handshake_timeout, cuttlefish:conf_get(Prefix ++ ".handshake_timeout", Conf, undefined)},
+                          {depth, cuttlefish:conf_get(Prefix ++ ".depth", Conf, undefined)},
                           {dhfile, cuttlefish:conf_get(Prefix ++ ".dhfile", Conf, undefined)},
                           {keyfile,    cuttlefish:conf_get(Prefix ++ ".keyfile", Conf, undefined)},
                           {certfile,   cuttlefish:conf_get(Prefix ++ ".certfile", Conf, undefined)},