From aaf487062a6e87932890a6d9f9aca91771d35505 Mon Sep 17 00:00:00 2001
From: "Zaiming (Stone) Shi" <zmstone@gmail.com>
Date: Wed, 13 Dec 2023 20:44:22 +0100
Subject: [PATCH] fix(exproto): fix ssl client options

---
 Makefile                                      |  2 +-
 .../src/emqx_gateway_exproto.erl              | 12 +++---
 .../test/emqx_exproto_SUITE.erl               | 41 ++++++++++---------
 3 files changed, 28 insertions(+), 27 deletions(-)

diff --git a/Makefile b/Makefile
index 45326a5e0..ab740a40e 100644
--- a/Makefile
+++ b/Makefile
@@ -102,7 +102,7 @@ endif
 
 # Allow user-set GROUPS environment variable
 ifneq ($(GROUPS),)
-GROUPS_ARG := --groups $(GROUPS)
+GROUPS_ARG := --group $(GROUPS)
 endif
 
 ifeq ($(ENABLE_COVER_COMPILE),1)
diff --git a/apps/emqx_gateway_exproto/src/emqx_gateway_exproto.erl b/apps/emqx_gateway_exproto/src/emqx_gateway_exproto.erl
index ec2540ec2..afd66ba02 100644
--- a/apps/emqx_gateway_exproto/src/emqx_gateway_exproto.erl
+++ b/apps/emqx_gateway_exproto/src/emqx_gateway_exproto.erl
@@ -143,11 +143,11 @@ start_grpc_server(GwName, Options = #{bind := ListenOn}) ->
             false ->
                 [];
             true ->
+                Opts1 = maps:get(ssl, Options, #{}),
+                Opts2 = maps:without([handshake_timeout], Opts1),
+                SSLOpts = emqx_tls_lib:to_server_opts(tls, Opts2),
                 [
-                    {ssl_options,
-                        maps:to_list(
-                            maps:without([enable, handshake_timeout], maps:get(ssl, Options, #{}))
-                        )}
+                    {ssl_options, SSLOpts}
                 ]
         end,
     ListenOnStr = emqx_listeners:format_bind(ListenOn),
@@ -205,7 +205,8 @@ start_grpc_client_channel(
             SvrAddr = compose_http_uri(http, Host, Port),
             grpc_client_sup:create_channel_pool(GwName, SvrAddr, #{});
         true ->
-            SslOpts = maps:to_list(maps:get(ssl, Options, #{})),
+            Opts1 = maps:get(ssl, Options, #{}),
+            SslOpts = [{nodelay, true} | emqx_tls_lib:to_client_opts(Opts1)],
             ClientOpts = #{
                 gun_opts =>
                     #{
@@ -213,7 +214,6 @@ start_grpc_client_channel(
                         transport_opts => SslOpts
                     }
             },
-
             SvrAddr = compose_http_uri(https, Host, Port),
             grpc_client_sup:create_channel_pool(GwName, SvrAddr, ClientOpts)
     end;
diff --git a/apps/emqx_gateway_exproto/test/emqx_exproto_SUITE.erl b/apps/emqx_gateway_exproto/test/emqx_exproto_SUITE.erl
index 76e11ef00..83e83f4d6 100644
--- a/apps/emqx_gateway_exproto/test/emqx_exproto_SUITE.erl
+++ b/apps/emqx_gateway_exproto/test/emqx_exproto_SUITE.erl
@@ -180,7 +180,7 @@ set_special_cfg(_, _, _, _) ->
 
 listener_confs(Type) ->
     Default = #{bind => 7993, acceptors => 8},
-    #{Type => #{'default' => maps:merge(Default, socketopts(Type))}}.
+    #{Type => #{'default' => maps:merge(Default, server_socketopts(Type))}}.
 
 default_config() ->
     ?CONF_DEFAULT.
@@ -593,11 +593,11 @@ open(udp) ->
     {ok, Sock} = gen_udp:open(0, ?TCPOPTS),
     {udp, Sock};
 open(ssl) ->
-    SslOpts = maps:to_list(client_ssl_opts()),
+    SslOpts = client_ssl_opts(),
     {ok, SslSock} = ssl:connect("127.0.0.1", 7993, ?TCPOPTS ++ SslOpts),
     {ssl, SslSock};
 open(dtls) ->
-    SslOpts = maps:to_list(client_ssl_opts()),
+    SslOpts = client_ssl_opts(),
     {ok, SslSock} = ssl:connect("127.0.0.1", 7993, ?DTLSOPTS ++ SslOpts),
     {dtls, SslSock}.
 
@@ -635,24 +635,24 @@ close({dtls, Sock}) ->
 %%--------------------------------------------------------------------
 %% Server-Opts
 
-socketopts(tcp) ->
-    #{tcp_options => tcp_opts()};
-socketopts(ssl) ->
+server_socketopts(tcp) ->
+    #{tcp_options => server_tcp_opts()};
+server_socketopts(ssl) ->
     #{
-        tcp_options => tcp_opts(),
-        ssl_options => ssl_opts()
+        tcp_options => server_tcp_opts(),
+        ssl_options => server_ssl_opts()
     };
-socketopts(udp) ->
-    #{udp_options => udp_opts()};
-socketopts(dtls) ->
+server_socketopts(udp) ->
+    #{udp_options => server_udp_opts()};
+server_socketopts(dtls) ->
     #{
-        udp_options => udp_opts(),
-        dtls_options => dtls_opts()
+        udp_options => server_udp_opts(),
+        dtls_options => server_dtls_opts()
     }.
 
-tcp_opts() ->
+server_tcp_opts() ->
     maps:merge(
-        udp_opts(),
+        server_udp_opts(),
         #{
             send_timeout => 15000,
             send_timeout_close => true,
@@ -661,7 +661,7 @@ tcp_opts() ->
         }
     ).
 
-udp_opts() ->
+server_udp_opts() ->
     #{
         recbuf => 1024,
         sndbuf => 1024,
@@ -669,7 +669,7 @@ udp_opts() ->
         reuseaddr => true
     }.
 
-ssl_opts() ->
+server_ssl_opts() ->
     Certs = certs("key.pem", "cert.pem", "cacert.pem"),
     maps:merge(
         Certs,
@@ -684,14 +684,15 @@ ssl_opts() ->
         }
     ).
 
-dtls_opts() ->
-    maps:merge(ssl_opts(), #{versions => ['dtlsv1.2', 'dtlsv1']}).
+server_dtls_opts() ->
+    maps:merge(server_ssl_opts(), #{versions => ['dtlsv1.2', 'dtlsv1']}).
 
 %%--------------------------------------------------------------------
 %% Client-Opts
 
 client_ssl_opts() ->
-    certs("client-key.pem", "client-cert.pem", "cacert.pem").
+    OptsWithCerts = certs("client-key.pem", "client-cert.pem", "cacert.pem"),
+    [{verify, verify_none} | maps:to_list(OptsWithCerts)].
 
 certs(Key, Cert, CACert) ->
     CertsPath = emqx_common_test_helpers:deps_path(emqx, "etc/certs"),