yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix(exproto): fix ssl client options

This commit is contained in:
Zaiming (Stone) Shi 2023-12-13 20:44:22 +01:00
parent a6357d92f8
commit aaf487062a
3 changed files with 28 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Makefile
View File

@ -102,7 +102,7 @@ endif
# Allow user-set GROUPS environment variable # Allow user-set GROUPS environment variable
ifneq ($(GROUPS),) ifneq ($(GROUPS),)
GROUPS_ARG := --groups $(GROUPS) GROUPS_ARG := --group $(GROUPS)
endif endif
ifeq ($(ENABLE_COVER_COMPILE),1) ifeq ($(ENABLE_COVER_COMPILE),1)

12
apps/emqx_gateway_exproto/src/emqx_gateway_exproto.erl
View File

@ -143,11 +143,11 @@ start_grpc_server(GwName, Options = #{bind := ListenOn}) ->
false -> false ->
[]; [];
true -> true ->
Opts1 = maps:get(ssl, Options, #{}),
Opts2 = maps:without([handshake_timeout], Opts1),
SSLOpts = emqx_tls_lib:to_server_opts(tls, Opts2),
[ [
{ssl_options, {ssl_options, SSLOpts}
maps:to_list(
maps:without([enable, handshake_timeout], maps:get(ssl, Options, #{}))
)}
] ]
end, end,
ListenOnStr = emqx_listeners:format_bind(ListenOn), ListenOnStr = emqx_listeners:format_bind(ListenOn),
@ -205,7 +205,8 @@ start_grpc_client_channel(
SvrAddr = compose_http_uri(http, Host, Port), SvrAddr = compose_http_uri(http, Host, Port),
grpc_client_sup:create_channel_pool(GwName, SvrAddr, #{}); grpc_client_sup:create_channel_pool(GwName, SvrAddr, #{});
true -> true ->
SslOpts = maps:to_list(maps:get(ssl, Options, #{})), Opts1 = maps:get(ssl, Options, #{}),
SslOpts = [{nodelay, true} | emqx_tls_lib:to_client_opts(Opts1)],
ClientOpts = #{ ClientOpts = #{
gun_opts => gun_opts =>
#{ #{
@ -213,7 +214,6 @@ start_grpc_client_channel(
transport_opts => SslOpts transport_opts => SslOpts
} }
}, },
SvrAddr = compose_http_uri(https, Host, Port), SvrAddr = compose_http_uri(https, Host, Port),
grpc_client_sup:create_channel_pool(GwName, SvrAddr, ClientOpts) grpc_client_sup:create_channel_pool(GwName, SvrAddr, ClientOpts)
end; end;

41
apps/emqx_gateway_exproto/test/emqx_exproto_SUITE.erl
View File

@ -180,7 +180,7 @@ set_special_cfg(_, _, _, _) ->
listener_confs(Type) -> listener_confs(Type) ->
Default = #{bind => 7993, acceptors => 8}, Default = #{bind => 7993, acceptors => 8},
#{Type => #{'default' => maps:merge(Default, socketopts(Type))}}. #{Type => #{'default' => maps:merge(Default, server_socketopts(Type))}}.
default_config() -> default_config() ->
?CONF_DEFAULT. ?CONF_DEFAULT.
@ -593,11 +593,11 @@ open(udp) ->
{ok, Sock} = gen_udp:open(0, ?TCPOPTS), {ok, Sock} = gen_udp:open(0, ?TCPOPTS),
{udp, Sock}; {udp, Sock};
open(ssl) -> open(ssl) ->
SslOpts = maps:to_list(client_ssl_opts()), SslOpts = client_ssl_opts(),
{ok, SslSock} = ssl:connect("127.0.0.1", 7993, ?TCPOPTS ++ SslOpts), {ok, SslSock} = ssl:connect("127.0.0.1", 7993, ?TCPOPTS ++ SslOpts),
{ssl, SslSock}; {ssl, SslSock};
open(dtls) -> open(dtls) ->
SslOpts = maps:to_list(client_ssl_opts()), SslOpts = client_ssl_opts(),
{ok, SslSock} = ssl:connect("127.0.0.1", 7993, ?DTLSOPTS ++ SslOpts), {ok, SslSock} = ssl:connect("127.0.0.1", 7993, ?DTLSOPTS ++ SslOpts),
{dtls, SslSock}. {dtls, SslSock}.
@ -635,24 +635,24 @@ close({dtls, Sock}) ->
%%-------------------------------------------------------------------- %%--------------------------------------------------------------------
%% Server-Opts %% Server-Opts
socketopts(tcp) -> server_socketopts(tcp) ->
#{tcp_options => tcp_opts()}; #{tcp_options => server_tcp_opts()};
socketopts(ssl) -> server_socketopts(ssl) ->
#{ #{
tcp_options => tcp_opts(), tcp_options => server_tcp_opts(),
ssl_options => ssl_opts() ssl_options => server_ssl_opts()
}; };
socketopts(udp) -> server_socketopts(udp) ->
#{udp_options => udp_opts()}; #{udp_options => server_udp_opts()};
socketopts(dtls) -> server_socketopts(dtls) ->
#{ #{
udp_options => udp_opts(), udp_options => server_udp_opts(),
dtls_options => dtls_opts() dtls_options => server_dtls_opts()
}. }.
tcp_opts() -> server_tcp_opts() ->
maps:merge( maps:merge(
udp_opts(), server_udp_opts(),
#{ #{
send_timeout => 15000, send_timeout => 15000,
send_timeout_close => true, send_timeout_close => true,
@ -661,7 +661,7 @@ tcp_opts() ->
} }
). ).
udp_opts() -> server_udp_opts() ->
#{ #{
recbuf => 1024, recbuf => 1024,
sndbuf => 1024, sndbuf => 1024,
@ -669,7 +669,7 @@ udp_opts() ->
reuseaddr => true reuseaddr => true
}. }.
ssl_opts() -> server_ssl_opts() ->
Certs = certs("key.pem", "cert.pem", "cacert.pem"), Certs = certs("key.pem", "cert.pem", "cacert.pem"),
maps:merge( maps:merge(
Certs, Certs,
@ -684,14 +684,15 @@ ssl_opts() ->
} }
). ).
dtls_opts() -> server_dtls_opts() ->
maps:merge(ssl_opts(), #{versions => ['dtlsv1.2', 'dtlsv1']}). maps:merge(server_ssl_opts(), #{versions => ['dtlsv1.2', 'dtlsv1']}).
%%-------------------------------------------------------------------- %%--------------------------------------------------------------------
%% Client-Opts %% Client-Opts
client_ssl_opts() -> client_ssl_opts() ->
certs("client-key.pem", "client-cert.pem", "cacert.pem"). OptsWithCerts = certs("client-key.pem", "client-cert.pem", "cacert.pem"),
[{verify, verify_none} | maps:to_list(OptsWithCerts)].
certs(Key, Cert, CACert) -> certs(Key, Cert, CACert) ->
CertsPath = emqx_common_test_helpers:deps_path(emqx, "etc/certs"), CertsPath = emqx_common_test_helpers:deps_path(emqx, "etc/certs"),