refactor: fix typo, add more detail, rename option to be more clear
This commit is contained in:
Thales Macedo Garitezi
parent
11175b55f8
commit
c23c534525
|
|
@ -1521,11 +1521,12 @@ listener.ssl.external.certfile = {{ platform_etc_dir }}/certs/cert.pem
|
|||
## Value: File
|
||||
listener.ssl.external.cacertfile = {{ platform_etc_dir }}/certs/cacert.pem
|
||||
|
||||
## Wheter to enable OCSP for the listener.
|
||||
## Whether to enable OCSP stapling for the listener. If set to true,
|
||||
## requires definining the OCSP responder URL.
|
||||
##
|
||||
## Value: boolean
|
||||
## Default: false
|
||||
## listener.ssl.external.enable_ocsp = true
|
||||
## listener.ssl.external.enable_ocsp_stapling = true
|
||||
|
||||
## URL for the OCSP responder to check the server certificate against.
|
||||
##
|
||||
|
|
|
|||
|
|
@ -1679,7 +1679,7 @@ end}.
|
|||
{datatype, {duration, ms}}
|
||||
]}.
|
||||
|
||||
{mapping, "listener.ssl.$name.enable_ocsp", "emqx.listeners", [
|
||||
{mapping, "listener.ssl.$name.enable_ocsp_stapling", "emqx.listeners", [
|
||||
{default, false},
|
||||
{datatype, {enum, [true, false]}}
|
||||
]}.
|
||||
|
|
@ -2242,7 +2242,7 @@ end}.
|
|||
{supported_subprotocols, string:tokens(cuttlefish:conf_get(Prefix ++ ".supported_subprotocols", Conf, ""), ", ")},
|
||||
{peer_cert_as_username, cuttlefish:conf_get(Prefix ++ ".peer_cert_as_username", Conf, undefined)},
|
||||
{peer_cert_as_clientid, cuttlefish:conf_get(Prefix ++ ".peer_cert_as_clientid", Conf, undefined)},
|
||||
{ocsp_enabled, cuttlefish:conf_get(Prefix ++ ".enable_ocsp", Conf, undefined)},
|
||||
{ocsp_stapling_enabled, cuttlefish:conf_get(Prefix ++ ".enable_ocsp_stapling", Conf, undefined)},
|
||||
{ocsp_responder_url, cuttlefish:conf_get(Prefix ++ ".ocsp_responder_url", Conf, undefined)},
|
||||
{ocsp_issuer_pem, cuttlefish:conf_get(Prefix ++ ".ocsp_issuer_pem", Conf, undefined)},
|
||||
{ocsp_refresh_interval, cuttlefish:conf_get(Prefix ++ ".ocsp_refresh_interval", Conf, undefined)},
|
||||
|
|
|
|||
|
|
@ -98,7 +98,7 @@ inject_sni_fun(Listener = #{proto := Proto, name := Name, opts := Options0}) ->
|
|||
%% because otherwise an anonymous function will end up in
|
||||
%% `app.*.config'...
|
||||
ListenerID = emqx_listeners:identifier(Listener),
|
||||
case proplists:get_bool(ocsp_enabled, Options0) of
|
||||
case proplists:get_bool(ocsp_stapling_enabled, Options0) of
|
||||
false ->
|
||||
Options0;
|
||||
true ->
|
||||
|
|
@ -182,7 +182,7 @@ code_change(_Vsn, State, _Extra) ->
|
|||
lists:filter(
|
||||
fun(#{opts := Opts}) ->
|
||||
undefined =/= proplists:get_value(ocsp_responder_url, Opts) andalso
|
||||
false =/= proplists:get_bool(ocsp_enabled, Opts)
|
||||
false =/= proplists:get_bool(ocsp_stapling_enabled, Opts)
|
||||
end,
|
||||
emqx:get_env(listeners, [])),
|
||||
PatchedListeners = [L#{opts => ?MODULE:inject_sni_fun(L)} || L <- ListenersToPatch],
|
||||
|
|
|
|||
|
|
@ -96,7 +96,7 @@ init_per_testcase(t_openssl_client, Config) ->
|
|||
, {cacertfile, CACert}
|
||||
]),
|
||||
Opts1 = proplists:delete(ssl_options, Opts0),
|
||||
Opts2 = emqx_misc:merge_opts(Opts1, [ {ocsp_enabled, true}
|
||||
Opts2 = emqx_misc:merge_opts(Opts1, [ {ocsp_stapling_enabled, true}
|
||||
, {ocsp_responder_url, "http://127.0.0.1:9877"}
|
||||
, {ocsp_issuer_pem, IssuerPem}
|
||||
, {ssl_options, SSLOpts2}]),
|
||||
|
|
@ -145,7 +145,7 @@ init_per_testcase(_TestCase, Config) ->
|
|||
, name => "test_ocsp"
|
||||
, opts => [ {ssl_options, [{certfile,
|
||||
filename:join(DataDir, "server.pem")}]}
|
||||
, {ocsp_enabled, true}
|
||||
, {ocsp_stapling_enabled, true}
|
||||
, {ocsp_responder_url, "http://localhost:9877"}
|
||||
, {ocsp_issuer_pem,
|
||||
filename:join(DataDir, "ocsp-issuer.pem")}
|
||||
|
|
|
|||
Loading…
Reference in New Issue