yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #11051 from SergeTupchiy/EMQX-10276-validate-cert-depth 

fix(emqx_schema): use non negative integer type for 'depth' SSL option
This commit is contained in:
SergeTupchiy 2023-06-15 11:59:09 +03:00 committed by GitHub
parent e42cc58694 64bbe21209
commit c269079c31
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
apps/emqx/src/emqx_schema.erl
View File

@ -2044,7 +2044,7 @@ common_ssl_opts_schema(Defaults, Type) ->
)}, )},
{"depth", {"depth",
sc( sc(
integer(), non_neg_integer(),
#{ #{
default => Df("depth", 10), default => Df("depth", 10),
desc => ?DESC(common_ssl_opts_schema_depth) desc => ?DESC(common_ssl_opts_schema_depth)

8
apps/emqx/test/emqx_schema_tests.erl
View File

@ -106,6 +106,14 @@ ssl_opts_version_gap_test_() ->
|| S <- [Sc, RanchSc] || S <- [Sc, RanchSc]
]. ].
ssl_opts_cert_depth_test() ->
Sc = emqx_schema:server_ssl_opts_schema(#{}, false),
Reason = #{expected_type => "non_neg_integer()"},
?assertThrow(
{_Sc, [#{kind := validation_error, reason := Reason}]},
validate(Sc, #{<<"depth">> => -1})
).
bad_cipher_test() -> bad_cipher_test() ->
Sc = emqx_schema:server_ssl_opts_schema(#{}, false), Sc = emqx_schema:server_ssl_opts_schema(#{}, false),
Reason = {bad_ciphers, ["foo"]}, Reason = {bad_ciphers, ["foo"]},

1
changes/ce/fix-11051.en.md Normal file
View File

@ -0,0 +1 @@
Add validation to ensure that certificate 'depth' (listener SSL option) is a non negative integer.