Merge pull request #11051 from SergeTupchiy/EMQX-10276-validate-cert-depth

fix(emqx_schema): use non negative integer type for 'depth' SSL option
2023-06-15 11:59:09 +03:00 · 2023-06-15 11:59:09 +03:00 · c269079c31
parent e42cc58694 64bbe21209
commit c269079c31
3 changed files with 10 additions and 1 deletions
--- a/apps/emqx/src/emqx_schema.erl
+++ b/apps/emqx/src/emqx_schema.erl
@ -2044,7 +2044,7 @@ common_ssl_opts_schema(Defaults, Type) ->
            )},
        {"depth",
            sc(
-                integer(),
+                non_neg_integer(),
                #{
                    default => Df("depth", 10),
                    desc => ?DESC(common_ssl_opts_schema_depth)
--- a/apps/emqx/test/emqx_schema_tests.erl
+++ b/apps/emqx/test/emqx_schema_tests.erl
@ -106,6 +106,14 @@ ssl_opts_version_gap_test_() ->
     || S <- [Sc, RanchSc]
    ].

+ssl_opts_cert_depth_test() ->
+    Sc = emqx_schema:server_ssl_opts_schema(#{}, false),
+    Reason = #{expected_type => "non_neg_integer()"},
+    ?assertThrow(
+        {_Sc, [#{kind := validation_error, reason := Reason}]},
+        validate(Sc, #{<<"depth">> => -1})
+    ).
+
 bad_cipher_test() ->
    Sc = emqx_schema:server_ssl_opts_schema(#{}, false),
    Reason = {bad_ciphers, ["foo"]},
--- a/changes/ce/fix-11051.en.md
+++ b/changes/ce/fix-11051.en.md
@ -0,0 +1 @@
+Add validation to ensure that certificate 'depth' (listener SSL option) is a non negative integer.
				`@ -0,0 +1 @@`
				`Add validation to ensure that certificate 'depth' (listener SSL option) is a non negative integer.`