yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #7784 from JimMoen/fix-ssl-options 

fix ssl options
This commit is contained in:
JimMoen 2022-04-28 14:40:58 +08:00 committed by GitHub
parent 2dded74584 2c95fba4df
commit c4787900cf
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 45 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
apps/emqx/src/emqx_schema.erl
View File

@ -1824,13 +1824,7 @@ common_ssl_opts_schema(Defaults) ->
%% @doc Make schema for SSL listener options.
%% When it's for ranch listener, an extra field `handshake_timeout' is added.
-spec server_ssl_opts_schema(map(), boolean()) -> hocon_schema:field_schema().
server_ssl_opts_schema(Defaults1, IsRanchListener) ->
Defaults0 = #{
cacertfile => emqx:cert_file("cacert.pem"),
certfile => emqx:cert_file("cert.pem"),
keyfile => emqx:cert_file("key.pem")
},
Defaults = maps:merge(Defaults0, Defaults1),
server_ssl_opts_schema(Defaults, IsRanchListener) ->
D = fun(Field) -> maps:get(to_atom(Field), Defaults, undefined) end,
Df = fun(Field, Default) -> maps:get(to_atom(Field), Defaults, Default) end,
common_ssl_opts_schema(Defaults) ++
@ -1883,15 +1877,7 @@ server_ssl_opts_schema(Defaults1, IsRanchListener) ->
%% @doc Make schema for SSL client.
-spec client_ssl_opts_schema(map()) -> hocon_schema:field_schema().
client_ssl_opts_schema(Defaults1) ->
%% assert
true = lists:all(fun(K) -> is_atom(K) end, maps:keys(Defaults1)),
Defaults0 = #{
cacertfile => emqx:cert_file("cacert.pem"),
certfile => emqx:cert_file("client-cert.pem"),
keyfile => emqx:cert_file("client-key.pem")
},
Defaults = maps:merge(Defaults0, Defaults1),
client_ssl_opts_schema(Defaults) ->
common_ssl_opts_schema(Defaults) ++
[
{"server_name_indication",

7
apps/emqx/src/emqx_tls_lib.erl
View File

@ -476,7 +476,7 @@ to_client_opts(Opts) ->
CertFile = ensure_str(Get(certfile)),
CAFile = ensure_str(Get(cacertfile)),
Verify = GetD(verify, verify_none),
SNI = ensure_str(Get(server_name_indication)),
SNI = ensure_sni(Get(server_name_indication)),
Versions = integral_versions(Get(versions)),
Ciphers = integral_ciphers(Versions, Get(ciphers)),
filter([
@ -505,6 +505,11 @@ fuzzy_map_get(Key, Options, Default) ->
Default
end.
ensure_sni(disable) -> disable;
ensure_sni(undefined) -> undefined;
ensure_sni(L) when is_list(L) -> L;
ensure_sni(B) when is_binary(B) -> unicode:characters_to_list(B, utf8).
ensure_str(undefined) -> undefined;
ensure_str(L) when is_list(L) -> L;
ensure_str(B) when is_binary(B) -> unicode:characters_to_list(B, utf8).

44
apps/emqx_management/test/emqx_mgmt_api_listeners_SUITE.erl
View File

@ -72,19 +72,19 @@ t_wss_crud_listeners_by_id(_) ->
crud_listeners_by_id(ListenerId, NewListenerId, MinListenerId, BadId, Type).
crud_listeners_by_id(ListenerId, NewListenerId, MinListenerId, BadId, Type) ->
TcpPath = emqx_mgmt_api_test_util:api_path(["listeners", ListenerId]),
OriginPath = emqx_mgmt_api_test_util:api_path(["listeners", ListenerId]),
NewPath = emqx_mgmt_api_test_util:api_path(["listeners", NewListenerId]),
TcpListener = request(get, TcpPath, [], []),
OriginListener = request(get, OriginPath, [], []),
%% create with full options
?assertEqual({error, not_found}, is_running(NewListenerId)),
?assertMatch({error, {"HTTP/1.1", 404, _}}, request(get, NewPath, [], [])),
NewConf = TcpListener#{
NewConf = OriginListener#{
<<"id">> => NewListenerId,
<<"bind">> => <<"0.0.0.0:2883">>
},
Create = request(post, NewPath, [], NewConf),
?assertEqual(lists:sort(maps:keys(TcpListener)), lists:sort(maps:keys(Create))),
?assertEqual(lists:sort(maps:keys(OriginListener)), lists:sort(maps:keys(Create))),
Get1 = request(get, NewPath, [], []),
?assertMatch(Create, Get1),
?assert(is_running(NewListenerId)),
@ -93,20 +93,42 @@ crud_listeners_by_id(ListenerId, NewListenerId, MinListenerId, BadId, Type) ->
MinPath = emqx_mgmt_api_test_util:api_path(["listeners", MinListenerId]),
?assertEqual({error, not_found}, is_running(MinListenerId)),
?assertMatch({error, {"HTTP/1.1", 404, _}}, request(get, MinPath, [], [])),
MinConf = #{
<<"id">> => MinListenerId,
<<"bind">> => <<"0.0.0.0:3883">>,
<<"type">> => Type
},
MinConf =
case OriginListener of
#{
<<"ssl">> :=
#{
<<"cacertfile">> := CaCertFile,
<<"certfile">> := CertFile,
<<"keyfile">> := KeyFile
}
} ->
#{
<<"id">> => MinListenerId,
<<"bind">> => <<"0.0.0.0:3883">>,
<<"type">> => Type,
<<"ssl">> => #{
<<"cacertfile">> => CaCertFile,
<<"certfile">> => CertFile,
<<"keyfile">> => KeyFile
}
};
_ ->
#{
<<"id">> => MinListenerId,
<<"bind">> => <<"0.0.0.0:3883">>,
<<"type">> => Type
}
end,
MinCreate = request(post, MinPath, [], MinConf),
?assertEqual(lists:sort(maps:keys(TcpListener)), lists:sort(maps:keys(MinCreate))),
?assertEqual(lists:sort(maps:keys(OriginListener)), lists:sort(maps:keys(MinCreate))),
MinGet = request(get, MinPath, [], []),
?assertMatch(MinCreate, MinGet),
?assert(is_running(MinListenerId)),
%% bad create(same port)
BadPath = emqx_mgmt_api_test_util:api_path(["listeners", BadId]),
BadConf = TcpListener#{
BadConf = OriginListener#{
<<"id">> => BadId,
<<"bind">> => <<"0.0.0.0:2883">>
},

8
apps/emqx_prometheus/test/emqx_prometheus_SUITE.erl
View File

@ -22,14 +22,14 @@
-compile(export_all).
-define(CLUSTER_RPC_SHARD, emqx_cluster_rpc_shard).
-define(CONF_DEFAULT,
<<"\n"
-define(CONF_DEFAULT, <<
"\n"
"prometheus {\n"
" push_gateway_server = \"http://127.0.0.1:9091\"\n"
" interval = \"1s\"\n"
" enable = true\n"
"}\n">>
).
"}\n"
>>).
%%--------------------------------------------------------------------
%% Setups