yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #7784 from JimMoen/fix-ssl-options 

fix ssl options
This commit is contained in:
JimMoen 2022-04-28 14:40:58 +08:00 committed by GitHub
parent 2dded74584 2c95fba4df
commit c4787900cf
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 45 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
apps/emqx/src/emqx_schema.erl
View File

@ -1824,13 +1824,7 @@ common_ssl_opts_schema(Defaults) ->
%% @doc Make schema for SSL listener options. %% @doc Make schema for SSL listener options.
%% When it's for ranch listener, an extra field `handshake_timeout' is added. %% When it's for ranch listener, an extra field `handshake_timeout' is added.
-spec server_ssl_opts_schema(map(), boolean()) -> hocon_schema:field_schema(). -spec server_ssl_opts_schema(map(), boolean()) -> hocon_schema:field_schema().
server_ssl_opts_schema(Defaults1, IsRanchListener) -> server_ssl_opts_schema(Defaults, IsRanchListener) ->
Defaults0 = #{
cacertfile => emqx:cert_file("cacert.pem"),
certfile => emqx:cert_file("cert.pem"),
keyfile => emqx:cert_file("key.pem")
},
Defaults = maps:merge(Defaults0, Defaults1),
D = fun(Field) -> maps:get(to_atom(Field), Defaults, undefined) end, D = fun(Field) -> maps:get(to_atom(Field), Defaults, undefined) end,
Df = fun(Field, Default) -> maps:get(to_atom(Field), Defaults, Default) end, Df = fun(Field, Default) -> maps:get(to_atom(Field), Defaults, Default) end,
common_ssl_opts_schema(Defaults) ++ common_ssl_opts_schema(Defaults) ++
@ -1883,15 +1877,7 @@ server_ssl_opts_schema(Defaults1, IsRanchListener) ->
%% @doc Make schema for SSL client. %% @doc Make schema for SSL client.
-spec client_ssl_opts_schema(map()) -> hocon_schema:field_schema(). -spec client_ssl_opts_schema(map()) -> hocon_schema:field_schema().
client_ssl_opts_schema(Defaults1) -> client_ssl_opts_schema(Defaults) ->
%% assert
true = lists:all(fun(K) -> is_atom(K) end, maps:keys(Defaults1)),
Defaults0 = #{
cacertfile => emqx:cert_file("cacert.pem"),
certfile => emqx:cert_file("client-cert.pem"),
keyfile => emqx:cert_file("client-key.pem")
},
Defaults = maps:merge(Defaults0, Defaults1),
common_ssl_opts_schema(Defaults) ++ common_ssl_opts_schema(Defaults) ++
[ [
{"server_name_indication", {"server_name_indication",

7
apps/emqx/src/emqx_tls_lib.erl
View File

@ -476,7 +476,7 @@ to_client_opts(Opts) ->
CertFile = ensure_str(Get(certfile)), CertFile = ensure_str(Get(certfile)),
CAFile = ensure_str(Get(cacertfile)), CAFile = ensure_str(Get(cacertfile)),
Verify = GetD(verify, verify_none), Verify = GetD(verify, verify_none),
SNI = ensure_str(Get(server_name_indication)), SNI = ensure_sni(Get(server_name_indication)),
Versions = integral_versions(Get(versions)), Versions = integral_versions(Get(versions)),
Ciphers = integral_ciphers(Versions, Get(ciphers)), Ciphers = integral_ciphers(Versions, Get(ciphers)),
filter([ filter([
@ -505,6 +505,11 @@ fuzzy_map_get(Key, Options, Default) ->
Default Default
end. end.
ensure_sni(disable) -> disable;
ensure_sni(undefined) -> undefined;
ensure_sni(L) when is_list(L) -> L;
ensure_sni(B) when is_binary(B) -> unicode:characters_to_list(B, utf8).
ensure_str(undefined) -> undefined; ensure_str(undefined) -> undefined;
ensure_str(L) when is_list(L) -> L; ensure_str(L) when is_list(L) -> L;
ensure_str(B) when is_binary(B) -> unicode:characters_to_list(B, utf8). ensure_str(B) when is_binary(B) -> unicode:characters_to_list(B, utf8).

38
apps/emqx_management/test/emqx_mgmt_api_listeners_SUITE.erl
View File

@ -72,19 +72,19 @@ t_wss_crud_listeners_by_id(_) ->
crud_listeners_by_id(ListenerId, NewListenerId, MinListenerId, BadId, Type). crud_listeners_by_id(ListenerId, NewListenerId, MinListenerId, BadId, Type).
crud_listeners_by_id(ListenerId, NewListenerId, MinListenerId, BadId, Type) -> crud_listeners_by_id(ListenerId, NewListenerId, MinListenerId, BadId, Type) ->
TcpPath = emqx_mgmt_api_test_util:api_path(["listeners", ListenerId]), OriginPath = emqx_mgmt_api_test_util:api_path(["listeners", ListenerId]),
NewPath = emqx_mgmt_api_test_util:api_path(["listeners", NewListenerId]), NewPath = emqx_mgmt_api_test_util:api_path(["listeners", NewListenerId]),
TcpListener = request(get, TcpPath, [], []), OriginListener = request(get, OriginPath, [], []),
%% create with full options %% create with full options
?assertEqual({error, not_found}, is_running(NewListenerId)), ?assertEqual({error, not_found}, is_running(NewListenerId)),
?assertMatch({error, {"HTTP/1.1", 404, _}}, request(get, NewPath, [], [])), ?assertMatch({error, {"HTTP/1.1", 404, _}}, request(get, NewPath, [], [])),
NewConf = TcpListener#{ NewConf = OriginListener#{
<<"id">> => NewListenerId, <<"id">> => NewListenerId,
<<"bind">> => <<"0.0.0.0:2883">> <<"bind">> => <<"0.0.0.0:2883">>
}, },
Create = request(post, NewPath, [], NewConf), Create = request(post, NewPath, [], NewConf),
?assertEqual(lists:sort(maps:keys(TcpListener)), lists:sort(maps:keys(Create))), ?assertEqual(lists:sort(maps:keys(OriginListener)), lists:sort(maps:keys(Create))),
Get1 = request(get, NewPath, [], []), Get1 = request(get, NewPath, [], []),
?assertMatch(Create, Get1), ?assertMatch(Create, Get1),
?assert(is_running(NewListenerId)), ?assert(is_running(NewListenerId)),
@ -93,20 +93,42 @@ crud_listeners_by_id(ListenerId, NewListenerId, MinListenerId, BadId, Type) ->
MinPath = emqx_mgmt_api_test_util:api_path(["listeners", MinListenerId]), MinPath = emqx_mgmt_api_test_util:api_path(["listeners", MinListenerId]),
?assertEqual({error, not_found}, is_running(MinListenerId)), ?assertEqual({error, not_found}, is_running(MinListenerId)),
?assertMatch({error, {"HTTP/1.1", 404, _}}, request(get, MinPath, [], [])), ?assertMatch({error, {"HTTP/1.1", 404, _}}, request(get, MinPath, [], [])),
MinConf = #{ MinConf =
case OriginListener of
#{
<<"ssl">> :=
#{
<<"cacertfile">> := CaCertFile,
<<"certfile">> := CertFile,
<<"keyfile">> := KeyFile
}
} ->
#{
<<"id">> => MinListenerId,
<<"bind">> => <<"0.0.0.0:3883">>,
<<"type">> => Type,
<<"ssl">> => #{
<<"cacertfile">> => CaCertFile,
<<"certfile">> => CertFile,
<<"keyfile">> => KeyFile
}
};
_ ->
#{
<<"id">> => MinListenerId, <<"id">> => MinListenerId,
<<"bind">> => <<"0.0.0.0:3883">>, <<"bind">> => <<"0.0.0.0:3883">>,
<<"type">> => Type <<"type">> => Type
}, }
end,
MinCreate = request(post, MinPath, [], MinConf), MinCreate = request(post, MinPath, [], MinConf),
?assertEqual(lists:sort(maps:keys(TcpListener)), lists:sort(maps:keys(MinCreate))), ?assertEqual(lists:sort(maps:keys(OriginListener)), lists:sort(maps:keys(MinCreate))),
MinGet = request(get, MinPath, [], []), MinGet = request(get, MinPath, [], []),
?assertMatch(MinCreate, MinGet), ?assertMatch(MinCreate, MinGet),
?assert(is_running(MinListenerId)), ?assert(is_running(MinListenerId)),
%% bad create(same port) %% bad create(same port)
BadPath = emqx_mgmt_api_test_util:api_path(["listeners", BadId]), BadPath = emqx_mgmt_api_test_util:api_path(["listeners", BadId]),
BadConf = TcpListener#{ BadConf = OriginListener#{
<<"id">> => BadId, <<"id">> => BadId,
<<"bind">> => <<"0.0.0.0:2883">> <<"bind">> => <<"0.0.0.0:2883">>
}, },

8
apps/emqx_prometheus/test/emqx_prometheus_SUITE.erl
View File

@ -22,14 +22,14 @@
-compile(export_all). -compile(export_all).
-define(CLUSTER_RPC_SHARD, emqx_cluster_rpc_shard). -define(CLUSTER_RPC_SHARD, emqx_cluster_rpc_shard).
-define(CONF_DEFAULT, -define(CONF_DEFAULT, <<
<<"\n" "\n"
"prometheus {\n" "prometheus {\n"
" push_gateway_server = \"http://127.0.0.1:9091\"\n" " push_gateway_server = \"http://127.0.0.1:9091\"\n"
" interval = \"1s\"\n" " interval = \"1s\"\n"
" enable = true\n" " enable = true\n"
"}\n">> "}\n"
). >>).
%%-------------------------------------------------------------------- %%--------------------------------------------------------------------
%% Setups %% Setups