From c5dccdf526cab2716c0f68cc67782e743b7cc817 Mon Sep 17 00:00:00 2001
From: William Yang <mscame@gmail.com>
Date: Thu, 5 Oct 2023 16:25:09 +0200
Subject: [PATCH] feat(tls): update schema for TLS keyusage

---
 apps/emqx/src/emqx_schema.erl | 8 ++++++++
 rel/i18n/emqx_schema.hocon    | 6 ++++++
 2 files changed, 14 insertions(+)

diff --git a/apps/emqx/src/emqx_schema.erl b/apps/emqx/src/emqx_schema.erl
index 9cac98d7a..ce4840eb9 100644
--- a/apps/emqx/src/emqx_schema.erl
+++ b/apps/emqx/src/emqx_schema.erl
@@ -2186,6 +2186,14 @@ common_ssl_opts_schema(Defaults, Type) ->
                     desc => ?DESC(common_ssl_opts_schema_partial_chain)
                 }
             )},
+        {"verify_peer_ext_key_usage",
+            sc(
+                string(),
+                #{
+                    required => false,
+                    desc => ?DESC(common_ssl_opts_verify_peer_ext_key_usage)
+                }
+            )},
         {"reuse_sessions",
             sc(
                 boolean(),
diff --git a/rel/i18n/emqx_schema.hocon b/rel/i18n/emqx_schema.hocon
index 7d5ac005f..ee3dd1095 100644
--- a/rel/i18n/emqx_schema.hocon
+++ b/rel/i18n/emqx_schema.hocon
@@ -690,6 +690,12 @@ common_ssl_opts_schema_partial_chain.desc:
 common_ssl_opts_schema_partial_chain.label:
 """Partial chain"""
 
+common_ssl_opts_verify_peer_ext_key_usage.desc:
+"""Verify Extended Key Usage in Peer's certificate"""
+
+common_ssl_opts_verify_peer_ext_key_usage.label:
+"""Verify KeyUsage in cert"""
+
 fields_listeners_ssl.desc:
 """SSL listeners."""