yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

refactor(schema): call emqx_tls_lib for default tls versions

This commit is contained in:
Zaiming Shi 2021-09-27 08:50:16 +02:00
parent e7e8b8c77b
commit d376c0f9fc
2 changed files with 11 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
apps/emqx/src/emqx_schema.erl
View File

@ -1103,7 +1103,7 @@ verification check."""
default_tls_vsns(dtls_all_available) -> default_tls_vsns(dtls_all_available) ->
proplists:get_value(available_dtls, ssl:versions()); proplists:get_value(available_dtls, ssl:versions());
default_tls_vsns(tls_all_available) -> default_tls_vsns(tls_all_available) ->
proplists:get_value(available, ssl:versions()). emqx_tls_lib:default_versions().
-spec ciphers_schema(quic | dtls_all_available | tls_all_available | undefined) -> hocon_schema:field_schema(). -spec ciphers_schema(quic | dtls_all_available | tls_all_available | undefined) -> hocon_schema:field_schema().
ciphers_schema(Default) -> ciphers_schema(Default) ->

16
apps/emqx/src/emqx_tls_lib.erl
View File

@ -31,9 +31,7 @@
%% @doc Returns the default supported tls versions. %% @doc Returns the default supported tls versions.
-spec default_versions() -> [atom()]. -spec default_versions() -> [atom()].
default_versions() -> default_versions() -> available_versions().
OtpRelease = list_to_integer(erlang:system_info(otp_release)),
integral_versions(default_versions(OtpRelease)).
%% @doc Validate a given list of desired tls versions. %% @doc Validate a given list of desired tls versions.
%% raise an error exception if non of them are available. %% raise an error exception if non of them are available.
@ -51,7 +49,7 @@ integral_versions(Desired) when ?IS_STRING(Desired) ->
integral_versions(Desired) when is_binary(Desired) -> integral_versions(Desired) when is_binary(Desired) ->
integral_versions(parse_versions(Desired)); integral_versions(parse_versions(Desired));
integral_versions(Desired) -> integral_versions(Desired) ->
{_, Available} = lists:keyfind(available, 1, ssl:versions()), Available = available_versions(),
case lists:filter(fun(V) -> lists:member(V, Available) end, Desired) of case lists:filter(fun(V) -> lists:member(V, Available) end, Desired) of
[] -> erlang:error(#{ reason => no_available_tls_version [] -> erlang:error(#{ reason => no_available_tls_version
, desired => Desired , desired => Desired
@ -103,11 +101,17 @@ ensure_tls13_cipher(true, Ciphers) ->
ensure_tls13_cipher(false, Ciphers) -> ensure_tls13_cipher(false, Ciphers) ->
Ciphers. Ciphers.
%% default ssl versions based on available versions.
-spec available_versions() -> [atom()].
available_versions() ->
OtpRelease = list_to_integer(erlang:system_info(otp_release)),
default_versions(OtpRelease).
%% tlsv1.3 is available from OTP-22 but we do not want to use until 23. %% tlsv1.3 is available from OTP-22 but we do not want to use until 23.
default_versions(OtpRelease) when OtpRelease >= 23 -> default_versions(OtpRelease) when OtpRelease >= 23 ->
['tlsv1.3' | default_versions(22)]; proplists:get_value(available, ssl:versions());
default_versions(_) -> default_versions(_) ->
['tlsv1.2', 'tlsv1.1', tlsv1]. lists:delete('tlsv1.3', proplists:get_value(available, ssl:versions())).
%% Deduplicate a list without re-ordering the elements. %% Deduplicate a list without re-ordering the elements.
dedup([]) -> []; dedup([]) -> [];