chore: improve coverage

src/emqx_const_v2.erl

@@ -52,7 +52,7 @@ make_tls_verify_fun(verify_cert_extKeyUsage, KeyUsages) ->
 
 verify_fun_peer_extKeyUsage(_, {bad_cert, invalid_ext_key_usage}, UserState) ->
   %% !! Override OTP verify peer default
-  %% OTP SSL is unhappy with the ext_key_usage but we will check on ower own.
+  %% OTP SSL is unhappy with the ext_key_usage but we will check on our own.
   {unknown, UserState};
 verify_fun_peer_extKeyUsage(_, {bad_cert, _} = Reason, _UserState) ->
   %% OTP verify_peer default
@@ -97,9 +97,6 @@ do_verify_ext_key_usage(CertExtL, [Usage | T] = _Required) ->
 %% @doc Helper tls cert extension
 -spec ext_key_opts(string()) -> [OidString::string() | public_key:oid()];
                   (undefined) -> undefined.
-ext_key_opts(undefined) ->
-    %% disabled
-    undefined;
 ext_key_opts(Str) ->
     Usages = string:tokens(Str, ","),
     lists:map(fun("clientAuth") ->

test/emqx_listener_tls_verify_keyusage_SUITE.erl

@@ -218,7 +218,7 @@ t_conn_fail_client_keyusage_incomplete(Config) ->
     Port = emqx_test_tls_certs_helper:select_free_port(ssl),
     DataDir = ?config(data_dir, Config),
     %% Give listener keyusage is codeSigning,clientAuth
-    Options = [{ssl_options, [ {verify_peer_ext_key_usage, "codeSigning,clientAuth"}
+    Options = [{ssl_options, [ {verify_peer_ext_key_usage, "serverAuth,clientAuth,codeSigning,emailProtection,timeStamping,ocspSigning"}
                              | ?config(ssl_config, Config)
                              ]}],
     emqx_listeners:start_listener(ssl, Port, Options),