From dfabc7ca725f1e040ae08a020bcec50ff3c9f2d9 Mon Sep 17 00:00:00 2001
From: William Yang <mscame@gmail.com>
Date: Fri, 12 May 2023 18:13:21 +0200
Subject: [PATCH] chore: improve coverage

---
 src/emqx_const_v2.erl                            | 5 +----
 test/emqx_listener_tls_verify_keyusage_SUITE.erl | 2 +-
 2 files changed, 2 insertions(+), 5 deletions(-)

diff --git a/src/emqx_const_v2.erl b/src/emqx_const_v2.erl
index 9efeb6dde..cb7043955 100644
--- a/src/emqx_const_v2.erl
+++ b/src/emqx_const_v2.erl
@@ -52,7 +52,7 @@ make_tls_verify_fun(verify_cert_extKeyUsage, KeyUsages) ->
 
 verify_fun_peer_extKeyUsage(_, {bad_cert, invalid_ext_key_usage}, UserState) ->
   %% !! Override OTP verify peer default
-  %% OTP SSL is unhappy with the ext_key_usage but we will check on ower own.
+  %% OTP SSL is unhappy with the ext_key_usage but we will check on our own.
   {unknown, UserState};
 verify_fun_peer_extKeyUsage(_, {bad_cert, _} = Reason, _UserState) ->
   %% OTP verify_peer default
@@ -97,9 +97,6 @@ do_verify_ext_key_usage(CertExtL, [Usage | T] = _Required) ->
 %% @doc Helper tls cert extension
 -spec ext_key_opts(string()) -> [OidString::string() | public_key:oid()];
                   (undefined) -> undefined.
-ext_key_opts(undefined) ->
-    %% disabled
-    undefined;
 ext_key_opts(Str) ->
     Usages = string:tokens(Str, ","),
     lists:map(fun("clientAuth") ->
diff --git a/test/emqx_listener_tls_verify_keyusage_SUITE.erl b/test/emqx_listener_tls_verify_keyusage_SUITE.erl
index 197373e8d..07acc0eef 100644
--- a/test/emqx_listener_tls_verify_keyusage_SUITE.erl
+++ b/test/emqx_listener_tls_verify_keyusage_SUITE.erl
@@ -218,7 +218,7 @@ t_conn_fail_client_keyusage_incomplete(Config) ->
     Port = emqx_test_tls_certs_helper:select_free_port(ssl),
     DataDir = ?config(data_dir, Config),
     %% Give listener keyusage is codeSigning,clientAuth
-    Options = [{ssl_options, [ {verify_peer_ext_key_usage, "codeSigning,clientAuth"}
+    Options = [{ssl_options, [ {verify_peer_ext_key_usage, "serverAuth,clientAuth,codeSigning,emailProtection,timeStamping,ocspSigning"}
                              | ?config(ssl_config, Config)
                              ]}],
     emqx_listeners:start_listener(ssl, Port, Options),