yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

chore: sync code from ee

This commit is contained in:
Shawn 2023-06-20 20:47:44 +08:00
parent 21797d841e
commit e6ae98dd40
1 changed files with 13 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/emqx_tls_lib.erl
View File

@ -224,15 +224,20 @@ replace(Opts, Key, Value) -> [{Key, Value} | proplists:delete(Key, Opts)].
%% @doc Helper, make TLS root_fun
rootfun_trusted_ca_from_cacertfile(NumOfCerts, SslOpts) ->
Cacertfile = proplists:get_value(cacertfile, SslOpts, undefined),
try do_rootfun_trusted_ca_from_cacertfile(NumOfCerts, Cacertfile)
case file:read_file(Cacertfile) of
{ok, PemBin} ->
try do_rootfun_trusted_ca_from_cacertfile(NumOfCerts, PemBin)
catch _Error:_Info:ST ->
%% The cacertfile will be checked by OTP SSL as well and OTP choice to be silent on this.
%% We are touching security sutffs, don't leak extra info..
?LOG(error, "Failed to look for trusted cacert from cacertfile. Stacktrace: ~p", [ST]),
throw({error, ?FUNCTION_NAME})
end;
{error, Reason} ->
throw({error, {read_cacertfile_error, Cacertfile, Reason}})
end.
do_rootfun_trusted_ca_from_cacertfile(NumOfCerts, Cacertfile) ->
{ok, PemBin} = file:read_file(Cacertfile),
do_rootfun_trusted_ca_from_cacertfile(NumOfCerts, PemBin) ->
%% The last one or two should be the top parent in the chain if it is a chain
Certs = public_key:pem_decode(PemBin),
Pos = length(Certs) - NumOfCerts + 1,