feat(listener): add depth for ssl listener

2020-11-30 17:28:03 +08:00 · 2020-11-30 17:28:03 +08:00 · ef19e8a08b
parent cf7c3b4f0c
commit ef19e8a08b
3 changed files with 12 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -41,3 +41,4 @@ erlang.mk
 *.coverdata
 etc/emqx.conf.rendered
 Mnesia.*/
+.stamp
--- a/etc/emqx.conf
+++ b/etc/emqx.conf
@ -1317,6 +1317,11 @@ listener.ssl.external.access.1 = allow all
 ## Value: Duration
 listener.ssl.external.handshake_timeout = 15s

+## Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.
+##
+## Value: Number
+#listener.ssl.external.depth = 10
+
 ## Path to the file containing the user's private PEM-encoded key.
 ##
 ## See: http://erlang.org/doc/man/ssl.html
--- a/priv/emqx.schema
+++ b/priv/emqx.schema
@ -1368,6 +1368,11 @@ end}.
  {datatype, {duration, ms}}
 ]}.

+{mapping, "listener.ssl.$name.depth", "emqx.listeners", [
+  {default, 10},
+  {datatype, integer}
+]}.
+
 {mapping, "listener.ssl.$name.dhfile", "emqx.listeners", [
  {datatype, string}
 ]}.
@ -1878,6 +1883,7 @@ end}.
                          {ciphers, Ciphers},
                          {user_lookup_fun, UserLookupFun},
                          {handshake_timeout, cuttlefish:conf_get(Prefix ++ ".handshake_timeout", Conf, undefined)},
+                          {depth, cuttlefish:conf_get(Prefix ++ ".depth", Conf, undefined)},
                          {dhfile, cuttlefish:conf_get(Prefix ++ ".dhfile", Conf, undefined)},
                          {keyfile,    cuttlefish:conf_get(Prefix ++ ".keyfile", Conf, undefined)},
                          {certfile,   cuttlefish:conf_get(Prefix ++ ".certfile", Conf, undefined)},