Pārlūkot izejas kodu

feat(ssl): supports configuration of keyfile password

JianBo He 5 gadi atpakaļ
vecāks
revīzija
19e8a187e4
2 mainītis faili ar 36 papildinājumiem un 0 dzēšanām
  1. 22 0
      etc/emqx.conf
  2. 14 0
      priv/emqx.schema

+ 22 - 0
etc/emqx.conf

@@ -1323,6 +1323,12 @@ listener.ssl.external.handshake_timeout = 15s
 ## Value: Number
 ## listener.ssl.external.depth = 10
 
+## String containing the user's password. Only used if the private keyfile
+## is password-protected.
+##
+## Value: String
+## listener.ssl.external.key_password = yourpass
+
 ## Path to the file containing the user's private PEM-encoded key.
 ##
 ## See: http://erlang.org/doc/man/ssl.html
@@ -1788,6 +1794,22 @@ listener.wss.external.certfile = {{ platform_etc_dir }}/certs/cert.pem
 ## Value: File
 ## listener.wss.external.cacertfile = {{ platform_etc_dir }}/certs/cacert.pem
 
+## Maximum number of non-self-issued intermediate certificates that
+## can follow the peer certificate in a valid certification path.
+##
+## See: listener.ssl.external.depth
+##
+## Value: Number
+## listener.wss.external.depth = 10
+
+## String containing the user's password. Only used if the private keyfile
+## is password-protected.
+##
+## See: listener.ssl.$name.key_password
+##
+## Value: String
+## listener.wss.external.key_password = yourpass
+
 ## See: listener.ssl.$name.dhfile
 ##
 ## Value: File

+ 14 - 0
priv/emqx.schema

@@ -1373,6 +1373,10 @@ end}.
   {datatype, integer}
 ]}.
 
+{mapping, "listener.ssl.$name.key_password", "emqx.listeners", [
+  {datatype, string}
+]}.
+
 {mapping, "listener.ssl.$name.dhfile", "emqx.listeners", [
   {datatype, string}
 ]}.
@@ -1693,6 +1697,15 @@ end}.
   {datatype, string}
 ]}.
 
+{mapping, "listener.wss.$name.depth", "emqx.listeners", [
+  {default, 10},
+  {datatype, integer}
+]}.
+
+{mapping, "listener.wss.$name.key_password", "emqx.listeners", [
+  {datatype, string}
+]}.
+
 {mapping, "listener.wss.$name.verify", "emqx.listeners", [
   {datatype, atom}
 ]}.
@@ -1884,6 +1897,7 @@ end}.
                           {user_lookup_fun, UserLookupFun},
                           {handshake_timeout, cuttlefish:conf_get(Prefix ++ ".handshake_timeout", Conf, undefined)},
                           {depth, cuttlefish:conf_get(Prefix ++ ".depth", Conf, undefined)},
+                          {password, cuttlefish:conf_get(Prefix ++ ".key_password", Conf, undefined)},
                           {dhfile, cuttlefish:conf_get(Prefix ++ ".dhfile", Conf, undefined)},
                           {keyfile,    cuttlefish:conf_get(Prefix ++ ".keyfile", Conf, undefined)},
                           {certfile,   cuttlefish:conf_get(Prefix ++ ".certfile", Conf, undefined)},