7 năm trước cách đây · 3f761cbe6a
--- a/etc/emqx.conf
+++ b/etc/emqx.conf
@@ -1159,10 +1159,10 @@ listener.ssl.external.ciphers = ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-G
 
				 ## Value: on | off
			
 
				 ## listener.ssl.external.honor_cipher_order = on
			
 
				 
			
 
				-## Use the CN field from the client certificate as a username.
			
 
				+## Use the CN, EN or CRT field from the client certificate as a username.
			
 
				 ## Notice that 'verify' should be set as 'verify_peer'.
			
 
				 ##
			
 
				-## Value: cn | en
			
 
				+## Value: cn | en | crt
			
 
				 ## listener.ssl.external.peer_cert_as_username = cn
			
 
				 
			
 
				 ## TCP backlog for the SSL connection.
			
@@ -1522,7 +1522,7 @@ listener.wss.external.certfile = {{ platform_etc_dir }}/certs/cert.pem
 
				 
			
 
				 ## See: listener.ssl.$name.peer_cert_as_username
			
 
				 ##
			
 
				-## Value: cn | dn
			
 
				+## Value: cn | dn | crt
			
 
				 ## listener.wss.external.peer_cert_as_username = cn
			
 
				 
			
 
				 ## TCP backlog for the WebSocket/SSL connection.
			
--- a/priv/emqx.schema
+++ b/priv/emqx.schema
@@ -949,7 +949,7 @@ end}.
 
				 ]}.
			
 
				 
			
 
				 {mapping, "listener.tcp.$name.peer_cert_as_username", "emqx.listeners", [
			
 
				-  {datatype, {enum, [cn, dn]}}
			
 
				+  {datatype, {enum, [cn, dn, crt]}}
			
 
				 ]}.
			
 
				 
			
 
				 {mapping, "listener.tcp.$name.backlog", "emqx.listeners", [
			
@@ -1139,7 +1139,7 @@ end}.
 
				 ]}.
			
 
				 
			
 
				 {mapping, "listener.ssl.$name.peer_cert_as_username", "emqx.listeners", [
			
 
				-  {datatype, {enum, [cn, dn]}}
			
 
				+  {datatype, {enum, [cn, dn, crt]}}
			
 
				 ]}.
			
 
				 
			
 
				 %%--------------------------------------------------------------------
			
@@ -1400,7 +1400,7 @@ end}.
 
				 ]}.
			
 
				 
			
 
				 {mapping, "listener.wss.$name.peer_cert_as_username", "emqx.listeners", [
			
 
				-  {datatype, {enum, [cn, dn]}}
			
 
				+  {datatype, {enum, [cn, dn, crt]}}
			
 
				 ]}.
			
 
				 
			
 
				 {translation, "emqx.listeners", fun(Conf) ->
			
--- a/src/emqx_protocol.erl
+++ b/src/emqx_protocol.erl
@@ -106,9 +106,10 @@ init(#{peername := Peername, peercert := Peercert, sendfun := SendFun}, Options)
 
				 
			
 
				 init_username(Peercert, Options) ->
			
 
				     case proplists:get_value(peer_cert_as_username, Options) of
			
 
				-        cn -> esockd_peercert:common_name(Peercert);
			
 
				-        dn -> esockd_peercert:subject(Peercert);
			
 
				-        _  -> undefined
			
 
				+        cn  -> esockd_peercert:common_name(Peercert);
			
 
				+        dn  -> esockd_peercert:subject(Peercert);
			
 
				+        crt -> Peercert;
			
 
				+        _   -> undefined
			
 
				     end.
			
 
				 
			
 
				 set_username(Username, PState = #pstate{username = undefined}) ->