Merge pull request #7784 from JimMoen/fix-ssl-options

fix ssl options

apps/emqx/src/emqx_schema.erl

@@ -1824,13 +1824,7 @@ common_ssl_opts_schema(Defaults) ->
 %% @doc Make schema for SSL listener options.
 %% When it's for ranch listener, an extra field `handshake_timeout' is added.
 -spec server_ssl_opts_schema(map(), boolean()) -> hocon_schema:field_schema().
-server_ssl_opts_schema(Defaults1, IsRanchListener) ->
-    Defaults0 = #{
-        cacertfile => emqx:cert_file("cacert.pem"),
-        certfile => emqx:cert_file("cert.pem"),
-        keyfile => emqx:cert_file("key.pem")
-    },
-    Defaults = maps:merge(Defaults0, Defaults1),
+server_ssl_opts_schema(Defaults, IsRanchListener) ->
     D = fun(Field) -> maps:get(to_atom(Field), Defaults, undefined) end,
     Df = fun(Field, Default) -> maps:get(to_atom(Field), Defaults, Default) end,
     common_ssl_opts_schema(Defaults) ++
@@ -1883,15 +1877,7 @@ server_ssl_opts_schema(Defaults1, IsRanchListener) ->
 
 %% @doc Make schema for SSL client.
 -spec client_ssl_opts_schema(map()) -> hocon_schema:field_schema().
-client_ssl_opts_schema(Defaults1) ->
-    %% assert
-    true = lists:all(fun(K) -> is_atom(K) end, maps:keys(Defaults1)),
-    Defaults0 = #{
-        cacertfile => emqx:cert_file("cacert.pem"),
-        certfile => emqx:cert_file("client-cert.pem"),
-        keyfile => emqx:cert_file("client-key.pem")
-    },
-    Defaults = maps:merge(Defaults0, Defaults1),
+client_ssl_opts_schema(Defaults) ->
     common_ssl_opts_schema(Defaults) ++
         [
             {"server_name_indication",

apps/emqx/src/emqx_tls_lib.erl

@@ -476,7 +476,7 @@ to_client_opts(Opts) ->
     CertFile = ensure_str(Get(certfile)),
     CAFile = ensure_str(Get(cacertfile)),
     Verify = GetD(verify, verify_none),
-    SNI = ensure_str(Get(server_name_indication)),
+    SNI = ensure_sni(Get(server_name_indication)),
     Versions = integral_versions(Get(versions)),
     Ciphers = integral_ciphers(Versions, Get(ciphers)),
     filter([
@@ -505,6 +505,11 @@ fuzzy_map_get(Key, Options, Default) ->
             Default
     end.
 
+ensure_sni(disable) -> disable;
+ensure_sni(undefined) -> undefined;
+ensure_sni(L) when is_list(L) -> L;
+ensure_sni(B) when is_binary(B) -> unicode:characters_to_list(B, utf8).
+
 ensure_str(undefined) -> undefined;
 ensure_str(L) when is_list(L) -> L;
 ensure_str(B) when is_binary(B) -> unicode:characters_to_list(B, utf8).

apps/emqx_management/test/emqx_mgmt_api_listeners_SUITE.erl

@@ -72,19 +72,19 @@ t_wss_crud_listeners_by_id(_) ->
     crud_listeners_by_id(ListenerId, NewListenerId, MinListenerId, BadId, Type).
 
 crud_listeners_by_id(ListenerId, NewListenerId, MinListenerId, BadId, Type) ->
-    TcpPath = emqx_mgmt_api_test_util:api_path(["listeners", ListenerId]),
+    OriginPath = emqx_mgmt_api_test_util:api_path(["listeners", ListenerId]),
     NewPath = emqx_mgmt_api_test_util:api_path(["listeners", NewListenerId]),
-    TcpListener = request(get, TcpPath, [], []),
+    OriginListener = request(get, OriginPath, [], []),
 
     %% create with full options
     ?assertEqual({error, not_found}, is_running(NewListenerId)),
     ?assertMatch({error, {"HTTP/1.1", 404, _}}, request(get, NewPath, [], [])),
-    NewConf = TcpListener#{
+    NewConf = OriginListener#{
         <<"id">> => NewListenerId,
         <<"bind">> => <<"0.0.0.0:2883">>
     },
     Create = request(post, NewPath, [], NewConf),
-    ?assertEqual(lists:sort(maps:keys(TcpListener)), lists:sort(maps:keys(Create))),
+    ?assertEqual(lists:sort(maps:keys(OriginListener)), lists:sort(maps:keys(Create))),
     Get1 = request(get, NewPath, [], []),
     ?assertMatch(Create, Get1),
     ?assert(is_running(NewListenerId)),
@@ -93,20 +93,42 @@ crud_listeners_by_id(ListenerId, NewListenerId, MinListenerId, BadId, Type) ->
     MinPath = emqx_mgmt_api_test_util:api_path(["listeners", MinListenerId]),
     ?assertEqual({error, not_found}, is_running(MinListenerId)),
     ?assertMatch({error, {"HTTP/1.1", 404, _}}, request(get, MinPath, [], [])),
-    MinConf = #{
-        <<"id">> => MinListenerId,
-        <<"bind">> => <<"0.0.0.0:3883">>,
-        <<"type">> => Type
-    },
+    MinConf =
+        case OriginListener of
+            #{
+                <<"ssl">> :=
+                    #{
+                        <<"cacertfile">> := CaCertFile,
+                        <<"certfile">> := CertFile,
+                        <<"keyfile">> := KeyFile
+                    }
+            } ->
+                #{
+                    <<"id">> => MinListenerId,
+                    <<"bind">> => <<"0.0.0.0:3883">>,
+                    <<"type">> => Type,
+                    <<"ssl">> => #{
+                        <<"cacertfile">> => CaCertFile,
+                        <<"certfile">> => CertFile,
+                        <<"keyfile">> => KeyFile
+                    }
+                };
+            _ ->
+                #{
+                    <<"id">> => MinListenerId,
+                    <<"bind">> => <<"0.0.0.0:3883">>,
+                    <<"type">> => Type
+                }
+        end,
     MinCreate = request(post, MinPath, [], MinConf),
-    ?assertEqual(lists:sort(maps:keys(TcpListener)), lists:sort(maps:keys(MinCreate))),
+    ?assertEqual(lists:sort(maps:keys(OriginListener)), lists:sort(maps:keys(MinCreate))),
     MinGet = request(get, MinPath, [], []),
     ?assertMatch(MinCreate, MinGet),
     ?assert(is_running(MinListenerId)),
 
     %% bad create(same port)
     BadPath = emqx_mgmt_api_test_util:api_path(["listeners", BadId]),
-    BadConf = TcpListener#{
+    BadConf = OriginListener#{
         <<"id">> => BadId,
         <<"bind">> => <<"0.0.0.0:2883">>
     },

apps/emqx_prometheus/test/emqx_prometheus_SUITE.erl

@@ -22,14 +22,14 @@
 -compile(export_all).
 
 -define(CLUSTER_RPC_SHARD, emqx_cluster_rpc_shard).
--define(CONF_DEFAULT,
-    <<"\n"
+-define(CONF_DEFAULT, <<
+    "\n"
     "prometheus {\n"
     "  push_gateway_server = \"http://127.0.0.1:9091\"\n"
     "  interval = \"1s\"\n"
     "  enable = true\n"
-    "}\n">>
-).
+    "}\n"
+>>).
 
 %%--------------------------------------------------------------------
 %% Setups