summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRob Harrop <rob@rabbitmq.com>2011-03-03 15:23:37 +0000
committerRob Harrop <rob@rabbitmq.com>2011-03-03 15:23:37 +0000
commit59151f5f16866343a50bea76ac7da9a63008a2e0 (patch)
treef0cae24b135ae3c200c335dc80df7f0dfa283b02
parent90b917ce62eb5909804bd88a434179b43123f79a (diff)
parent6a88269b83e0e93d50e7e65435c9daeef0fc7ddb (diff)
downloadrabbitmq-server-59151f5f16866343a50bea76ac7da9a63008a2e0.tar.gz
Merge with default
-rw-r--r--src/rabbit_networking.erl62
1 files changed, 33 insertions, 29 deletions
diff --git a/src/rabbit_networking.erl b/src/rabbit_networking.erl
index 36f61628..53be0190 100644
--- a/src/rabbit_networking.erl
+++ b/src/rabbit_networking.erl
@@ -24,7 +24,8 @@
close_connection/2]).
%%used by TCP-based transports, e.g. STOMP adapter
--export([check_tcp_listener_address/2]).
+-export([check_tcp_listener_address/2,
+ ensure_ssl/0, ssl_transform_fun/1]).
-export([tcp_listener_started/3, tcp_listener_stopped/3,
start_client/1, start_ssl_client/2]).
@@ -88,19 +89,8 @@ boot_ssl() ->
{ok, []} ->
ok;
{ok, SslListeners} ->
- ok = rabbit_misc:start_applications([crypto, public_key, ssl]),
- {ok, SslOptsConfig} = application:get_env(ssl_options),
- % unknown_ca errors are silently ignored prior to R14B unless we
- % supply this verify_fun - remove when at least R14B is required
- SslOpts =
- case proplists:get_value(verify, SslOptsConfig, verify_none) of
- verify_none -> SslOptsConfig;
- verify_peer -> [{verify_fun, fun([]) -> true;
- ([_|_]) -> false
- end}
- | SslOptsConfig]
- end,
- [start_ssl_listener(Listener, SslOpts) || Listener <- SslListeners],
+ [start_ssl_listener(Listener, ensure_ssl())
+ || Listener <- SslListeners],
ok
end.
@@ -147,6 +137,34 @@ resolve_family({_,_,_,_,_,_,_,_}, auto) -> inet6;
resolve_family(IP, auto) -> throw({error, {strange_family, IP}});
resolve_family(_, F) -> F.
+ensure_ssl() ->
+ ok = rabbit_misc:start_applications([crypto, public_key, ssl]),
+ {ok, SslOptsConfig} = application:get_env(rabbit, ssl_options),
+
+ % unknown_ca errors are silently ignored prior to R14B unless we
+ % supply this verify_fun - remove when at least R14B is required
+ case proplists:get_value(verify, SslOptsConfig, verify_none) of
+ verify_none -> SslOptsConfig;
+ verify_peer -> [{verify_fun, fun([]) -> true;
+ ([_|_]) -> false
+ end}
+ | SslOptsConfig]
+ end.
+
+ssl_transform_fun(SslOpts) ->
+ fun (Sock) ->
+ case catch ssl:ssl_accept(Sock, SslOpts, ?SSL_TIMEOUT * 1000) of
+ {ok, SslSock} ->
+ rabbit_log:info("upgraded TCP connection ~p to SSL~n",
+ [self()]),
+ {ok, #ssl_socket{tcp = Sock, ssl = SslSock}};
+ {error, Reason} ->
+ {error, {ssl_upgrade_error, Reason}};
+ {'EXIT', Reason} ->
+ {error, {ssl_upgrade_failure, Reason}}
+ end
+ end.
+
check_tcp_listener_address(NamePrefix, Port) when is_integer(Port) ->
check_tcp_listener_address_auto(NamePrefix, Port);
@@ -246,21 +264,7 @@ start_client(Sock) ->
start_client(Sock, fun (S) -> {ok, S} end).
start_ssl_client(SslOpts, Sock) ->
- start_client(
- Sock,
- fun (Sock1) ->
- case catch ssl:ssl_accept(Sock1, SslOpts, ?SSL_TIMEOUT * 1000) of
- {ok, SslSock} ->
- rabbit_log:info("upgraded TCP connection ~p to SSL~n",
- [self()]),
- {ok, #ssl_socket{tcp = Sock1, ssl = SslSock}};
- {error, Reason} ->
- {error, {ssl_upgrade_error, Reason}};
- {'EXIT', Reason} ->
- {error, {ssl_upgrade_failure, Reason}}
-
- end
- end).
+ start_client(Sock, ssl_transform_fun(SslOpts)).
connections() ->
[rabbit_connection_sup:reader(ConnSup) ||