diff options
| author | Michael Bridgen <mikeb@rabbitmq.com> | 2012-05-02 16:02:49 +0100 |
|---|---|---|
| committer | Michael Bridgen <mikeb@rabbitmq.com> | 2012-05-02 16:02:49 +0100 |
| commit | 1f191489bee359517dd3708efb7ca54970488aba (patch) | |
| tree | 6884ba7e8345f58c52d8789bb6b7e5d93cda4228 | |
| parent | 110d85f300c697d5bb12455f3298bb8b3fbd46c8 (diff) | |
| parent | 01adbace4efb3af8e615a6a4096ec476bf715064 (diff) | |
| download | rabbitmq-server-1f191489bee359517dd3708efb7ca54970488aba.tar.gz | |
Merge default
| -rw-r--r-- | src/rabbit_net.erl | 44 | ||||
| -rw-r--r-- | src/rabbit_networking.erl | 3 |
2 files changed, 45 insertions, 2 deletions
diff --git a/src/rabbit_net.erl b/src/rabbit_net.erl index 1a12d43b..25db3ea4 100644 --- a/src/rabbit_net.erl +++ b/src/rabbit_net.erl @@ -17,7 +17,7 @@ -module(rabbit_net). -include("rabbit.hrl"). --export([is_ssl/1, ssl_info/1, controlling_process/2, getstat/2, +-export([is_ssl/1, ssl_info/1, ssl_opts/1, controlling_process/2, getstat/2, recv/1, async_recv/3, port_command/2, getopts/2, setopts/2, send/2, close/1, maybe_fast_close/1, sockname/1, peername/1, peercert/1, connection_string/2]). @@ -41,6 +41,7 @@ -spec(ssl_info/1 :: (socket()) -> 'nossl' | ok_val_or_error( {atom(), {atom(), atom(), atom()}})). +-spec(ssl_opts/1 :: (rabbit_types:infos()) -> rabbit_types:infos()). -spec(controlling_process/2 :: (socket(), pid()) -> ok_or_any_error()). -spec(getstat/2 :: (socket(), [stat_option()]) @@ -85,6 +86,14 @@ ssl_info(Sock) when ?IS_SSL(Sock) -> ssl_info(_Sock) -> nossl. +ssl_opts(SslOpts0) -> + case proplists:lookup(cacertdir, SslOpts0) of + {cacertdir, Dir} -> + [{cacertfile, load_cacerts_dir(Dir)} | SslOpts0]; + none -> + SslOpts0 + end. + controlling_process(Sock, Pid) when ?IS_SSL(Sock) -> ssl:controlling_process(Sock#ssl_socket.ssl, Pid); controlling_process(Sock, Pid) when is_port(Sock) -> @@ -174,3 +183,36 @@ connection_string(Sock, Direction) -> {_, {error, _Reason} = Error} -> Error end. + +ca_tmp_filename(Dir, DateTime) -> + SecondsStr = integer_to_list( + calendar:datetime_to_gregorian_seconds(DateTime)), + filename:join(Dir, SecondsStr ++ ".tmp"). + +load_cacerts_dir(Dir) -> + ExpectedFilename = ca_tmp_filename(Dir, filelib:last_modified(Dir)), + case filelib:is_file(ExpectedFilename) of + true -> + ExpectedFilename; + false -> + NewContents = + filelib:fold_files( + Dir, ".*\\.pem", false, + fun (F, Certs) -> + {ok, PemBin} = file:read_file(F), + [PemBin | Certs] + end, []), + %% Remove old files + filelib:fold_files( + Dir, "[0-9]*\\.tmp", false, + fun (F, _) -> + file:delete(F) + end, undefined), + %% Create a new file name with the expected mtime of the + %% directory once we've written to it. This will + %% occasionally miss; this assumes it's not a huge deal to + %% re-generate it. + NewFilename = ca_tmp_filename(Dir, calendar:local_time()), + file:write_file(NewFilename, NewContents), + NewFilename + end. diff --git a/src/rabbit_networking.erl b/src/rabbit_networking.erl index f0c75d23..bd528fbd 100644 --- a/src/rabbit_networking.erl +++ b/src/rabbit_networking.erl @@ -160,8 +160,9 @@ ensure_ssl() -> | SslOptsConfig] end. -ssl_transform_fun(SslOpts) -> +ssl_transform_fun(SslOpts0) -> fun (Sock) -> + SslOpts = rabbit_net:ssl_opts(SslOpts0), case catch ssl:ssl_accept(Sock, SslOpts, ?SSL_TIMEOUT * 1000) of {ok, SslSock} -> {ok, #ssl_socket{tcp = Sock, ssl = SslSock}}; |