From f82c3d773f1a31d862cd546e4a8181801c0a7ce0 Mon Sep 17 00:00:00 2001 From: Ulf Wiger Date: Wed, 16 Mar 2016 17:08:29 -0700 Subject: Allow custom tls_opts --- components/dlink_tls/src/dlink_tls_conn.erl | 17 ++++++++++++++--- priv/test_config/tls_backend.config | 5 ++++- priv/test_config/tls_backend_noverify.config | 5 +++-- priv/test_config/tls_sample_noverify.config | 1 - 4 files changed, 21 insertions(+), 7 deletions(-) diff --git a/components/dlink_tls/src/dlink_tls_conn.erl b/components/dlink_tls/src/dlink_tls_conn.erl index 4629e55..cfa75d2 100644 --- a/components/dlink_tls/src/dlink_tls_conn.erl +++ b/components/dlink_tls/src/dlink_tls_conn.erl @@ -427,7 +427,8 @@ do_upgrade(Sock, server, CompSpec) -> tls_opts(Role, CompSpec) -> {ok, ServerOpts} = get_module_config(server_opts, [], CompSpec), - TlsOpts = rvi_common:get_value(tls_opts, ServerOpts, CompSpec), + TlsOpts = proplists:get_value(tls_opts, ServerOpts, []), + ?debug("TlsOpts = ~p", [TlsOpts]), Opt = fun(K) -> opt(K, TlsOpts, fun() -> ok(setup:get_env(rvi_core, K)) @@ -440,11 +441,11 @@ tls_opts(Role, CompSpec) -> {certfile, Opt(device_cert)}, {keyfile, Opt(device_key)}, {cacertfile, Opt(root_cert)} - ]}; + | other_tls_opts(TlsOpts)]}; {verify, false} -> {false, [ {verify, verify_none} - ]}; + | other_tls_opts(TlsOpts)]}; _ when VOpt==false; VOpt == {verify, true} -> % {verify,true} default {true, [ {verify, verify_peer}, @@ -457,9 +458,19 @@ tls_opts(Role, CompSpec) -> fun(X) -> partial_chain(Role, X) end)} + | other_tls_opts(TlsOpts) ]} end. +other_tls_opts(Opts) -> + other_tls_opts([device_cert, device_key, + root_cert, verify_fun, + partial_chain, verify], Opts). + +other_tls_opts(Remove, Opts) -> + [O || {K,_} = O <- Opts, + not lists:member(K, Remove)]. + opt(Key, Opts, Def) -> case lists:keyfind(Key, 1, Opts) of false when is_function(Def, 0) -> Def(); diff --git a/priv/test_config/tls_backend.config b/priv/test_config/tls_backend.config index fa931d8..ccc03a5 100644 --- a/priv/test_config/tls_backend.config +++ b/priv/test_config/tls_backend.config @@ -8,7 +8,10 @@ { [routing_rules, ""], [{proto_msgpack_rpc, dlink_tls_rpc}] }, { [components, data_link], [{dlink_tls_rpc, gen_server, [{server_opts, [{port, 8807}, - {ping_interval,500}]}]}]}, + {ping_interval,500}, + {tls_opts, + [{reuse_sessions, false}]} + ]}]}]}, { [components, protocol], [{proto_msgpack_rpc, gen_server, []}] } ]} ]} diff --git a/priv/test_config/tls_backend_noverify.config b/priv/test_config/tls_backend_noverify.config index cb24e81..b057af8 100644 --- a/priv/test_config/tls_backend_noverify.config +++ b/priv/test_config/tls_backend_noverify.config @@ -8,8 +8,9 @@ { [routing_rules, ""], [{proto_msgpack_rpc, dlink_tls_rpc}] }, { [components, data_link], [{dlink_tls_rpc, gen_server, [{server_opts, [{port, 8807}, - {verify, false}, - {ping_interval,500}]}]}]}, + {ping_interval,500}, + {tls_opts, + [{verify, false}]}]}]}]}, { [components, protocol], [{proto_msgpack_rpc, gen_server, []}] } ]} ]} diff --git a/priv/test_config/tls_sample_noverify.config b/priv/test_config/tls_sample_noverify.config index 0328cf4..9dad5f9 100644 --- a/priv/test_config/tls_sample_noverify.config +++ b/priv/test_config/tls_sample_noverify.config @@ -8,7 +8,6 @@ { [routing_rules, ""], [{proto_msgpack_rpc, dlink_tls_rpc}] }, { [components, data_link], [{dlink_tls_rpc, gen_server, [{server_opts, [{port, 9007}, -% {verify, false}, {ping_interval,500}]}, {persistent_connections, ["localhost:8807"]}]}]}, -- cgit v1.2.1