mirror of
https://github.com/processone/ejabberd.git
synced 2024-11-28 16:34:13 +01:00
Move certificates processing code to pkix application
==== WARNING: MUST BE ADDED TO RELEASE NOTES ===== The commit introduces the following incompatibility: - Option 'ca_path' is deprecated and has no effect anymore: option 'ca_file' should be used instead if needed. ==================================================
This commit is contained in:
parent
e3a03394c7
commit
39fa1a810d
@ -29,6 +29,7 @@
|
|||||||
{fast_yaml, ".*", {git, "https://github.com/processone/fast_yaml", {tag, "1.0.17"}}},
|
{fast_yaml, ".*", {git, "https://github.com/processone/fast_yaml", {tag, "1.0.17"}}},
|
||||||
{jiffy, ".*", {git, "https://github.com/davisp/jiffy", {tag, "0.14.8"}}},
|
{jiffy, ".*", {git, "https://github.com/davisp/jiffy", {tag, "0.14.8"}}},
|
||||||
{p1_oauth2, ".*", {git, "https://github.com/processone/p1_oauth2", {tag, "0.6.3"}}},
|
{p1_oauth2, ".*", {git, "https://github.com/processone/p1_oauth2", {tag, "0.6.3"}}},
|
||||||
|
{pkix, ".*", {git, "https://github.com/processone/pkix"}},
|
||||||
{jose, ".*", {git, "https://github.com/potatosalad/erlang-jose", {tag, "1.8.4"}}},
|
{jose, ".*", {git, "https://github.com/potatosalad/erlang-jose", {tag, "1.8.4"}}},
|
||||||
{eimp, ".*", {git, "https://github.com/processone/eimp", {tag, "1.0.8"}}},
|
{eimp, ".*", {git, "https://github.com/processone/eimp", {tag, "1.0.8"}}},
|
||||||
{if_var_true, stun, {stun, ".*", {git, "https://github.com/processone/stun", {tag, "1.0.25"}}}},
|
{if_var_true, stun, {stun, ".*", {git, "https://github.com/processone/stun", {tag, "1.0.25"}}}},
|
||||||
|
@ -38,7 +38,7 @@
|
|||||||
-protocol({xep, 270, '1.0'}).
|
-protocol({xep, 270, '1.0'}).
|
||||||
|
|
||||||
-export([start/0, stop/0, halt/0, start_app/1, start_app/2,
|
-export([start/0, stop/0, halt/0, start_app/1, start_app/2,
|
||||||
get_pid_file/0, check_app/1, module_name/1]).
|
get_pid_file/0, check_app/1, module_name/1, is_loaded/0]).
|
||||||
|
|
||||||
-include("logger.hrl").
|
-include("logger.hrl").
|
||||||
|
|
||||||
|
@ -1112,7 +1112,7 @@ save_certificate({ok, DomainName, Cert}) ->
|
|||||||
%% that there is no certificate saved if it cannot be added in
|
%% that there is no certificate saved if it cannot be added in
|
||||||
%% certificate persistent storage
|
%% certificate persistent storage
|
||||||
write_cert(CertificateFile, Cert, DomainName),
|
write_cert(CertificateFile, Cert, DomainName),
|
||||||
ok = ejabberd_pkix:add_certfile(CertificateFile),
|
{ok, _} = ejabberd_pkix:add_certfile(CertificateFile),
|
||||||
DataCert = #data_cert{
|
DataCert = #data_cert{
|
||||||
domain = DomainName,
|
domain = DomainName,
|
||||||
pem = Cert,
|
pem = Cert,
|
||||||
|
@ -59,6 +59,7 @@ start(normal, _Args) ->
|
|||||||
?INFO_MSG("ejabberd ~s is started in the node ~p in ~.2fs",
|
?INFO_MSG("ejabberd ~s is started in the node ~p in ~.2fs",
|
||||||
[ejabberd_config:get_version(),
|
[ejabberd_config:get_version(),
|
||||||
node(), (T2-T1)/1000]),
|
node(), (T2-T1)/1000]),
|
||||||
|
ejabberd_hooks:run(ejabberd_started, []),
|
||||||
lists:foreach(fun erlang:garbage_collect/1, processes()),
|
lists:foreach(fun erlang:garbage_collect/1, processes()),
|
||||||
{ok, SupPid};
|
{ok, SupPid};
|
||||||
Err ->
|
Err ->
|
||||||
@ -150,6 +151,7 @@ start_apps() ->
|
|||||||
crypto:start(),
|
crypto:start(),
|
||||||
ejabberd:start_app(sasl),
|
ejabberd:start_app(sasl),
|
||||||
ejabberd:start_app(ssl),
|
ejabberd:start_app(ssl),
|
||||||
|
ejabberd:start_app(pkix),
|
||||||
ejabberd:start_app(p1_utils),
|
ejabberd:start_app(p1_utils),
|
||||||
ejabberd:start_app(fast_yaml),
|
ejabberd:start_app(fast_yaml),
|
||||||
ejabberd:start_app(fast_tls),
|
ejabberd:start_app(fast_tls),
|
||||||
|
@ -982,8 +982,8 @@ listen_opt_type(certfile = Opt) ->
|
|||||||
fun(S) ->
|
fun(S) ->
|
||||||
?WARNING_MSG("Listening option '~s' for ~s is deprecated, use "
|
?WARNING_MSG("Listening option '~s' for ~s is deprecated, use "
|
||||||
"'certfiles' global option instead", [Opt, ?MODULE]),
|
"'certfiles' global option instead", [Opt, ?MODULE]),
|
||||||
ok = ejabberd_pkix:add_certfile(S),
|
{ok, File} = ejabberd_pkix:add_certfile(S),
|
||||||
iolist_to_binary(S)
|
File
|
||||||
end;
|
end;
|
||||||
listen_opt_type(starttls) -> fun(B) when is_boolean(B) -> B end;
|
listen_opt_type(starttls) -> fun(B) when is_boolean(B) -> B end;
|
||||||
listen_opt_type(starttls_required) -> fun(B) when is_boolean(B) -> B end;
|
listen_opt_type(starttls_required) -> fun(B) when is_boolean(B) -> B end;
|
||||||
|
@ -965,8 +965,8 @@ listen_opt_type(certfile = Opt) ->
|
|||||||
fun(S) ->
|
fun(S) ->
|
||||||
?WARNING_MSG("Listening option '~s' for ~s is deprecated, use "
|
?WARNING_MSG("Listening option '~s' for ~s is deprecated, use "
|
||||||
"'certfiles' global option instead", [Opt, ?MODULE]),
|
"'certfiles' global option instead", [Opt, ?MODULE]),
|
||||||
ok = ejabberd_pkix:add_certfile(S),
|
{ok, File} = ejabberd_pkix:add_certfile(S),
|
||||||
iolist_to_binary(S)
|
File
|
||||||
end;
|
end;
|
||||||
listen_opt_type(captcha) ->
|
listen_opt_type(captcha) ->
|
||||||
fun(B) when is_boolean(B) -> B end;
|
fun(B) when is_boolean(B) -> B end;
|
||||||
|
@ -63,12 +63,7 @@ init(_) ->
|
|||||||
ets:new(?MODULE, [named_table, public]),
|
ets:new(?MODULE, [named_table, public]),
|
||||||
ejabberd_hooks:add(config_reloaded, ?MODULE, config_reloaded, 50),
|
ejabberd_hooks:add(config_reloaded, ?MODULE, config_reloaded, 50),
|
||||||
Listeners = ejabberd_config:get_option(listen, []),
|
Listeners = ejabberd_config:get_option(listen, []),
|
||||||
case add_certfiles(Listeners) of
|
{ok, {{one_for_one, 10, 1}, listeners_childspec(Listeners)}}.
|
||||||
ok ->
|
|
||||||
{ok, {{one_for_one, 10, 1}, listeners_childspec(Listeners)}};
|
|
||||||
{error, _} = Err ->
|
|
||||||
Err
|
|
||||||
end.
|
|
||||||
|
|
||||||
-spec listeners_childspec([listener()]) -> [supervisor:child_spec()].
|
-spec listeners_childspec([listener()]) -> [supervisor:child_spec()].
|
||||||
listeners_childspec(Listeners) ->
|
listeners_childspec(Listeners) ->
|
||||||
@ -432,20 +427,6 @@ check_rate_limit(Interval) ->
|
|||||||
end,
|
end,
|
||||||
NewInterval.
|
NewInterval.
|
||||||
|
|
||||||
-spec add_certfiles([listener()]) -> ok | {error, any()}.
|
|
||||||
add_certfiles([{_, _, Opts}|Listeners]) ->
|
|
||||||
case lists:keyfind(certfile, 1, Opts) of
|
|
||||||
{_, Path} ->
|
|
||||||
case ejabberd_pkix:add_certfile(Path) of
|
|
||||||
ok -> add_certfiles(Listeners);
|
|
||||||
{error, _} = Err -> Err
|
|
||||||
end;
|
|
||||||
false ->
|
|
||||||
add_certfiles(Listeners)
|
|
||||||
end;
|
|
||||||
add_certfiles([]) ->
|
|
||||||
ok.
|
|
||||||
|
|
||||||
transform_option({{Port, IP, Transport}, Mod, Opts}) ->
|
transform_option({{Port, IP, Transport}, Mod, Opts}) ->
|
||||||
IPStr = if is_tuple(IP) ->
|
IPStr = if is_tuple(IP) ->
|
||||||
list_to_binary(inet_parse:ntoa(IP));
|
list_to_binary(inet_parse:ntoa(IP));
|
||||||
@ -652,12 +633,12 @@ listen_opt_type(supervisor) ->
|
|||||||
fun(B) when is_boolean(B) -> B end;
|
fun(B) when is_boolean(B) -> B end;
|
||||||
listen_opt_type(certfile) ->
|
listen_opt_type(certfile) ->
|
||||||
fun(S) ->
|
fun(S) ->
|
||||||
ok = ejabberd_pkix:add_certfile(S),
|
{ok, File} = ejabberd_pkix:add_certfile(S),
|
||||||
iolist_to_binary(S)
|
File
|
||||||
end;
|
end;
|
||||||
listen_opt_type(ciphers) -> fun iolist_to_binary/1;
|
listen_opt_type(ciphers) -> fun iolist_to_binary/1;
|
||||||
listen_opt_type(dhfile) -> fun misc:try_read_file/1;
|
listen_opt_type(dhfile) -> fun misc:try_read_file/1;
|
||||||
listen_opt_type(cafile) -> fun misc:try_read_file/1;
|
listen_opt_type(cafile) -> fun ejabberd_pkix:try_certfile/1;
|
||||||
listen_opt_type(protocol_options) ->
|
listen_opt_type(protocol_options) ->
|
||||||
fun (Options) -> str:join(Options, <<"|">>) end;
|
fun (Options) -> str:join(Options, <<"|">>) end;
|
||||||
listen_opt_type(tls_compression) ->
|
listen_opt_type(tls_compression) ->
|
||||||
|
File diff suppressed because it is too large
Load Diff
@ -344,8 +344,8 @@ listen_opt_type(certfile = Opt) ->
|
|||||||
fun(S) ->
|
fun(S) ->
|
||||||
?WARNING_MSG("Listening option '~s' for ~s is deprecated, use "
|
?WARNING_MSG("Listening option '~s' for ~s is deprecated, use "
|
||||||
"'certfiles' global option instead", [Opt, ?MODULE]),
|
"'certfiles' global option instead", [Opt, ?MODULE]),
|
||||||
ok = ejabberd_pkix:add_certfile(S),
|
{ok, File} = ejabberd_pkix:add_certfile(S),
|
||||||
iolist_to_binary(S)
|
File
|
||||||
end.
|
end.
|
||||||
|
|
||||||
listen_options() ->
|
listen_options() ->
|
||||||
|
@ -1162,7 +1162,7 @@ opt_type(sql_username) -> fun iolist_to_binary/1;
|
|||||||
opt_type(sql_ssl) -> fun(B) when is_boolean(B) -> B end;
|
opt_type(sql_ssl) -> fun(B) when is_boolean(B) -> B end;
|
||||||
opt_type(sql_ssl_verify) -> fun(B) when is_boolean(B) -> B end;
|
opt_type(sql_ssl_verify) -> fun(B) when is_boolean(B) -> B end;
|
||||||
opt_type(sql_ssl_certfile) -> fun ejabberd_pkix:try_certfile/1;
|
opt_type(sql_ssl_certfile) -> fun ejabberd_pkix:try_certfile/1;
|
||||||
opt_type(sql_ssl_cafile) -> fun misc:try_read_file/1;
|
opt_type(sql_ssl_cafile) -> fun ejabberd_pkix:try_certfile/1;
|
||||||
opt_type(sql_query_timeout) ->
|
opt_type(sql_query_timeout) ->
|
||||||
fun (I) when is_integer(I), I > 0 -> I end;
|
fun (I) when is_integer(I), I > 0 -> I end;
|
||||||
opt_type(sql_connect_timeout) ->
|
opt_type(sql_connect_timeout) ->
|
||||||
|
Loading…
Reference in New Issue
Block a user