mirror of
https://github.com/processone/ejabberd.git
synced 2024-11-24 16:23:40 +01:00
Move certificates processing code to pkix application
==== WARNING: MUST BE ADDED TO RELEASE NOTES ===== The commit introduces the following incompatibility: - Option 'ca_path' is deprecated and has no effect anymore: option 'ca_file' should be used instead if needed. ==================================================
This commit is contained in:
parent
e3a03394c7
commit
39fa1a810d
@ -29,6 +29,7 @@
|
||||
{fast_yaml, ".*", {git, "https://github.com/processone/fast_yaml", {tag, "1.0.17"}}},
|
||||
{jiffy, ".*", {git, "https://github.com/davisp/jiffy", {tag, "0.14.8"}}},
|
||||
{p1_oauth2, ".*", {git, "https://github.com/processone/p1_oauth2", {tag, "0.6.3"}}},
|
||||
{pkix, ".*", {git, "https://github.com/processone/pkix"}},
|
||||
{jose, ".*", {git, "https://github.com/potatosalad/erlang-jose", {tag, "1.8.4"}}},
|
||||
{eimp, ".*", {git, "https://github.com/processone/eimp", {tag, "1.0.8"}}},
|
||||
{if_var_true, stun, {stun, ".*", {git, "https://github.com/processone/stun", {tag, "1.0.25"}}}},
|
||||
|
@ -38,7 +38,7 @@
|
||||
-protocol({xep, 270, '1.0'}).
|
||||
|
||||
-export([start/0, stop/0, halt/0, start_app/1, start_app/2,
|
||||
get_pid_file/0, check_app/1, module_name/1]).
|
||||
get_pid_file/0, check_app/1, module_name/1, is_loaded/0]).
|
||||
|
||||
-include("logger.hrl").
|
||||
|
||||
|
@ -1112,7 +1112,7 @@ save_certificate({ok, DomainName, Cert}) ->
|
||||
%% that there is no certificate saved if it cannot be added in
|
||||
%% certificate persistent storage
|
||||
write_cert(CertificateFile, Cert, DomainName),
|
||||
ok = ejabberd_pkix:add_certfile(CertificateFile),
|
||||
{ok, _} = ejabberd_pkix:add_certfile(CertificateFile),
|
||||
DataCert = #data_cert{
|
||||
domain = DomainName,
|
||||
pem = Cert,
|
||||
|
@ -59,6 +59,7 @@ start(normal, _Args) ->
|
||||
?INFO_MSG("ejabberd ~s is started in the node ~p in ~.2fs",
|
||||
[ejabberd_config:get_version(),
|
||||
node(), (T2-T1)/1000]),
|
||||
ejabberd_hooks:run(ejabberd_started, []),
|
||||
lists:foreach(fun erlang:garbage_collect/1, processes()),
|
||||
{ok, SupPid};
|
||||
Err ->
|
||||
@ -150,6 +151,7 @@ start_apps() ->
|
||||
crypto:start(),
|
||||
ejabberd:start_app(sasl),
|
||||
ejabberd:start_app(ssl),
|
||||
ejabberd:start_app(pkix),
|
||||
ejabberd:start_app(p1_utils),
|
||||
ejabberd:start_app(fast_yaml),
|
||||
ejabberd:start_app(fast_tls),
|
||||
|
@ -982,8 +982,8 @@ listen_opt_type(certfile = Opt) ->
|
||||
fun(S) ->
|
||||
?WARNING_MSG("Listening option '~s' for ~s is deprecated, use "
|
||||
"'certfiles' global option instead", [Opt, ?MODULE]),
|
||||
ok = ejabberd_pkix:add_certfile(S),
|
||||
iolist_to_binary(S)
|
||||
{ok, File} = ejabberd_pkix:add_certfile(S),
|
||||
File
|
||||
end;
|
||||
listen_opt_type(starttls) -> fun(B) when is_boolean(B) -> B end;
|
||||
listen_opt_type(starttls_required) -> fun(B) when is_boolean(B) -> B end;
|
||||
|
@ -965,8 +965,8 @@ listen_opt_type(certfile = Opt) ->
|
||||
fun(S) ->
|
||||
?WARNING_MSG("Listening option '~s' for ~s is deprecated, use "
|
||||
"'certfiles' global option instead", [Opt, ?MODULE]),
|
||||
ok = ejabberd_pkix:add_certfile(S),
|
||||
iolist_to_binary(S)
|
||||
{ok, File} = ejabberd_pkix:add_certfile(S),
|
||||
File
|
||||
end;
|
||||
listen_opt_type(captcha) ->
|
||||
fun(B) when is_boolean(B) -> B end;
|
||||
|
@ -63,12 +63,7 @@ init(_) ->
|
||||
ets:new(?MODULE, [named_table, public]),
|
||||
ejabberd_hooks:add(config_reloaded, ?MODULE, config_reloaded, 50),
|
||||
Listeners = ejabberd_config:get_option(listen, []),
|
||||
case add_certfiles(Listeners) of
|
||||
ok ->
|
||||
{ok, {{one_for_one, 10, 1}, listeners_childspec(Listeners)}};
|
||||
{error, _} = Err ->
|
||||
Err
|
||||
end.
|
||||
{ok, {{one_for_one, 10, 1}, listeners_childspec(Listeners)}}.
|
||||
|
||||
-spec listeners_childspec([listener()]) -> [supervisor:child_spec()].
|
||||
listeners_childspec(Listeners) ->
|
||||
@ -432,20 +427,6 @@ check_rate_limit(Interval) ->
|
||||
end,
|
||||
NewInterval.
|
||||
|
||||
-spec add_certfiles([listener()]) -> ok | {error, any()}.
|
||||
add_certfiles([{_, _, Opts}|Listeners]) ->
|
||||
case lists:keyfind(certfile, 1, Opts) of
|
||||
{_, Path} ->
|
||||
case ejabberd_pkix:add_certfile(Path) of
|
||||
ok -> add_certfiles(Listeners);
|
||||
{error, _} = Err -> Err
|
||||
end;
|
||||
false ->
|
||||
add_certfiles(Listeners)
|
||||
end;
|
||||
add_certfiles([]) ->
|
||||
ok.
|
||||
|
||||
transform_option({{Port, IP, Transport}, Mod, Opts}) ->
|
||||
IPStr = if is_tuple(IP) ->
|
||||
list_to_binary(inet_parse:ntoa(IP));
|
||||
@ -652,12 +633,12 @@ listen_opt_type(supervisor) ->
|
||||
fun(B) when is_boolean(B) -> B end;
|
||||
listen_opt_type(certfile) ->
|
||||
fun(S) ->
|
||||
ok = ejabberd_pkix:add_certfile(S),
|
||||
iolist_to_binary(S)
|
||||
{ok, File} = ejabberd_pkix:add_certfile(S),
|
||||
File
|
||||
end;
|
||||
listen_opt_type(ciphers) -> fun iolist_to_binary/1;
|
||||
listen_opt_type(dhfile) -> fun misc:try_read_file/1;
|
||||
listen_opt_type(cafile) -> fun misc:try_read_file/1;
|
||||
listen_opt_type(cafile) -> fun ejabberd_pkix:try_certfile/1;
|
||||
listen_opt_type(protocol_options) ->
|
||||
fun (Options) -> str:join(Options, <<"|">>) end;
|
||||
listen_opt_type(tls_compression) ->
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -344,8 +344,8 @@ listen_opt_type(certfile = Opt) ->
|
||||
fun(S) ->
|
||||
?WARNING_MSG("Listening option '~s' for ~s is deprecated, use "
|
||||
"'certfiles' global option instead", [Opt, ?MODULE]),
|
||||
ok = ejabberd_pkix:add_certfile(S),
|
||||
iolist_to_binary(S)
|
||||
{ok, File} = ejabberd_pkix:add_certfile(S),
|
||||
File
|
||||
end.
|
||||
|
||||
listen_options() ->
|
||||
|
@ -1162,7 +1162,7 @@ opt_type(sql_username) -> fun iolist_to_binary/1;
|
||||
opt_type(sql_ssl) -> fun(B) when is_boolean(B) -> B end;
|
||||
opt_type(sql_ssl_verify) -> fun(B) when is_boolean(B) -> B end;
|
||||
opt_type(sql_ssl_certfile) -> fun ejabberd_pkix:try_certfile/1;
|
||||
opt_type(sql_ssl_cafile) -> fun misc:try_read_file/1;
|
||||
opt_type(sql_ssl_cafile) -> fun ejabberd_pkix:try_certfile/1;
|
||||
opt_type(sql_query_timeout) ->
|
||||
fun (I) when is_integer(I), I > 0 -> I end;
|
||||
opt_type(sql_connect_timeout) ->
|
||||
|
Loading…
Reference in New Issue
Block a user