Skip to content

Commit

Permalink
fix: fast fail on invalid ssl options
Browse files Browse the repository at this point in the history
  • Loading branch information
terry-xiaoyu committed Aug 5, 2024
1 parent 7e9e98f commit 6e30ef0
Show file tree
Hide file tree
Showing 3 changed files with 10 additions and 5 deletions.
2 changes: 1 addition & 1 deletion src/esockd.app.src
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
{application, esockd,
[{description, "General Non-blocking TCP/SSL and UDP/DTLS Server"},
{id, "esockd"},
{vsn, "5.9.7"},
{vsn, git},
{modules, []},
{registered, []},
{applications, [kernel, stdlib, sasl, ssl, public_key]},
Expand Down
6 changes: 5 additions & 1 deletion src/esockd_acceptor_sup.erl
Original file line number Diff line number Diff line change
Expand Up @@ -126,7 +126,11 @@ ssl_upgrade_fun(Type, Opts) ->
end,
case proplists:get_value(Key, Opts) of
undefined -> [];
SslOpts -> [esockd_transport:ssl_upgrade_fun(SslOpts)]
SslOpts ->
%% validate ssl options and prevent the listener from starting if
%% validation failed
_ = ssl:handle_options(SslOpts, server, undefined),
[esockd_transport:ssl_upgrade_fun(SslOpts)]
end.

tune_socket(Sock, []) ->
Expand Down
7 changes: 4 additions & 3 deletions test/esockd_SUITE.erl
Original file line number Diff line number Diff line change
Expand Up @@ -404,9 +404,10 @@ t_update_tls_options(Config) ->
[{ssl_options, SslOpts1}, {connection_mfargs, echo_server}]),
{ok, Sock1} = ssl:connect("localhost", LPort, ClientSslOpts, 1000),

ok = esockd:set_options({echo_tls, LPort}, [{ssl_options, [{verify, verify_peer}]}]),
?assertEqual( {error, closed}
, ssl:connect("localhost", LPort, ClientSslOpts, 1000)),
?assertError(
{badmatch, {error, {options, incompatible, [{verify, verify_peer}, {cacerts, undefined}]}}},
esockd:set_options({echo_tls, LPort}, [{ssl_options, [{verify, verify_peer}]}])
),

ok = esockd:set_options({echo_tls, LPort}, [{ssl_options, SslOpts2}]),
{ok, Sock2} = ssl:connect("localhost", LPort, ClientSslOpts, 1000),
Expand Down

0 comments on commit 6e30ef0

Please sign in to comment.