diff options
| author | Jean-Sebastien Pedron <jean-sebastien@rabbitmq.com> | 2014-12-26 15:13:52 +0100 |
|---|---|---|
| committer | Jean-Sebastien Pedron <jean-sebastien@rabbitmq.com> | 2014-12-26 15:13:52 +0100 |
| commit | 9a6a61d3847c9a25af4252337e64528386d0bf73 (patch) | |
| tree | 9994de81fc9a57e62f6d65adcf99c05bcf3a3277 /packaging | |
| parent | 4ccccceaaa0a41532ebc15b7572b729af09d2834 (diff) | |
| download | rabbitmq-server-git-9a6a61d3847c9a25af4252337e64528386d0bf73.tar.gz | |
Rework SSL's verify_fun support
Until now, only the legacy form was supported (the one existing
in Erlang up-to R13B). The user would use the following RabbitMQ
configuration:
{ssl_options, [
{verify_fun, {Module, Function}}
]}
This is converted to the following ssl option:
{ssl_options, [
{verify_fun, fun(Errors) ->
Module:Function(Errors)
end}
]}
Although this form is still supported by Erlang R14B+, this is
undocumented and some users complain about RabbitMQ not matching the
expected behaviour, according to ssl's documentation.
Now, the new form is supported as well. Here's what the user would
configure:
{ssl_options, [
{verify_fun, {Module, Function, InitialUserState}}
]}
or:
{ssl_options, [
{verify_fun, {Module, Function}}
]}
This is converted to the new form:
{ssl_options, [
{verify_fun, {fun(OtpCert, Event, State) ->
Module:Function(OtpCert, Event, State)
end,
InitialUserState
}}
]}
To determine which form to use, we look at the version of the ssl
application:
o 4.0.1+: We check if Module:Function/3 is exported and use the new
form. If Module:Function/1 is exported, we use the old form. If
both are exported, the new form is preferred. If InitialUserState
is unspecified, 'none' is used.
o Before 4.0.1: We use the legacy form only.
If Module can't be loaded or if the expected Function/Arity is not
exported, an error is logged and RabbitMQ fails to start.
Diffstat (limited to 'packaging')
0 files changed, 0 insertions, 0 deletions