diff options
| author | Alexandru Scvortov <alexandru@rabbitmq.com> | 2010-09-08 14:27:40 +0100 |
|---|---|---|
| committer | Alexandru Scvortov <alexandru@rabbitmq.com> | 2010-09-08 14:27:40 +0100 |
| commit | c498b1bbcf08a3370a20bcb238ab4be1aeb9fdd9 (patch) | |
| tree | c9d518eea0ecc7118a032e2f50638a56ea7b08b4 /src | |
| parent | 27bc065a6bdaf3dba473c0ad53e4b4d66107439a (diff) | |
| download | rabbitmq-server-git-c498b1bbcf08a3370a20bcb238ab4be1aeb9fdd9.tar.gz | |
moved certificate decoding to rabbit_ssl
Diffstat (limited to 'src')
| -rw-r--r-- | src/rabbit_net.erl | 9 | ||||
| -rw-r--r-- | src/rabbit_ssl.erl | 35 |
2 files changed, 24 insertions, 20 deletions
diff --git a/src/rabbit_net.erl b/src/rabbit_net.erl index 67e00b39ae..e9f72ed0e9 100644 --- a/src/rabbit_net.erl +++ b/src/rabbit_net.erl @@ -61,8 +61,8 @@ -> rabbit_types:ok({inet:ip_address(), rabbit_networking:ip_port()}) | error()). -spec(peercert/1 :: - (rabbit_types:ssl_socket()) -> rabbit_types:ok(any()) | error()). - %% any() should be x509_certificate() + (socket() | rabbit_types:ssl_socket()) + -> rabbit_types:ok_or_error(no_ssl | rabbit_ssl:certificate())). -spec(sockname/1 :: (socket()) -> rabbit_types:ok({inet:ip_address(), rabbit_networking:ip_port()}) | @@ -112,10 +112,7 @@ peername(Sock) when is_port(Sock) -> inet:peername(Sock). peercert(Sock) when ?IS_SSL(Sock) -> - case ssl:peercert(Sock#ssl_socket.ssl) of - {ok, Cert} -> public_key:pkix_decode_cert(Cert, otp); - {error, no_peercert} -> no_peer_certificate - end; + ssl:peercert(Sock#ssl_socket.ssl); peercert(Sock) when is_port(Sock) -> nossl. diff --git a/src/rabbit_ssl.erl b/src/rabbit_ssl.erl index f44dbc3e60..092e56c337 100644 --- a/src/rabbit_ssl.erl +++ b/src/rabbit_ssl.erl @@ -36,18 +36,21 @@ -export([ssl_issuer/1, ssl_subject/1, ssl_validity/1, ssl_info/2]). +-export_type([certificate/0]). %%-------------------------------------------------------------------------- -ifdef(use_specs). --type(ssl_info_fun() :: fun((#'OTPCertificate'{}) -> string())). +-type(certificate() :: #'OTPCertificate'{}). + +-type(ssl_info_fun() :: fun((certificate()) -> string())). -spec(ssl_info/2 :: (ssl_info_fun(), #'sslsocket'{}) -> any()). --spec(ssl_issuer/1 :: (#'OTPCertificate'{}) -> string()). --spec(ssl_subject/1 :: (#'OTPCertificate'{}) -> string()). --spec(ssl_validity/1 :: (#'OTPCertificate'{}) -> string()). +-spec(ssl_issuer/1 :: (certificate()) -> string()). +-spec(ssl_subject/1 :: (certificate()) -> string()). +-spec(ssl_validity/1 :: (certificate()) -> string()). -endif. %% use_specs @@ -59,16 +62,20 @@ %% Wrapper for applying a function to a socket's certificate. ssl_info(F, Sock) -> case rabbit_net:peercert(Sock) of - nossl -> nossl; - no_peer_certificate -> no_peer_certificate; - {ok, Cert} -> - try F(Cert) %% here be dragons; decompose an undocumented - %% structure - catch - C:E -> - rabbit_log:info("Problems while processing SSL info: ~p:~p~n", - [C, E]), - unknown + {error, no_peercert} -> no_peer_certificate; + {ok, nossl} -> nossl; + {ok, Cert} -> + case public_key:pkix_decode_cert(Cert, otp) of + {ok, DecCert} -> + try F(DecCert) %% here be dragons; decompose an undocumented + %% structure + catch + C:E -> + rabbit_log:info("Problems while processing SSL info: ~p:~p~n", + [C, E]), + unknown + end; + _ -> no_peer_certificate end end. |