summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/rabbit_reader.erl16
-rw-r--r--src/rabbit_ssl.erl47
2 files changed, 25 insertions, 38 deletions
diff --git a/src/rabbit_reader.erl b/src/rabbit_reader.erl
index 559b57a8c9..669331664e 100644
--- a/src/rabbit_reader.erl
+++ b/src/rabbit_reader.erl
@@ -822,9 +822,12 @@ i(peer_address, #v1{sock = Sock}) ->
i(peer_port, #v1{sock = Sock}) ->
{ok, {_, P}} = rabbit_net:peername(Sock),
P;
-i(peer_cert_issuer, #v1{sock = Sock}) -> rabbit_ssl:peer_cert_issuer(Sock);
-i(peer_cert_subject, #v1{sock = Sock}) -> rabbit_ssl:peer_cert_subject(Sock);
-i(peer_cert_validity, #v1{sock = Sock}) -> rabbit_ssl:peer_cert_validity(Sock);
+i(peer_cert_issuer, #v1{sock = Sock}) ->
+ cert_info(fun rabbit_ssl:peer_cert_issuer/1, Sock);
+i(peer_cert_subject, #v1{sock = Sock}) ->
+ cert_info(fun rabbit_ssl:peer_cert_subject/1, Sock);
+i(peer_cert_validity, #v1{sock = Sock}) ->
+ cert_info(fun rabbit_ssl:peer_cert_validity/1, Sock);
i(SockStat, #v1{sock = Sock}) when SockStat =:= recv_oct;
SockStat =:= recv_cnt;
SockStat =:= send_oct;
@@ -859,6 +862,13 @@ i(client_properties, #v1{connection = #connection{
i(Item, #v1{}) ->
throw({bad_argument, Item}).
+cert_info(F, Sock) ->
+ case rabbit_net:peercert(Sock) of
+ nossl -> '';
+ {error, no_peercert} -> '';
+ {ok, Cert} -> F(Cert)
+ end.
+
%%--------------------------------------------------------------------------
send_to_new_channel(Channel, AnalyzedFrame, State) ->
diff --git a/src/rabbit_ssl.erl b/src/rabbit_ssl.erl
index f7da832519..75df8796d7 100644
--- a/src/rabbit_ssl.erl
+++ b/src/rabbit_ssl.erl
@@ -46,9 +46,9 @@
-type(certificate() :: #'OTPCertificate'{}).
--spec(peer_cert_issuer/1 :: (rabbit_net:socket()) -> string()).
--spec(peer_cert_subject/1 :: (rabbit_net:socket()) -> string()).
--spec(peer_cert_validity/1 :: (rabbit_net:socket()) -> string()).
+-spec(peer_cert_issuer/1 :: (certificate()) -> string()).
+-spec(peer_cert_subject/1 :: (certificate()) -> string()).
+-spec(peer_cert_validity/1 :: (certificate()) -> string()).
-endif.
@@ -57,59 +57,36 @@
%%--------------------------------------------------------------------------
%% Return a string describing the certificate's issuer.
-peer_cert_issuer(Sock) ->
+peer_cert_issuer(Cert) ->
cert_info(fun(#'OTPCertificate' {
tbsCertificate = #'OTPTBSCertificate' {
issuer = Issuer }}) ->
format_rdn_sequence(Issuer)
- end, Sock).
+ end, Cert).
%% Return a string describing the certificate's subject, as per RFC4514.
-peer_cert_subject(Sock) ->
+peer_cert_subject(Cert) ->
cert_info(fun(#'OTPCertificate' {
tbsCertificate = #'OTPTBSCertificate' {
subject = Subject }}) ->
format_rdn_sequence(Subject)
- end, Sock).
+ end, Cert).
%% Return a string describing the certificate's validity.
-peer_cert_validity(Sock) ->
+peer_cert_validity(Cert) ->
cert_info(fun(#'OTPCertificate' {
tbsCertificate = #'OTPTBSCertificate' {
validity = {'Validity', Start, End} }}) ->
lists:flatten(
io_lib:format("~s - ~s", [format_asn1_value(Start),
format_asn1_value(End)]))
- end, Sock).
+ end, Cert).
%%--------------------------------------------------------------------------
-%% Wrapper for applying a function to a socket's certificate.
-cert_info(F, Sock) ->
- case rabbit_net:peercert(Sock) of
- {error, no_peercert} -> no_peer_certificate;
- {error, E} -> rabbit_log:warning("cannot obtain cert: "
- "~p~n", [E]),
- no_peer_certificate;
- nossl -> nossl;
- {ok, Cert} ->
- case public_key:pkix_decode_cert(Cert, otp) of
- {ok, DecCert} ->
- %% here be dragons; decompose an undocumented
- %% structure
- try
- F(DecCert)
- catch
- C:E ->
- rabbit_log:info("failure in processing SSL info: "
- "~p:~p~n", [C, E]),
- unknown
- end;
- {error, E} ->
- rabbit_log:warning("error decoding cert: ~p~n", [E]),
- no_peer_certificate
- end
- end.
+cert_info(F, Cert) ->
+ {ok, DecCert} = public_key:pkix_decode_cert(Cert, otp),
+ F(DecCert).
%%--------------------------------------------------------------------------
%% Formatting functions
View Lorry Controller Status