diff options
author | Michael Klishin <michael@rabbitmq.com> | 2014-10-20 11:21:46 +0400 |
---|---|---|
committer | Michael Klishin <michael@rabbitmq.com> | 2014-10-20 11:21:46 +0400 |
commit | 517e2c9e316bdeaa0c70dbb83f5da05b3f15b5a4 (patch) | |
tree | b3057c8faf16a5f556b28fa6939786550197cbcf | |
parent | bdaad6d911c337a1b477bd423bd47001ff733508 (diff) | |
download | rabbitmq-server-517e2c9e316bdeaa0c70dbb83f5da05b3f15b5a4.tar.gz |
Handle edge cases, log enabled TLS/SSL versions
-rw-r--r-- | src/rabbit_networking.erl | 25 |
1 files changed, 19 insertions, 6 deletions
diff --git a/src/rabbit_networking.erl b/src/rabbit_networking.erl index 4e92bf39..8a5c6f9e 100644 --- a/src/rabbit_networking.erl +++ b/src/rabbit_networking.erl @@ -143,26 +143,39 @@ start() -> rabbit_sup:start_supervisor_child( [{local, rabbit_tcp_client_sup}, {rabbit_connection_sup,start_link,[]}]). +-define(ENABLED_TLS_VERSIONS, ['tlsv1.2','tlsv1.1',tlsv1]). + ensure_ssl() -> {ok, SslAppsConfig} = application:get_env(rabbit, ssl_apps), ok = app_utils:start_applications(SslAppsConfig), {ok, SslOptsConfig} = application:get_env(rabbit, ssl_options), - - case rabbit_misc:pget(verify_fun, SslOptsConfig) of + SslOptsConfig1 = case rabbit_misc:pget(versions, SslOptsConfig) of + undefined -> + rabbit_misc:pset(versions, ?ENABLED_TLS_VERSIONS, + SslOptsConfig); + [] -> + rabbit_misc:pset(versions, ?ENABLED_TLS_VERSIONS, + SslOptsConfig); + Val -> + SslOptsConfig + end, + rabbit_log:info("Enabled TLS/SSL versions: ~p~n", + [rabbit_misc:pget(versions, SslOptsConfig1)]), + case rabbit_misc:pget(verify_fun, SslOptsConfig1) of {Module, Function} -> rabbit_misc:pset(verify_fun, fun (ErrorList) -> Module:Function(ErrorList) - end, SslOptsConfig); + end, SslOptsConfig1); undefined -> % unknown_ca errors are silently ignored prior to R14B unless we % supply this verify_fun - remove when at least R14B is required - case proplists:get_value(verify, SslOptsConfig, verify_none) of - verify_none -> SslOptsConfig; + case proplists:get_value(verify, SslOptsConfig1, verify_none) of + verify_none -> SslOptsConfig1; verify_peer -> [{verify_fun, fun([]) -> true; ([_|_]) -> false end} - | SslOptsConfig] + | SslOptsConfig1] end end. |