diff options
author | Evgeniy Khramtsov <ekhramtsov@process-one.net> | 2017-05-23 09:27:52 +0300 |
---|---|---|
committer | Evgeniy Khramtsov <ekhramtsov@process-one.net> | 2017-05-23 09:27:52 +0300 |
commit | 268065e5c495cc952bcb2ad737f8c40e188d8964 (patch) | |
tree | 829bbf2528f01a24e1d4eab5bc163a624f544a97 /src/eldap.erl | |
parent | Implement cache for mod_announce (diff) |
Validate all certfiles on startup
Diffstat (limited to 'src/eldap.erl')
-rw-r--r-- | src/eldap.erl | 19 |
1 files changed, 13 insertions, 6 deletions
diff --git a/src/eldap.erl b/src/eldap.erl index 3c565e71..f4755035 100644 --- a/src/eldap.erl +++ b/src/eldap.erl @@ -130,7 +130,8 @@ port = 389 :: inet:port_number(), sockmod = gen_tcp :: ssl | gen_tcp, tls = none :: none | tls, - tls_options = [] :: [{cacertfile, string()} | + tls_options = [] :: [{certfile, string()} | + {cacertfile, string()} | {depth, non_neg_integer()} | {verify, non_neg_integer()}], fd :: gen_tcp:socket() | undefined, @@ -577,11 +578,17 @@ init([Hosts, Port, Rootdn, Passwd, Opts]) -> end; PT -> PT end, + CertOpts = case proplists:get_value(tls_certfile, Opts) of + undefined -> + []; + Path1 -> + [{certfile, Path1}] + end, CacertOpts = case proplists:get_value(tls_cacertfile, Opts) of undefined -> []; - Path -> - [{cacertfile, Path}] + Path2 -> + [{cacertfile, Path2}] end, DepthOpts = case proplists:get_value(tls_depth, Opts) of undefined -> @@ -596,11 +603,11 @@ init([Hosts, Port, Rootdn, Passwd, Opts]) -> "certfiles configured, so verification " "is disabled.", []), - []; + CertOpts; Verify == soft -> - [{verify, 1}] ++ CacertOpts ++ DepthOpts; + [{verify, 1}] ++ CertOpts ++ CacertOpts ++ DepthOpts; Verify == hard -> - [{verify, 2}] ++ CacertOpts ++ DepthOpts; + [{verify, 2}] ++ CertOpts ++ CacertOpts ++ DepthOpts; true -> [] end, {ok, connecting, |