diff options
author | Evgeniy Khramtsov <ekhramtsov@process-one.net> | 2017-11-26 18:10:25 +0300 |
---|---|---|
committer | Evgeniy Khramtsov <ekhramtsov@process-one.net> | 2017-11-26 18:10:25 +0300 |
commit | 783ebd108003a5098d5c77834bc09adc5b71f9e9 (patch) | |
tree | ed76e9a554ad5232f22c2af3f59493898518114f /src/ejabberd_s2s.erl | |
parent | Don't crash on unexpected XML events (diff) |
Introduce option 'ca_file'
The option is supposed to be used as a fallback for certificates
validation. For instance, the option will be used if 's2s_cafile'
option is not set. The value should be a path to a file containing
CA certificate(s) in PEM format, e.g.:
ca_file: "/etc/ssl/certs/ca-bundle.pem"
Diffstat (limited to 'src/ejabberd_s2s.erl')
-rw-r--r-- | src/ejabberd_s2s.erl | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/src/ejabberd_s2s.erl b/src/ejabberd_s2s.erl index 1e389d712..67f242122 100644 --- a/src/ejabberd_s2s.erl +++ b/src/ejabberd_s2s.erl @@ -222,8 +222,7 @@ tls_options(LServer, DefaultOpts) -> DHFile -> lists:keystore(dhfile, 1, TLSOpts3, {dhfile, DHFile}) end, - TLSOpts5 = case ejabberd_config:get_option( - {s2s_cafile, LServer}) of + TLSOpts5 = case get_cafile(LServer) of undefined -> TLSOpts4; CAFile -> lists:keystore(cafile, 1, TLSOpts4, {cafile, CAFile}) @@ -267,7 +266,7 @@ queue_type(LServer) -> {s2s_queue_type, LServer}, ejabberd_config:default_queue_type(LServer)). --spec get_certfile(binary()) -> file:filename_all(). +-spec get_certfile(binary()) -> file:filename_all() | undefined. get_certfile(LServer) -> case ejabberd_pkix:get_certfile(LServer) of {ok, CertFile} -> @@ -278,6 +277,15 @@ get_certfile(LServer) -> ejabberd_config:get_option({s2s_certfile, LServer})) end. +-spec get_cafile(binary()) -> file:filename_all() | undefined. +get_cafile(LServer) -> + case ejabberd_config:get_option({s2s_cafile, LServer}) of + undefined -> + ejabberd_pkix:ca_file(); + File -> + File + end. + %%==================================================================== %% gen_server callbacks %%==================================================================== |