Skip to content

Commit 2f7294f

Browse files
lukebakkenlukebakken
committed
Follow-up fix to 14655
Follow-up to rabbitmq#14655 The code to format `cacerts` and `certs_keys` needs to check if the incoming value is a list or map, and skip it if not. This is the same pattern as used in a later function head: ``` format_socket_opts([Head = {Name, Value} | Tail], Acc) when is_list(Value) -> ``` It ensures that the code won't be called again on an already-formatted value.
1 parent 5a3b62b commit 2f7294f

File tree

1 file changed

+13
-7
lines changed

1 file changed

+13
-7
lines changed

deps/rabbitmq_management_agent/src/rabbit_mgmt_format.erl

Lines changed: 13 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -284,9 +284,15 @@ listener(#listener{node = Node, protocol = Protocol,
284284
].
285285

286286
web_context(Props0) ->
287-
SslOpts = pget(ssl_opts, Props0, []),
288-
Props = proplists:delete(ssl_opts, Props0),
289-
[{ssl_opts, format_socket_opts(SslOpts)} | Props].
287+
SslOpts0 = pget(ssl_opts, Props0, []),
288+
289+
% Note: cacerts is pre-formatted by cowboy, and is a very large binary
290+
% at this point. This fixes up the output to not show the contents of
291+
% the CA certs
292+
SslOpts1 = lists:keyreplace(cacerts, 1, SslOpts0, {cacerts, truncated}),
293+
294+
Props1 = proplists:delete(ssl_opts, Props0),
295+
[{ssl_opts, format_socket_opts(SslOpts1)} | Props1].
290296

291297
has_tls_enabled(Opts) ->
292298
S = proplists:get_value(socket_opts, Opts, Opts),
@@ -318,16 +324,16 @@ format_socket_opts([{user_lookup_fun, _Value} | Tail], Acc) ->
318324
format_socket_opts([{sni_fun, _Value} | Tail], Acc) ->
319325
format_socket_opts(Tail, Acc);
320326
%% https://www.erlang.org/doc/apps/ssl/ssl.html#t:server_option_cert/0
321-
format_socket_opts([{cacerts, Cacerts} | Tail], Acc) ->
327+
format_socket_opts([{cacerts, Cacerts} | Tail], Acc) when is_list(Cacerts) ->
322328
CacertsMsg = rabbit_data_coercion:to_utf8_binary(
323329
io_lib:format("(~b cacerts entries)", [length(Cacerts)])),
324330
format_socket_opts(Tail, [{cacerts, CacertsMsg} | Acc]);
325331
%% https://www.erlang.org/doc/apps/ssl/ssl.html#t:common_option_cert/0
326332
%% https://www.erlang.org/doc/apps/ssl/ssl.html#t:cert_key_conf/0
327-
format_socket_opts([{certs_keys, CertsKeys} | Tail], Acc) ->
333+
format_socket_opts([{certs_keys, CertsKeys} | Tail], Acc) when is_list(CertsKeys) ->
328334
CertsKeysMsg = rabbit_data_coercion:to_utf8_binary(
329-
io_lib:format("(~b certs_keys entries)", [length(CertsKeys)])),
330-
format_socket_opts(Tail, [{cacerts, CertsKeysMsg} | Acc]);
335+
io_lib:format("(~b certs_keys entries)", [map_size(CertsKeys)])),
336+
format_socket_opts(Tail, [{certs_keys, CertsKeysMsg} | Acc]);
331337
%% we do not report SNI host details in the UI,
332338
%% so skip this option and avoid some recursive formatting
333339
%% complexity

0 commit comments

Comments
 (0)