@@ -112,85 +112,86 @@ maybe_add_ssl_options(Options0, true, BodyMap) ->
112112 {ok , Options2 }
113113 end .
114114
115- tls_options (BodyMap ) ->
116- case maps :get (ssl_options , BodyMap , undefined ) of
115+ tls_options (BodyMap ) when is_map_key (ssl_options , BodyMap ) ->
116+ SslOptionsMap = maps :get (ssl_options , BodyMap ),
117+ CaCertfile = maps :get (<<" cacertfile" SslOptionsMap , undefined ),
118+ CaCertPemData = maps :get (<<" cacert_pem_data" SslOptionsMap , undefined ),
119+ TlsOpts0 = case {CaCertfile , CaCertPemData } of
120+ {undefined , undefined } ->
121+ [{cacerts , public_key :cacerts_get ()}];
122+ _ ->
123+ []
124+ end ,
125+ % % NB: for some reason the "cacertfile" key isn't turned into an atom
126+ TlsOpts1 = case CaCertfile of
117127 undefined ->
118- {ok , []};
119- SslOptionsMap ->
120- CaCertfile = maps :get (<<" cacertfile" SslOptionsMap , undefined ),
121- CaCertPemData = maps :get (<<" cacert_pem_data" SslOptionsMap , undefined ),
122- TlsOpts0 = case {CaCertfile , CaCertPemData } of
123- {undefined , undefined } ->
124- [{cacerts , public_key :cacerts_get ()}];
125- _ ->
126- []
127- end ,
128- % % NB: for some reason the "cacertfile" key isn't turned into an atom
129- TlsOpts1 = case CaCertfile of
130- undefined ->
131- TlsOpts0 ;
132- CaCertfile ->
133- [{cacertfile , CaCertfile } | TlsOpts0 ]
134- end ,
135- TlsOpts2 = case CaCertPemData of
136- undefined ->
137- TlsOpts1 ;
138- CaCertPems when is_list (CaCertPems ) ->
139- F0 = fun (P ) ->
140- case public_key :pem_decode (P ) of
141- [{'Certificate' , CaCertDerEncoded , not_encrypted }] ->
142- {true , CaCertDerEncoded };
143- _Unexpected ->
144- throw ({bad_request , " unexpected cacert_pem_data passed to "
145- " /ldap/validate/simple-bind ssl_options.cacerts"
146- end
147- end ,
148- CaCertsDerEncoded = lists :filtermap (F0 , CaCertPems ),
149- [{cacerts , CaCertsDerEncoded } | TlsOpts1 ];
150- _ ->
151- TlsOpts1
152- end ,
153- TlsOpts3 = case maps :get (<<" verify" SslOptionsMap , undefined ) of
154- undefined ->
155- TlsOpts2 ;
156- Verify ->
157- VerifyStr = unicode :characters_to_list (Verify ),
158- [{verify , list_to_existing_atom (VerifyStr )} | TlsOpts2 ]
159- end ,
160- TlsOpts4 = case maps :get (<<" server_name_indication" SslOptionsMap , disable ) of
161- disable ->
162- TlsOpts3 ;
163- SniValue ->
164- SniStr = unicode :characters_to_list (SniValue ),
165- [{server_name_indication , SniStr } | TlsOpts3 ]
166- end ,
167- TlsOpts5 = case maps :get (<<" depth" SslOptionsMap , undefined ) of
168- undefined ->
169- TlsOpts4 ;
170- DepthValue ->
171- Depth = rabbit_data_coercion :to_integer (DepthValue ),
172- [{depth , Depth } | TlsOpts4 ]
128+ TlsOpts0 ;
129+ CaCertfile ->
130+ [{cacertfile , CaCertfile } | TlsOpts0 ]
131+ end ,
132+ TlsOpts2 = case CaCertPemData of
133+ undefined ->
134+ TlsOpts1 ;
135+ CaCertPems when is_list (CaCertPems ) ->
136+ F0 = fun (P ) ->
137+ case public_key :pem_decode (P ) of
138+ [{'Certificate' , CaCertDerEncoded , not_encrypted }] ->
139+ {true , CaCertDerEncoded };
140+ _Unexpected ->
141+ throw ({bad_request , " unexpected cacert_pem_data passed to "
142+ " /ldap/validate/simple-bind ssl_options.cacerts"
143+ end
173144 end ,
174- TlsOpts6 = case maps :get (<<" versions" SslOptionsMap , undefined ) of
175- undefined ->
176- TlsOpts5 ;
177- VersionStrs when is_list (VersionStrs ) ->
178- F1 = fun (VStr ) ->
179- try
180- {true , list_to_existing_atom (VStr )}
181- catch error :badarg ->
182- throw ({bad_request , " invalid TLS version passed to "
183- " /ldap/validate/simple-bind ssl_options.versions"
184- end
185- end ,
186- Versions = lists :filtermap (F1 , VersionStrs ),
187- [{versions , Versions } | TlsOpts5 ]
145+ CaCertsDerEncoded = lists :filtermap (F0 , CaCertPems ),
146+ [{cacerts , CaCertsDerEncoded } | TlsOpts1 ];
147+ _ ->
148+ TlsOpts1
149+ end ,
150+ TlsOpts3 = case maps :get (<<" verify" SslOptionsMap , undefined ) of
151+ undefined ->
152+ TlsOpts2 ;
153+ Verify ->
154+ VerifyStr = unicode :characters_to_list (Verify ),
155+ [{verify , list_to_existing_atom (VerifyStr )} | TlsOpts2 ]
156+ end ,
157+ TlsOpts4 = case maps :get (<<" server_name_indication" SslOptionsMap , disable ) of
158+ disable ->
159+ TlsOpts3 ;
160+ SniValue ->
161+ SniStr = unicode :characters_to_list (SniValue ),
162+ [{server_name_indication , SniStr } | TlsOpts3 ]
163+ end ,
164+ TlsOpts5 = case maps :get (<<" depth" SslOptionsMap , undefined ) of
165+ undefined ->
166+ TlsOpts4 ;
167+ DepthValue ->
168+ Depth = rabbit_data_coercion :to_integer (DepthValue ),
169+ [{depth , Depth } | TlsOpts4 ]
170+ end ,
171+ TlsOpts6 = case maps :get (<<" versions" SslOptionsMap , undefined ) of
172+ undefined ->
173+ TlsOpts5 ;
174+ VersionStrs when is_list (VersionStrs ) ->
175+ F1 = fun (VStr ) ->
176+ try
177+ {true , list_to_existing_atom (VStr )}
178+ catch error :badarg ->
179+ throw ({bad_request , " invalid TLS version passed to "
180+ " /ldap/validate/simple-bind ssl_options.versions"
181+ end
188182 end ,
189- TlsOpts7 = case maps :get (<<" ssl_hostname_verification" SslOptionsMap , undefined ) of
190- undefined ->
191- TlsOpts6 ;
192- " wildcard"
193- [{customize_hostname_check , [{match_fun , public_key :pkix_verify_hostname_match_fun (https )}]} | TlsOpts6 ]
194- end ,
195- {ok , TlsOpts7 }
196- end .
183+ Versions = lists :filtermap (F1 , VersionStrs ),
184+ [{versions , Versions } | TlsOpts5 ]
185+ end ,
186+ TlsOpts7 = case maps :get (<<" ssl_hostname_verification" SslOptionsMap , undefined ) of
187+ undefined ->
188+ TlsOpts6 ;
189+ " wildcard"
190+ [{customize_hostname_check , [{match_fun , public_key :pkix_verify_hostname_match_fun (https )}]} | TlsOpts6 ];
191+ _ ->
192+ throw ({bad_request , " invalid value passed to "
193+ " /ldap/validate/simple-bind ssl_options.ssl_hostname_verification"
194+ end ,
195+ {ok , TlsOpts7 };
196+ tls_options (_BodyMap ) ->
197+ {ok , []}.
0 commit comments