Skip to content

Commit b1ca0b5

Browse files
michaelklishinmichaelklishin
authored
Merge pull request #15185 from rabbitmq/mergify/bp/v4.2.x/pr-15184
Correctly add `customize_hostname_check` to `ssl` options (backport #15184)
2 parents 58b8c12 + d239bbc commit b1ca0b5

File tree

1 file changed

+13
-10
lines changed

1 file changed

+13
-10
lines changed

deps/rabbitmq_auth_backend_http/src/rabbit_auth_backend_http.erl

Lines changed: 13 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -25,6 +25,8 @@
2525

2626
-define(SUCCESSFUL_RESPONSE_CODES, [200, 201]).
2727

28+
-define(APP, rabbitmq_auth_backend_http).
29+
2830
%%--------------------------------------------------------------------
2931

3032
description() ->
@@ -177,7 +179,7 @@ do_http_req(Path0, Query) ->
177179
{host, Host} = lists:keyfind(host, 1, URI),
178180
{port, Port} = lists:keyfind(port, 1, URI),
179181
HostHdr = rabbit_misc:format("~ts:~b", [Host, Port]),
180-
{ok, Method} = application:get_env(rabbitmq_auth_backend_http, http_method),
182+
{ok, Method} = application:get_env(?APP, http_method),
181183
Request = case rabbit_data_coercion:to_atom(Method) of
182184
get ->
183185
Path = Path0 ++ "?" ++ Query,
@@ -188,12 +190,12 @@ do_http_req(Path0, Query) ->
188190
{Path0, [{"Host", HostHdr}], "application/x-www-form-urlencoded", Query}
189191
end,
190192
RequestTimeout =
191-
case application:get_env(rabbitmq_auth_backend_http, request_timeout) of
193+
case application:get_env(?APP, request_timeout) of
192194
{ok, Val1} -> Val1;
193195
_ -> infinity
194196
end,
195197
ConnectionTimeout =
196-
case application:get_env(rabbitmq_auth_backend_http, connection_timeout) of
198+
case application:get_env(?APP, connection_timeout) of
197199
{ok, Val2} -> Val2;
198200
_ -> RequestTimeout
199201
end,
@@ -212,23 +214,24 @@ do_http_req(Path0, Query) ->
212214
end.
213215

214216
ssl_options() ->
215-
case application:get_env(rabbitmq_auth_backend_http, ssl_options) of
216-
{ok, Opts0} when is_list(Opts0) ->
217-
Opts1 = [{ssl, rabbit_ssl_options:fix_client(Opts0)}],
218-
case application:get_env(rabbitmq_auth_backend_http, ssl_hostname_verification) of
217+
case application:get_env(?APP, ssl_options) of
218+
{ok, SslOpts0} when is_list(SslOpts0) ->
219+
SslOpts1 = rabbit_ssl_options:fix_client(SslOpts0),
220+
case application:get_env(?APP, ssl_hostname_verification) of
219221
{ok, wildcard} ->
220222
?LOG_DEBUG("Enabling wildcard-aware hostname verification for HTTP client connections"),
221223
%% Needed for HTTPS connections that connect to servers that use wildcard certificates.
222224
%% See https://erlang.org/doc/man/public_key.html#pkix_verify_hostname_match_fun-1.
223-
[{customize_hostname_check, [{match_fun, public_key:pkix_verify_hostname_match_fun(https)}]} | Opts1];
225+
SslOpts2 = [{customize_hostname_check, [{match_fun, public_key:pkix_verify_hostname_match_fun(https)}]} | SslOpts1],
226+
[{ssl, SslOpts2}];
224227
_ ->
225-
Opts1
228+
[{ssl, SslOpts1}]
226229
end;
227230
_ -> []
228231
end.
229232

230233
p(PathName) ->
231-
{ok, Path} = application:get_env(rabbitmq_auth_backend_http, PathName),
234+
{ok, Path} = application:get_env(?APP, PathName),
232235
Path.
233236

234237
q(Args) ->

0 commit comments

Comments
 (0)