Skip to content

Commit ec4a97b

Browse files
michaelklishinmichaelklishin
authored
Merge pull request #14729 from rabbitmq/mergify/bp/v4.2.x/pr-14714
Follow-up fix to 14655 (backport #14714)
2 parents 47c726c + 58bd517 commit ec4a97b

File tree

1 file changed

+12
-6
lines changed

1 file changed

+12
-6
lines changed

deps/rabbitmq_management_agent/src/rabbit_mgmt_format.erl

Lines changed: 12 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -284,9 +284,15 @@ listener(#listener{node = Node, protocol = Protocol,
284284
].
285285

286286
web_context(Props0) ->
287-
SslOpts = pget(ssl_opts, Props0, []),
288-
Props = proplists:delete(ssl_opts, Props0),
289-
[{ssl_opts, format_socket_opts(SslOpts)} | Props].
287+
SslOpts0 = pget(ssl_opts, Props0, []),
288+
289+
% Note: cacerts is pre-formatted by cowboy, and is a very large binary
290+
% at this point. This fixes up the output to not show the contents of
291+
% the CA certs
292+
SslOpts1 = lists:keyreplace(cacerts, 1, SslOpts0, {cacerts, truncated}),
293+
294+
Props1 = proplists:delete(ssl_opts, Props0),
295+
[{ssl_opts, format_socket_opts(SslOpts1)} | Props1].
290296

291297
has_tls_enabled(Opts) ->
292298
S = proplists:get_value(socket_opts, Opts, Opts),
@@ -318,16 +324,16 @@ format_socket_opts([{user_lookup_fun, _Value} | Tail], Acc) ->
318324
format_socket_opts([{sni_fun, _Value} | Tail], Acc) ->
319325
format_socket_opts(Tail, Acc);
320326
%% https://www.erlang.org/doc/apps/ssl/ssl.html#t:server_option_cert/0
321-
format_socket_opts([{cacerts, Cacerts} | Tail], Acc) ->
327+
format_socket_opts([{cacerts, Cacerts} | Tail], Acc) when is_list(Cacerts) ->
322328
CacertsMsg = rabbit_data_coercion:to_utf8_binary(
323329
io_lib:format("(~b cacerts entries)", [length(Cacerts)])),
324330
format_socket_opts(Tail, [{cacerts, CacertsMsg} | Acc]);
325331
%% https://www.erlang.org/doc/apps/ssl/ssl.html#t:common_option_cert/0
326332
%% https://www.erlang.org/doc/apps/ssl/ssl.html#t:cert_key_conf/0
327-
format_socket_opts([{certs_keys, CertsKeys} | Tail], Acc) ->
333+
format_socket_opts([{certs_keys, CertsKeys} | Tail], Acc) when is_list(CertsKeys) ->
328334
CertsKeysMsg = rabbit_data_coercion:to_utf8_binary(
329335
io_lib:format("(~b certs_keys entries)", [length(CertsKeys)])),
330-
format_socket_opts(Tail, [{cacerts, CertsKeysMsg} | Acc]);
336+
format_socket_opts(Tail, [{certs_keys, CertsKeysMsg} | Acc]);
331337
%% we do not report SNI host details in the UI,
332338
%% so skip this option and avoid some recursive formatting
333339
%% complexity

0 commit comments

Comments
 (0)