From 6b911b857992ec4899896e2579e2d6fef5437549 Mon Sep 17 00:00:00 2001 From: Shawn <506895667@qq.com> Date: Mon, 5 Aug 2024 15:31:55 +0800 Subject: [PATCH] fix: fast fail on invalid ssl options --- src/esockd.app.src | 2 +- src/esockd_acceptor_sup.erl | 6 +++++- test/esockd_SUITE.erl | 7 ++++--- 3 files changed, 10 insertions(+), 5 deletions(-) diff --git a/src/esockd.app.src b/src/esockd.app.src index 2e3cdc6..32fe1af 100644 --- a/src/esockd.app.src +++ b/src/esockd.app.src @@ -1,7 +1,7 @@ {application, esockd, [{description, "General Non-blocking TCP/SSL and UDP/DTLS Server"}, {id, "esockd"}, - {vsn, "5.9.7"}, + {vsn, git}, {modules, []}, {registered, []}, {applications, [kernel, stdlib, sasl, ssl, public_key]}, diff --git a/src/esockd_acceptor_sup.erl b/src/esockd_acceptor_sup.erl index a6ca519..d9ec1dc 100644 --- a/src/esockd_acceptor_sup.erl +++ b/src/esockd_acceptor_sup.erl @@ -126,7 +126,11 @@ ssl_upgrade_fun(Type, Opts) -> end, case proplists:get_value(Key, Opts) of undefined -> []; - SslOpts -> [esockd_transport:ssl_upgrade_fun(SslOpts)] + SslOpts -> + %% validate ssl options and prevent the listener from starting if + %% validation failed + _ = ssl:handle_options(SslOpts, server, undefined), + [esockd_transport:ssl_upgrade_fun(SslOpts)] end. tune_socket(Sock, []) -> diff --git a/test/esockd_SUITE.erl b/test/esockd_SUITE.erl index 62e474d..3f041b8 100644 --- a/test/esockd_SUITE.erl +++ b/test/esockd_SUITE.erl @@ -404,9 +404,10 @@ t_update_tls_options(Config) -> [{ssl_options, SslOpts1}, {connection_mfargs, echo_server}]), {ok, Sock1} = ssl:connect("localhost", LPort, ClientSslOpts, 1000), - ok = esockd:set_options({echo_tls, LPort}, [{ssl_options, [{verify, verify_peer}]}]), - ?assertEqual( {error, closed} - , ssl:connect("localhost", LPort, ClientSslOpts, 1000)), + ?assertError( + {badmatch, _}, + esockd:set_options({echo_tls, LPort}, [{ssl_options, [{verify, verify_peer}]}]) + ), ok = esockd:set_options({echo_tls, LPort}, [{ssl_options, SslOpts2}]), {ok, Sock2} = ssl:connect("localhost", LPort, ClientSslOpts, 1000),