feat: add ocsp stapling support to mqtt ssl listener (5.0) #10128

thalesmg · 2023-03-13T17:25:49Z

coveralls · 2023-03-14T21:07:02Z

changes/ce/feat-10067.zh.md

apps/emqx/i18n/emqx_schema_i18n.conf

qzhuyan · 2023-03-15T13:50:50Z

thalesmg · 2023-03-15T13:56:31Z

changes/ce/feat-10128.zh.md

qzhuyan · 2023-03-16T07:44:17Z

id · 2023-03-16T07:52:49Z

apps/emqx/src/emqx_tls_lib.erl

apps/emqx/src/emqx_ocsp_cache.erl

qzhuyan · 2023-03-16T08:15:36Z

zmstone · 2023-03-16T21:12:12Z

apps/emqx/src/emqx_schema.erl

+    [
+        {"enable_ocsp_stapling",
+            sc(
+                boolean(),


there had been some discussion about abusing enable flag in many places.
is it really necessary for ocsp ?
e.g. if the parent field is set to null (undefined from HOCON map), doesn't that serve as disable ?

This struct is always present because of the fields with default values, right?

We could interpret the absence of responder_url as a sign that it's disabled, but in my opinion being explicit with an enable flag is more clear than it being implicitly disabled by the absence of a certain field. 🤔

If we want to avoid using explicit configs, then we can use the absence of that field to disable it, yes.

thalesmg force-pushed the ocsp-v50-mkII branch from d7cf3b2 to 4e2a5a3 Compare March 13, 2023 20:20

thalesmg marked this pull request as ready for review March 13, 2023 21:07

thalesmg requested review from a team, JimMoen, lafirest, savonarola and sstrigler as code owners March 13, 2023 21:07

thalesmg and others added 10 commits March 14, 2023 16:08

chore: update emqtt -> 1.8.5

4880a84

Needed for OCSP / CRL tests because of a bug that makes emqtt hang forever on TLS handshake errors.

test: fix inter-suite test teardowns

65fee34

test: fix flaky tests

422597a

feat: add ocsp stapling and crl support to mqtt ssl listener

52263a0

docs: improve descriptions

8000 067747c

Co-authored-by: ieQu1 <99872536+ieQu1@users.noreply.github.com>

refactor(ocsp): add reusable type for normalized binary URLs

57e38c8

docs: improve descriptions

158f054

Co-authored-by: Zaiming (Stone) Shi <zmstone@gmail.com>

feat: save uploaded OCSP issuer pem like other ssl certs

63ef2f9

test: fix how ocsp client is run in tests

f6707d1

For some yet unknown reason the old test version using `open_port` does not work in OTP 25, but works fine in OTP 24. There are no messages at all received from The openssl client port program in OTP 25.

feat(ocsp_cache): give ocsp cache table an heir

04378f2

thalesmg force-pushed the ocsp-v50-mkII branch from 5f42583 to 04378f2 Compare March 14, 2023 19:09

qzhuyan reviewed Mar 15, 2023

View reviewed changes

changes/ce/feat-10067.zh.md Outdated Show resolved Hide resolved

qzhuyan reviewed Mar 15, 2023

View reviewed changes

apps/emqx/i18n/emqx_schema_i18n.conf Outdated Show resolved Hide resolved

qzhuyan reviewed Mar 15, 2023

View reviewed changes

apps/emqx/i18n/emqx_schema_i18n.conf Outdated Show resolved Hide resolved

qzhuyan reviewed Mar 15, 2023

View reviewed changes

apps/emqx/i18n/emqx_schema_i18n.conf Outdated Show resolved Hide resolved

docs: improve descriptions

0deb992

Co-authored-by: William Yang <mscame@gmail.com>

thalesmg force-pushed the ocsp-v50-mkII branch from 7d15405 to 0deb992 Compare March 15, 2023 13:30

thalesmg added 2 commits March 15, 2023 14:25

test: fix inter-suite flakiness

03b9507

test(resource): fix flaky test

164440f

Sometimes this test might retry more times, so we check the prefix of the trace only.

thalesmg requested a review from qzhuyan March 15, 2023 19:28

zmstone reviewed Mar 15, 2023

View reviewed changes

changes/ce/feat-10128.zh.md Outdated Show resolved Hide resolved

qzhuyan previously approved these changes Mar 16, 2023

View reviewed changes

apps/emqx/src/emqx_tls_lib.erl Outdated Show resolved Hide resolved

apps/emqx/src/emqx_ocsp_cache.erl Outdated Show resolved Hide resolved

apps/emqx/src/emqx_ocsp_cache.erl Show resolved Hide resolved

thalesmg added 3 commits March 16, 2023 09:18

refactor: rename macros

e5645a7

refactor: replace macro by simple function

d1f58d6

chore(ocsp): catch unexpected error when fetching ocsp response

a614bdc

thalesmg dismissed qzhuyan’s stale review via a614bdc March 16, 2023 12:56

docs: improve descriptions

75dad64

Co-authored-by: Zaiming (Stone) Shi <zmstone@gmail.com>

qzhuyan approved these changes Mar 16, 2023

View reviewed changes

thalesmg merged commit 91a57fa into emqx:master Mar 16, 2023

thalesmg deleted the ocsp-v50-mkII branch March 16, 2023 16:10

zmstone reviewed Mar 16, 2023

View reviewed changes

zmstone mentioned this pull request Mar 17, 2023

0317 e5.0.2 v5.0.21 code freeze #10161

Merged

chenrui333 mentioned this pull request Apr 13, 2023

emqx 5.0.22 Homebrew/homebrew-core#128268

Merged

yanzhiemq mentioned this pull request May 6, 2023

0505 prepare to cut e5.0.3 rc.1 #10614

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

feat: add ocsp stapling support to mqtt ssl listener (5.0) #10128

feat: add ocsp stapling support to mqtt ssl listener (5.0) #10128

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

5 participants

feat: add ocsp stapling support to mqtt ssl listener (5.0) #10128

feat: add ocsp stapling support to mqtt ssl listener (5.0) #10128

Uh oh!

Conversation

Uh oh!

PR Checklist

Uh oh!

Pull Request Test Coverage Report for Build 4419358589

💛 - Coveralls

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

5 participants