fix(emqx_schema): use non negative integer type for 'depth' SSL option

Closes: EMQX-10276

apps/emqx/src/emqx_schema.erl

@@ -2044,7 +2044,7 @@ common_ssl_opts_schema(Defaults, Type) ->
             )},
         {"depth",
             sc(
-                integer(),
+                non_neg_integer(),
                 #{
                     default => Df("depth", 10),
                     desc => ?DESC(common_ssl_opts_schema_depth)

apps/emqx/test/emqx_schema_tests.erl

@@ -106,6 +106,14 @@ ssl_opts_version_gap_test_() ->
      || S <- [Sc, RanchSc]
     ].
 
+ssl_opts_cert_depth_test() ->
+    Sc = emqx_schema:server_ssl_opts_schema(#{}, false),
+    Reason = #{expected_type => "non_neg_integer()"},
+    ?assertThrow(
+        {_Sc, [#{kind := validation_error, reason := Reason}]},
+        validate(Sc, #{<<"depth">> => -1})
+    ).
+
 bad_cipher_test() ->
     Sc = emqx_schema:server_ssl_opts_schema(#{}, false),
     Reason = {bad_ciphers, ["foo"]},

changes/ce/fix-11051.en.md

@@ -0,0 +1 @@
+Add validation to ensure that certificate 'depth' (listener SSL option) is a non negative integer.