feat(TLS): veriy client cert keyusage #10669
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes EMQX-9790
Summary
馃 Generated by Copilot at 4da137c
This pull request adds a new SSL verification option for listeners,
verify_peer_ext_key_usage
, which allows the user to specify extended key usage values for the peer certificate. It implements this option in theemqx_const_v2
,emqx_tls_lib
, andemqx_listeners
modules, and adds a new test suiteemqx_listener_tls_verify_keyusage_SUITE
to verify its functionality. It also modifies theemqx_test_tls_certs_helper
module to support generating certificates with different extensions and key usages.PR Checklist
Please convert it to a draft if any of the following conditions are not met. Reviewers may skip over until all the items are checked:
changes/{ce,ee}/(feat|perf|fix)-<PR-id>.en.md
files