fix(otp26): fix SSL compatibility for OTP 26

There is no need to add appup instructions for changed modules because they are only type spec changes
emqx · Oct 13, 2023 · 4b85060 · 4b85060
1 parent 0b8b2a6
commit 4b85060
Show file tree

Hide file tree

Showing 9 changed files with 47 additions and 28 deletions.
diff --git a/include/esockd.hrl b/include/esockd.hrl
@@ -65,4 +65,10 @@
 
 -define(IS_PROXY(Sock), is_record(Sock, proxy_socket)).
 
--endif.
+-if(?OTP_RELEASE >= 26).
+-type ssl_option() :: ssl:tls_option().
+-else.
+-type ssl_option() :: ssl:ssl_option().
+-endif. % OTP_RELEASE
+
+-endif. % ESOCKD_HRL
diff --git a/src/esockd.app.src b/src/esockd.app.src
@@ -4,7 +4,7 @@
   {vsn, "5.9.7"},
   {modules, []},
   {registered, []},
-  {applications, [kernel, stdlib, sasl, ssl]},
+  {applications, [kernel, stdlib, sasl, ssl, public_key]},
   {mod, {esockd_app, []}},
   {env, []},
   {licenses, ["Apache-2.0"]},

diff --git a/src/esockd.erl b/src/esockd.erl
@@ -104,8 +104,8 @@
 
 -type(host() :: inet:ip_address() | string()).
 -type(listen_on() :: inet:port_number() | {host(), inet:port_number()}).
--type ssl_options() :: [{handshake_timeout, pos_integer()} | ssl:ssl_option()].
--type dtls_options() :: [{handshake_timeout, pos_integer()} | ssl:ssl_option()].
+-type ssl_options() :: [{handshake_timeout, pos_integer()} | ssl_option()].
+-type dtls_options() :: [{handshake_timeout, pos_integer()} | ssl_option()].
 
 %%--------------------------------------------------------------------
 %% APIs

diff --git a/src/esockd_generic_limiter.erl b/src/esockd_generic_limiter.erl
@@ -17,6 +17,7 @@
 -module(esockd_generic_limiter).
 
 -export([create/1, consume/2, delete/1]).
+-export_type([limiter/0, create_options/0, consume_result/0]).
 
 -type pause_time() :: non_neg_integer().
 
@@ -40,8 +41,6 @@
 
 -callback delete(limiter()) -> ok.
 
--export_type([limiter/0, create_options/0, consume_result/0]).
-
 %%--------------------------------------------------------------------
 %% Callbacks
 %%--------------------------------------------------------------------

diff --git a/src/esockd_limiter.erl b/src/esockd_limiter.erl
@@ -134,13 +134,9 @@ pause_time(Name, Now) ->
             max(1, LastTime + (Interval * 1000) - Now)
     end.
 
-%% The dialyzer cannot support this type specification
--dialyzer({nowarn_function, delete/1}).
--spec delete(esockd_generic_limiter:limter()) -> ok;
-            (bucket_name()) -> ok.
+-spec delete(esockd_generic_limiter:limiter() | bucket_name()) -> ok.
 delete(#{name := Name}) ->
     delete(Name);
-
 delete(Name) ->
     gen_server:cast(?SERVER, {delete, Name}).
 

diff --git a/src/esockd_transport.erl b/src/esockd_transport.erl
@@ -378,7 +378,7 @@ shutdown(#proxy_socket{socket = Sock}, How) ->
     shutdown(Sock, How).
 
 %% @doc TCP/DTLS socket -> #ssl_socket{}
--spec(ssl_upgrade_fun([ssl:ssl_option()]) -> esockd:sock_fun()).
+-spec(ssl_upgrade_fun([ssl_option()]) -> esockd:sock_fun()).
 ssl_upgrade_fun(SslOpts) ->
     {Timeout, SslOpts1} = take_handshake_timeout(SslOpts),
     {GCAfterHandshake, SslOpts2} = take_gc_after_handshake(SslOpts1),

diff --git a/test/esockd_SUITE.erl b/test/esockd_SUITE.erl
@@ -91,13 +91,15 @@ t_open_dtls(Config) ->
     DtlsOpts = [{mode, binary},
                 {reuseaddr, true},
                 {certfile, esockd_ct:certfile(Config)},
-                {keyfile,  esockd_ct:keyfile(Config)}
+                {keyfile,  esockd_ct:keyfile(Config)},
+                {verify, verify_none}
                ],
     {ok, _} = esockd:open_dtls(echo, 5000, [{dtls_options, DtlsOpts}],
                                {dtls_echo_server, start_link, []}),
     {ok, Sock} = ssl:connect({127,0,0,1}, 5000, [binary,
                                                  {protocol, dtls},
-                                                 {active, false}
+                                                 {active, false},
+                                                 {verify, verify_none}
                                                 ], 5000),
     ok = ssl:send(Sock, <<"Hi">>),
     {ok, <<"Hi">>} = ssl:recv(Sock, 0, 3000),
@@ -242,11 +244,13 @@ t_get_current_connections(Config) ->
     DtlsOpts = [{mode, binary},
                 {reuseaddr, true},
                 {certfile, esockd_ct:certfile(Config)},
-                {keyfile, esockd_ct:keyfile(Config)}
+                {keyfile, esockd_ct:keyfile(Config)},
+                {verify, verify_none}
                ],
+    ClientOpts = [binary, {protocol, dtls}, {verify, verify_none}],
     {ok, _LSup1} = esockd:open_dtls(dtls_echo, 7000, [{dtls_options, DtlsOpts}], {dtls_echo_server, start_link, []}),
-    {ok, DtlsSock1} = ssl:connect({127,0,0,1}, 7000, [binary, {protocol, dtls}], 5000),
-    {ok, DtlsSock2} = ssl:connect({127,0,0,1}, 7000, [binary, {protocol, dtls}], 5000),
+    {ok, DtlsSock1} = ssl:connect({127,0,0,1}, 7000, ClientOpts, 5000),
+    {ok, DtlsSock2} = ssl:connect({127,0,0,1}, 7000, ClientOpts, 5000),
     timer:sleep(10),
     ?assertEqual(2, esockd:get_current_connections({dtls_echo, 7000})),
     ok = ssl:close(DtlsSock1),
@@ -277,11 +281,13 @@ t_get_shutdown_count(Config) ->
     DtlsOpts = [{mode, binary},
                 {reuseaddr, true},
                 {certfile, esockd_ct:certfile(Config)},
-                {keyfile, esockd_ct:keyfile(Config)}
+                {keyfile, esockd_ct:keyfile(Config)},
+                {verify, verify_none}
                ],
+    ClientOpts = [binary, {protocol, dtls}, {verify, verify_none}],
     {ok, _LSup1} = esockd:open_dtls(dtls_echo, 7000, [{dtls_options, DtlsOpts}], {dtls_echo_server, start_link, []}),
-    {ok, DtlsSock1} = ssl:connect({127,0,0,1}, 7000, [binary, {protocol, dtls}], 5000),
-    {ok, DtlsSock2} = ssl:connect({127,0,0,1}, 7000, [binary, {protocol, dtls}], 5000),
+    {ok, DtlsSock1} = ssl:connect({127,0,0,1}, 7000, ClientOpts, 5000),
+    {ok, DtlsSock2} = ssl:connect({127,0,0,1}, 7000, ClientOpts, 5000),
     ok = ssl:close(DtlsSock1),
     ok = ssl:close(DtlsSock2),
     timer:sleep(200),

diff --git a/test/esockd_dtls_SUITE.erl b/test/esockd_dtls_SUITE.erl
@@ -38,15 +38,20 @@ t_dtls_server(Config) ->
     DtlsOpts = [{mode, binary},
                 {reuseaddr, true},
                 {certfile, esockd_ct:certfile(Config)},
-                {keyfile, esockd_ct:keyfile(Config)}
+                {keyfile, esockd_ct:keyfile(Config)},
+                {verify, verify_none}
                ],
     Options = [{acceptors, 4},
                {max_connections, 1000},
                {max_conn_rate, 10},
                {dtls_options, DtlsOpts}],
 
+    ClientOpts = [binary,
+                  {protocol, dtls},
+                  {active, false},
+                  {verify, verify_none}],
     {ok, _} = esockd:open_dtls('echo/dtls', 9876, Options, {?MODULE, dtls_echo_init, []}),
-    {ok, Sock} = ssl:connect({127,0,0,1}, 9876, [binary, {protocol, dtls}, {active, false}], 5000),
+    {ok, Sock} = ssl:connect({127,0,0,1}, 9876, ClientOpts, 5000),
     ok = ssl:send(Sock, <<"hello">>),
     {ok, <<"hello">>} = ssl:recv(Sock, 5, 3000),
     ok = ssl:send(Sock, <<"world">>),

diff --git a/test/esockd_transport_SUITE.erl b/test/esockd_transport_SUITE.erl
@@ -90,9 +90,11 @@ t_send_recv_tcp(_) ->
 t_send_ssl(Config) ->
     ssl:start(),
     SslOpts = [{certfile, esockd_ct:certfile(Config)},
-               {keyfile, esockd_ct:keyfile(Config)}],
+               {keyfile, esockd_ct:keyfile(Config)},
+               {verify, verify_none}
+              ],
     {ok, _} = esockd:open(echo, 8883, [{ssl_options, SslOpts}], {echo_server, start_link, []}),
-    {ok, SslSock} = ssl:connect({127,0,0,1}, 8883, [], 3000),
+    {ok, SslSock} = ssl:connect({127,0,0,1}, 8883, [{verify, verify_none}], 3000),
     ok = esockd_transport:send(#ssl_socket{ssl = SslSock}, <<"Hello">>),
     ok = esockd_transport:close(#ssl_socket{ssl = SslSock}),
     ok = esockd:close(echo, 8883).
@@ -101,9 +103,11 @@ t_send_ssl_gc_after_handshake(Config) ->
     ssl:start(),
     SslOpts = [{certfile, esockd_ct:certfile(Config)},
                {keyfile, esockd_ct:keyfile(Config)},
-               {gc_after_handshake, true}],
+               {gc_after_handshake, true},
+               {verify, verify_none}
+              ],
     {ok, _} = esockd:open(echo, 8883, [{ssl_options, SslOpts}], {echo_server, start_link, []}),
-    {ok, SslSock} = ssl:connect({127,0,0,1}, 8883, [], 3000),
+    {ok, SslSock} = ssl:connect({127,0,0,1}, 8883, [{verify, verify_none}], 3000),
     ok = esockd_transport:send(#ssl_socket{ssl = SslSock}, <<"Hello">>),
     ok = esockd_transport:close(#ssl_socket{ssl = SslSock}),
     ok = esockd:close(echo, 8883).
@@ -220,9 +224,12 @@ t_peersni_ssl_disabled_sni(Config) ->
     ssl:start(),
     SslOpts = [{certfile, esockd_ct:certfile(Config)},
                {keyfile, esockd_ct:keyfile(Config)},
-               {gc_after_handshake, true}],
+               {gc_after_handshake, true},
+               {verify, verify_none}
+              ],
+    ClientSslOpts = [{server_name_indication, disable}, {verify, verify_none}],
     {ok, _} = esockd:open(echo, 8883, [{ssl_options, SslOpts}], {?MODULE, start_link_peersni, [disable]}),
-    {ok, SslSock} = ssl:connect("localhost", 8883, [{server_name_indication, disable}], 3000),
+    {ok, SslSock} = ssl:connect("localhost", 8883, ClientSslOpts, 3000),
     ok = ssl:send(SslSock, <<"Hello">>),
     receive
         {ssl, _, "Hello"} -> ok