You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by ga...@apache.org on 2014/02/03 11:12:36 UTC
[12/22] couchdb commit: updated refs/heads/paginate-api-options to
5d2a6f9
Allow cacertfile without verifying peers
COUCHDB-2028
Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/2d080449
Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/2d080449
Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/2d080449
Branch: refs/heads/paginate-api-options
Commit: 2d080449ae8f1b66bcb90e90dcc8e41022f4584c
Parents: cd0193f
Author: Robert Newson <rn...@apache.org>
Authored: Sun Jan 12 11:57:41 2014 +0000
Committer: Robert Newson <rn...@apache.org>
Committed: Thu Jan 30 11:38:53 2014 +0000
----------------------------------------------------------------------
src/couchdb/couch_httpd.erl | 81 ++++++++++++++++------------------------
1 file changed, 33 insertions(+), 48 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/couchdb/blob/2d080449/src/couchdb/couch_httpd.erl
----------------------------------------------------------------------
diff --git a/src/couchdb/couch_httpd.erl b/src/couchdb/couch_httpd.erl
index 9245f4b..acc20d7 100644
--- a/src/couchdb/couch_httpd.erl
+++ b/src/couchdb/couch_httpd.erl
@@ -39,57 +39,42 @@ start_link(http) ->
start_link(?MODULE, [{port, Port}]);
start_link(https) ->
Port = couch_config:get("ssl", "port", "6984"),
- CertFile = couch_config:get("ssl", "cert_file", nil),
- KeyFile = couch_config:get("ssl", "key_file", nil),
- Options = case CertFile /= nil andalso KeyFile /= nil of
+ ServerOpts0 =
+ [{cacertfile, couch_config:get("ssl", "cacert_file", nil)},
+ {keyfile, couch_config:get("ssl", "key_file", nil)},
+ {certfile, couch_config:get("ssl", "cert_file", nil)},
+ {password, couch_config:get("ssl", "password", nil)}],
+
+ case (couch_util:get_value(keyfile, ServerOpts0) == nil orelse
+ couch_util:get_value(certfile, ServerOpts0) == nil) of
true ->
- SslOpts = [{certfile, CertFile}, {keyfile, KeyFile}],
-
- %% set password if one is needed for the cert
- SslOpts1 = case couch_config:get("ssl", "password", nil) of
- nil -> SslOpts;
- Password ->
- SslOpts ++ [{password, Password}]
- end,
- % do we verify certificates ?
- FinalSslOpts = case couch_config:get("ssl",
- "verify_ssl_certificates", "false") of
- "false" -> SslOpts1;
- "true" ->
- case couch_config:get("ssl",
- "cacert_file", nil) of
- nil ->
- io:format("Verify SSL certificate "
- ++"enabled but file containing "
- ++"PEM encoded CA certificates is "
- ++"missing", []),
- throw({error, missing_cacerts});
- CaCertFile ->
- Depth = list_to_integer(couch_config:get("ssl",
- "ssl_certificate_max_depth",
- "1")),
- FinalOpts = [
- {cacertfile, CaCertFile},
- {depth, Depth},
- {verify, verify_peer}],
- % allows custom verify fun.
- case couch_config:get("ssl",
- "verify_fun", nil) of
- nil -> FinalOpts;
- SpecStr ->
- FinalOpts
- ++ [{verify_fun, make_arity_3_fun(SpecStr)}]
- end
- end
- end,
-
- [{port, Port},
- {ssl, true},
- {ssl_opts, FinalSslOpts}];
- false ->
io:format("SSL enabled but PEM certificates are missing.", []),
- throw({error, missing_certs})
+ throw({error, missing_certs});
+ false ->
+ ok
end,
+
+ ServerOpts = [Opt || {_, V}=Opt <- ServerOpts0, V /= nil],
+
+ ClientOpts = case couch_config:get("ssl", "verify_ssl_certificates", "false") of
+ "false" ->
+ [];
+ "true" ->
+ [{depth, list_to_integer(couch_config:get("ssl",
+ "ssl_certificate_max_depth", "1"))},
+ {verify, verify_peer}] ++
+ case couch_config:get("ssl", "verify_fun", nil) of
+ nil -> [];
+ SpecStr ->
+ [{verify_fun, make_arity_3_fun(SpecStr)}]
+ end
+ end,
+ SslOpts = ServerOpts ++ ClientOpts,
+
+ Options =
+ [{port, Port},
+ {ssl, true},
+ {ssl_opts, SslOpts}],
start_link(https, Options).
start_link(Name, Options) ->
% read config and register for configuration changes