Fix sasl_external

This will probably be possible to revert once c2s does'n require `fast_tls` and so all components really have the same configs here.
esl · Jan 7, 2025 · 69764e3 · 69764e3
1 parent b3aa6d2
commit 69764e3
Show file tree

Hide file tree

Showing 8 changed files with 33 additions and 4 deletions.
diff --git a/big_tests/tests/sasl_external_SUITE.erl b/big_tests/tests/sasl_external_SUITE.erl
@@ -158,7 +158,10 @@ modify_config_and_restart(CyrsaslExternalConfig, Config) ->
                                     "  tls.certfile = \"priv/ssl/fake_server.pem\"\n"
                                     "  tls.cacertfile = \"" ++ CACertFile ++ "\""
                                     ++ SSLOpts},
-		       {https_config, "tls.certfile = \"priv/ssl/fake_cert.pem\"\n"
+                       {s2s_tls_config, "tls.certfile = \"priv/ssl/fake_server.pem\"\n"
+                                    "  tls.cacertfile = \"" ++ CACertFile ++ "\""
+                                    ++ SSLOpts},
+                       {https_config, "tls.certfile = \"priv/ssl/fake_cert.pem\"\n"
                                       "  tls.keyfile = \"priv/ssl/fake_key.pem\"\n"
                                       "  tls.password = \"\"\n"
                                       "  tls.cacertfile = \"" ++ CACertFile ++ "\""

diff --git a/rel/fed1.vars-toml.config b/rel/fed1.vars-toml.config
@@ -48,6 +48,11 @@
   tls.mode = \"starttls\"
   tls.ciphers = \"ECDHE-RSA-AES256-GCM-SHA384\""}.
 
+{s2s_tls_config, "tls.verify_mode = \"none\"
+  tls.certfile = \"priv/ssl/fake_server.pem\"
+  tls.mode = \"starttls\"
+  tls.ciphers = \"ECDHE-RSA-AES256-GCM-SHA384\""}.
+
 {instrumentation, "[instrumentation.exometer]
 
 [instrumentation.prometheus]

diff --git a/rel/files/mongooseim.toml b/rel/files/mongooseim.toml
@@ -148,9 +148,9 @@
   port = {{{incoming_s2s_port}}}
   shaper = "s2s_shaper"
   max_stanza_size = 131072
-  {{#tls_config}}
-  {{{tls_config}}}
-  {{/tls_config}}
+  {{#s2s_tls_config}}
+  {{{s2s_tls_config}}}
+  {{/s2s_tls_config}}
   {{#s2s_dhfile}}
   tls.dhfile = {{{s2s_dhfile}}}
   {{/s2s_dhfile}}

diff --git a/rel/mim1.vars-toml.config b/rel/mim1.vars-toml.config
@@ -63,6 +63,9 @@
 {tls_config, "tls.verify_mode = \"none\"
   tls.certfile = \"priv/ssl/fake_server.pem\""}.
 
+{s2s_tls_config, "tls.verify_mode = \"none\"
+  tls.certfile = \"priv/ssl/fake_server.pem\""}.
+
 {secondary_c2s,
   "[[listen.c2s]]
   port = {{ c2s_tls_port }}

diff --git a/rel/mim2.vars-toml.config b/rel/mim2.vars-toml.config
@@ -30,6 +30,11 @@
   tls.mode = \"starttls\"
   tls.ciphers = \"ECDHE-RSA-AES256-GCM-SHA384\""}.
 
+{s2s_tls_config, "tls.verify_mode = \"none\"
+  tls.certfile = \"priv/ssl/fake_server.pem\"
+  tls.mode = \"starttls\"
+  tls.ciphers = \"ECDHE-RSA-AES256-GCM-SHA384\""}.
+
 {secondary_c2s,
   "[[listen.c2s]]
   port = {{ c2s_tls_port }}

diff --git a/rel/mim3.vars-toml.config b/rel/mim3.vars-toml.config
@@ -35,6 +35,11 @@
   tls.mode = \"starttls\"
   tls.ciphers = \"ECDHE-RSA-AES256-GCM-SHA384\""}.
 
+{s2s_tls_config, "tls.verify_mode = \"none\"
+  tls.certfile = \"priv/ssl/fake_server.pem\"
+  tls.mode = \"starttls\"
+  tls.ciphers = \"ECDHE-RSA-AES256-GCM-SHA384\""}.
+
 {instrumentation, "[instrumentation.exometer]
 
 [instrumentation.prometheus]

diff --git a/rel/prod.vars-toml.config b/rel/prod.vars-toml.config
@@ -35,6 +35,9 @@
 {tls_config, "tls.verify_mode = \"none\"
   tls.certfile = \"priv/ssl/fake_server.pem\""}.
 
+{s2s_tls_config, "tls.verify_mode = \"none\"
+  tls.certfile = \"priv/ssl/fake_server.pem\""}.
+
 {instrumentation, "[instrumentation.prometheus]
 
 [instrumentation.log]"}.

diff --git a/rel/reg1.vars-toml.config b/rel/reg1.vars-toml.config
@@ -45,6 +45,11 @@
   tls.mode = \"starttls\"
   tls.ciphers = \"ECDHE-RSA-AES256-GCM-SHA384\""}.
 
+{s2s_tls_config, "tls.verify_mode = \"none\"
+  tls.certfile = \"priv/ssl/fake_server.pem\"
+  tls.mode = \"starttls\"
+  tls.ciphers = \"ECDHE-RSA-AES256-GCM-SHA384\""}.
+
 {instrumentation, "[instrumentation.exometer]
 
 [instrumentation.prometheus]