From 1d949ea0687502c8c2065ab293623691423e29d8 Mon Sep 17 00:00:00 2001
From: oleghasjanov <oleg.phenomenon@gmail.com>
Date: Mon, 29 Apr 2024 11:20:50 +0300
Subject: [PATCH] added ip6 module into tls acceptor and added ip6 confs

---
 .gitignore                              |  2 ++
 Dockerfile                              |  2 ++
 apps/epp_proxy/src/epp_tls_acceptor.erl |  3 ++-
 config/vm.args                          | 14 ++++++++++++++
 4 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/.gitignore b/.gitignore
index 4449579..f81140d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -20,3 +20,5 @@ rebar3.crashdump
 
 config/dev.config
 apps/epp_proxy/priv/test_backend_app/pidfile
+
+.DS_Store
diff --git a/Dockerfile b/Dockerfile
index 2dfdbd8..2183d91 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -31,6 +31,8 @@ RUN apt-get update && apt-get install -y \
   libssl1.1=* \
   perl-base=* \
   zlib1g-dev \
+  net-tools \
+  iproute2 \
   && apt-get clean \
   && rm -rf /var/lib/apt/lists/*
 
diff --git a/apps/epp_proxy/src/epp_tls_acceptor.erl b/apps/epp_proxy/src/epp_tls_acceptor.erl
index a3c0080..60168af 100644
--- a/apps/epp_proxy/src/epp_tls_acceptor.erl
+++ b/apps/epp_proxy/src/epp_tls_acceptor.erl
@@ -25,7 +25,7 @@ init(Port) ->
 		      {active, false}, {reuseaddr, true},
 		      {verify, verify_peer}, {depth, 1},
 		      {cacertfile, ca_cert_file()}, {certfile, cert_file()},
-		      {keyfile, key_file()}],
+		      {keyfile, key_file()}, inet6],
     Options = handle_crl_check_options(DefaultOptions),
     {ok, ListenSocket} = ssl:listen(Port, Options),
     gen_server:cast(self(), accept),
@@ -33,6 +33,7 @@ init(Port) ->
      #state{socket = ListenSocket, port = Port,
 	    options = Options}}.
 
+
 %% Acceptor has only one state that goes in a loop:
 %% 1. Listen for a connection from anyone.
 %% 2. Ask supervisor to return a worker.
diff --git a/config/vm.args b/config/vm.args
index 03aad75..998aab2 100644
--- a/config/vm.args
+++ b/config/vm.args
@@ -4,3 +4,17 @@
 
 +K true
 +A30
+
+-proto_dist inet6_tls
+-ssl_dist_opt server_certfile "/opt/ca/certs/cert.pem"
+-ssl_dist_opt server_secure_renegotiate true
+-ssl_dist_opt client_secure_renegotiate true
+
+-proto_dist inet6_tls
+-ssl_dist_opt server_certfile "/opt/ca/certs/cert.pem"
+-ssl_dist_opt server_keyfile "/opt/ca/private/key.pem"
+-ssl_dist_opt cacertfile "/opt/ca/certs/ca.crt.pem"
+-ssl_dist_opt verify 1
+-ssl_dist_opt fail_if_no_peer_cert true
+-ssl_dist_opt server_secure_renegotiate true
+-ssl_dist_opt client_secure_renegotiate true