From 137928ea81643e661b3532ea55973545cee95214 Mon Sep 17 00:00:00 2001
From: olegphenomenon <oleg.hasjanov@eestiinternet.ee>
Date: Tue, 1 Feb 2022 09:51:25 +0200
Subject: [PATCH 1/3] changed

---
 Dockerfile        | 2 +-
 config/sys.config | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 11babec..8a3056e 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -3,7 +3,7 @@ FROM debian:buster-slim
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 COPY ./docker/apt/sources.list /etc/apt/
 
-RUN apt-get update && apt-get -t buster install -y -qq wget \
+RUN apt-get update && apt-get install -y -qq wget \
   && apt-get clean \
   && rm -rf /var/lib/apt/lists/*
 
diff --git a/config/sys.config b/config/sys.config
index c2f3ae4..e4ca7b9 100644
--- a/config/sys.config
+++ b/config/sys.config
@@ -18,7 +18,7 @@
                {epp_command_url, "https://registry.test/epp/command/"},
                {epp_error_url, "https://registry.test/epp/error/"},
                %% Path to root CA that should check the client certificates.
-               {cacertfile_path, "/opt/shared/ca/certs/ca.crt.pem"},
+               {cacertfile_path, "/opt/ca/certs/ca.crt.pem"},
                %% Path to server's certficate file.
                {certfile_path, "/opt/shared/ca/certs/cert.pem"},
 

From 1d949ea0687502c8c2065ab293623691423e29d8 Mon Sep 17 00:00:00 2001
From: oleghasjanov <oleg.phenomenon@gmail.com>
Date: Mon, 29 Apr 2024 11:20:50 +0300
Subject: [PATCH 2/3] added ip6 module into tls acceptor and added ip6 confs

---
 .gitignore                              |  2 ++
 Dockerfile                              |  2 ++
 apps/epp_proxy/src/epp_tls_acceptor.erl |  3 ++-
 config/vm.args                          | 14 ++++++++++++++
 4 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/.gitignore b/.gitignore
index 4449579..f81140d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -20,3 +20,5 @@ rebar3.crashdump
 
 config/dev.config
 apps/epp_proxy/priv/test_backend_app/pidfile
+
+.DS_Store
diff --git a/Dockerfile b/Dockerfile
index 2dfdbd8..2183d91 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -31,6 +31,8 @@ RUN apt-get update && apt-get install -y \
   libssl1.1=* \
   perl-base=* \
   zlib1g-dev \
+  net-tools \
+  iproute2 \
   && apt-get clean \
   && rm -rf /var/lib/apt/lists/*
 
diff --git a/apps/epp_proxy/src/epp_tls_acceptor.erl b/apps/epp_proxy/src/epp_tls_acceptor.erl
index a3c0080..60168af 100644
--- a/apps/epp_proxy/src/epp_tls_acceptor.erl
+++ b/apps/epp_proxy/src/epp_tls_acceptor.erl
@@ -25,7 +25,7 @@ init(Port) ->
 		      {active, false}, {reuseaddr, true},
 		      {verify, verify_peer}, {depth, 1},
 		      {cacertfile, ca_cert_file()}, {certfile, cert_file()},
-		      {keyfile, key_file()}],
+		      {keyfile, key_file()}, inet6],
     Options = handle_crl_check_options(DefaultOptions),
     {ok, ListenSocket} = ssl:listen(Port, Options),
     gen_server:cast(self(), accept),
@@ -33,6 +33,7 @@ init(Port) ->
      #state{socket = ListenSocket, port = Port,
 	    options = Options}}.
 
+
 %% Acceptor has only one state that goes in a loop:
 %% 1. Listen for a connection from anyone.
 %% 2. Ask supervisor to return a worker.
diff --git a/config/vm.args b/config/vm.args
index 03aad75..998aab2 100644
--- a/config/vm.args
+++ b/config/vm.args
@@ -4,3 +4,17 @@
 
 +K true
 +A30
+
+-proto_dist inet6_tls
+-ssl_dist_opt server_certfile "/opt/ca/certs/cert.pem"
+-ssl_dist_opt server_secure_renegotiate true
+-ssl_dist_opt client_secure_renegotiate true
+
+-proto_dist inet6_tls
+-ssl_dist_opt server_certfile "/opt/ca/certs/cert.pem"
+-ssl_dist_opt server_keyfile "/opt/ca/private/key.pem"
+-ssl_dist_opt cacertfile "/opt/ca/certs/ca.crt.pem"
+-ssl_dist_opt verify 1
+-ssl_dist_opt fail_if_no_peer_cert true
+-ssl_dist_opt server_secure_renegotiate true
+-ssl_dist_opt client_secure_renegotiate true

From 9a63f15b9d16ab65a28c4e0aa85cf40bc00ca4de Mon Sep 17 00:00:00 2001
From: oleghasjanov <oleg.phenomenon@gmail.com>
Date: Mon, 29 Apr 2024 12:21:32 +0300
Subject: [PATCH 3/3] remove confs from vm args

---
 config/vm.args | 13 -------------
 1 file changed, 13 deletions(-)

diff --git a/config/vm.args b/config/vm.args
index 998aab2..2d2475b 100644
--- a/config/vm.args
+++ b/config/vm.args
@@ -5,16 +5,3 @@
 +K true
 +A30
 
--proto_dist inet6_tls
--ssl_dist_opt server_certfile "/opt/ca/certs/cert.pem"
--ssl_dist_opt server_secure_renegotiate true
--ssl_dist_opt client_secure_renegotiate true
-
--proto_dist inet6_tls
--ssl_dist_opt server_certfile "/opt/ca/certs/cert.pem"
--ssl_dist_opt server_keyfile "/opt/ca/private/key.pem"
--ssl_dist_opt cacertfile "/opt/ca/certs/ca.crt.pem"
--ssl_dist_opt verify 1
--ssl_dist_opt fail_if_no_peer_cert true
--ssl_dist_opt server_secure_renegotiate true
--ssl_dist_opt client_secure_renegotiate true