From 062417480c1d15d6c7df1777ddde707ea162e50f Mon Sep 17 00:00:00 2001
From: Jan Uhlig <juhlig@hnc-agency.org>
Date: Tue, 7 Dec 2021 10:54:37 +0100
Subject: Obfuscate private key password in logs

---
 src/ranch_acceptors_sup.erl | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/src/ranch_acceptors_sup.erl b/src/ranch_acceptors_sup.erl
index 52c68dc..f0cff68 100644
--- a/src/ranch_acceptors_sup.erl
+++ b/src/ranch_acceptors_sup.erl
@@ -86,15 +86,26 @@ start_listen_socket(Ref, Transport, TransOpts, Logger) ->
 -spec listen_error(any(), module(), any(), atom(), module()) -> no_return().
 listen_error(Ref, Transport, TransOpts0, Reason, Logger) ->
 	SocketOpts0 = maps:get(socket_opts, TransOpts0, []),
-	SocketOpts1 = [{cert, '...'}|proplists:delete(cert, SocketOpts0)],
-	SocketOpts2 = [{key, '...'}|proplists:delete(key, SocketOpts1)],
-	SocketOpts = [{cacerts, '...'}|proplists:delete(cacerts, SocketOpts2)],
+	SocketOpts = hide_socket_opts(SocketOpts0),
 	TransOpts = TransOpts0#{socket_opts => SocketOpts},
 	ranch:log(error,
 		"Failed to start Ranch listener ~p in ~p:listen(~999999p) for reason ~p (~s)~n",
 		[Ref, Transport, TransOpts, Reason, format_error(Reason)], Logger),
 	exit({listen_error, Ref, Reason}).
 
+hide_socket_opts([]) ->
+	[];
+hide_socket_opts([{cert, _}|SocketOpts]) ->
+	[{cert, '...'}|hide_socket_opts(SocketOpts)];
+hide_socket_opts([{key, _}|SocketOpts]) ->
+	[{key, '...'}|hide_socket_opts(SocketOpts)];
+hide_socket_opts([{cacerts, _}|SocketOpts]) ->
+	[{cacerts, '...'}|hide_socket_opts(SocketOpts)];
+hide_socket_opts([{password, _}|SocketOpts]) ->
+	[{password, '...'}|hide_socket_opts(SocketOpts)];
+hide_socket_opts([SocketOpt|SocketOpts]) ->
+	[SocketOpt|hide_socket_opts(SocketOpts)].
+
 format_error(no_cert) ->
 	"no certificate provided; see cert, certfile, sni_fun or sni_hosts options";
 format_error(reuseport_local) ->
-- 
cgit v1.2.3