aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLoïc Hoguin <[email protected]>2011-09-28 15:00:31 +0200
committerLoïc Hoguin <[email protected]>2011-09-28 15:02:08 +0200
commit0e84e7f920d391487dcb056e520fe29491847d0a (patch)
tree0511bea67d40be3607ed6ee4ecca9b45a6cca988
parentb675fb2ab11a7610bcae5e0fcee9170e068ef16a (diff)
parentea5780b7cdf2c0497ea74283a9bbf881ab4a022e (diff)
downloadcowboy-0e84e7f920d391487dcb056e520fe29491847d0a.tar.gz
cowboy-0e84e7f920d391487dcb056e520fe29491847d0a.tar.bz2
cowboy-0e84e7f920d391487dcb056e520fe29491847d0a.zip
Merge remote-tracking branch 'smarkets/cacertfile'
-rw-r--r--src/cowboy_ssl_transport.erl12
1 files changed, 10 insertions, 2 deletions
diff --git a/src/cowboy_ssl_transport.erl b/src/cowboy_ssl_transport.erl
index 098d409..bf8b1fb 100644
--- a/src/cowboy_ssl_transport.erl
+++ b/src/cowboy_ssl_transport.erl
@@ -50,6 +50,9 @@ messages() -> {ssl, ssl_closed, ssl_error}.
%% certificate.</dd>
%% <dt>keyfile</dt><dd>Mandatory. Path to the file containing the user's
%% private PEM encoded key.</dd>
+%% <dt>cacertfile</dt><dd>Optional. Path to file containing PEM encoded
+%% CA certificates (trusted certificates used for verifying a peer
+%% certificate).</dd>
%% <dt>password</dt><dd>Mandatory. String containing the user's password.
%% All private keyfiles must be password protected currently.</dd>
%% </dl>
@@ -58,7 +61,7 @@ messages() -> {ssl, ssl_closed, ssl_error}.
%% @todo The password option shouldn't be mandatory.
-spec listen([{port, inet:ip_port()} | {certfile, string()}
| {keyfile, string()} | {password, string()}
- | {ip, inet:ip_address()}])
+ | {cacertfile, string()} | {ip, inet:ip_address()}])
-> {ok, ssl:sslsocket()} | {error, atom()}.
listen(Opts) ->
require([crypto, public_key, ssl]),
@@ -70,11 +73,16 @@ listen(Opts) ->
ListenOpts0 = [binary, {active, false},
{backlog, Backlog}, {packet, raw}, {reuseaddr, true},
{certfile, CertFile}, {keyfile, KeyFile}, {password, Password}],
- ListenOpts =
+ ListenOpts1 =
case lists:keyfind(ip, 1, Opts) of
false -> ListenOpts0;
Ip -> [Ip|ListenOpts0]
end,
+ ListenOpts =
+ case lists:keyfind(cacertfile, 1, Opts) of
+ false -> ListenOpts1;
+ CACertFile -> [CACertFile|ListenOpts1]
+ end,
ssl:listen(Port, ListenOpts).
%% @doc Accept an incoming connection on a listen socket.