diff options
author | Loïc Hoguin <[email protected]> | 2011-09-28 15:00:31 +0200 |
---|---|---|
committer | Loïc Hoguin <[email protected]> | 2011-09-28 15:02:08 +0200 |
commit | 0e84e7f920d391487dcb056e520fe29491847d0a (patch) | |
tree | 0511bea67d40be3607ed6ee4ecca9b45a6cca988 | |
parent | b675fb2ab11a7610bcae5e0fcee9170e068ef16a (diff) | |
parent | ea5780b7cdf2c0497ea74283a9bbf881ab4a022e (diff) | |
download | cowboy-0e84e7f920d391487dcb056e520fe29491847d0a.tar.gz cowboy-0e84e7f920d391487dcb056e520fe29491847d0a.tar.bz2 cowboy-0e84e7f920d391487dcb056e520fe29491847d0a.zip |
Merge remote-tracking branch 'smarkets/cacertfile'
-rw-r--r-- | src/cowboy_ssl_transport.erl | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/src/cowboy_ssl_transport.erl b/src/cowboy_ssl_transport.erl index 098d409..bf8b1fb 100644 --- a/src/cowboy_ssl_transport.erl +++ b/src/cowboy_ssl_transport.erl @@ -50,6 +50,9 @@ messages() -> {ssl, ssl_closed, ssl_error}. %% certificate.</dd> %% <dt>keyfile</dt><dd>Mandatory. Path to the file containing the user's %% private PEM encoded key.</dd> +%% <dt>cacertfile</dt><dd>Optional. Path to file containing PEM encoded +%% CA certificates (trusted certificates used for verifying a peer +%% certificate).</dd> %% <dt>password</dt><dd>Mandatory. String containing the user's password. %% All private keyfiles must be password protected currently.</dd> %% </dl> @@ -58,7 +61,7 @@ messages() -> {ssl, ssl_closed, ssl_error}. %% @todo The password option shouldn't be mandatory. -spec listen([{port, inet:ip_port()} | {certfile, string()} | {keyfile, string()} | {password, string()} - | {ip, inet:ip_address()}]) + | {cacertfile, string()} | {ip, inet:ip_address()}]) -> {ok, ssl:sslsocket()} | {error, atom()}. listen(Opts) -> require([crypto, public_key, ssl]), @@ -70,11 +73,16 @@ listen(Opts) -> ListenOpts0 = [binary, {active, false}, {backlog, Backlog}, {packet, raw}, {reuseaddr, true}, {certfile, CertFile}, {keyfile, KeyFile}, {password, Password}], - ListenOpts = + ListenOpts1 = case lists:keyfind(ip, 1, Opts) of false -> ListenOpts0; Ip -> [Ip|ListenOpts0] end, + ListenOpts = + case lists:keyfind(cacertfile, 1, Opts) of + false -> ListenOpts1; + CACertFile -> [CACertFile|ListenOpts1] + end, ssl:listen(Port, ListenOpts). %% @doc Accept an incoming connection on a listen socket. |