diff options
author | Steven Gravell <[email protected]> | 2011-09-26 14:48:16 +0100 |
---|---|---|
committer | Steven Gravell <[email protected]> | 2011-09-28 13:40:09 +0100 |
commit | ea5780b7cdf2c0497ea74283a9bbf881ab4a022e (patch) | |
tree | 2657454ea8a93a7e0b613e9852ae816531480cd5 /src | |
parent | 009ad4c9ebbd943e92be4c8edd2ccf7c7b739497 (diff) | |
download | cowboy-ea5780b7cdf2c0497ea74283a9bbf881ab4a022e.tar.gz cowboy-ea5780b7cdf2c0497ea74283a9bbf881ab4a022e.tar.bz2 cowboy-ea5780b7cdf2c0497ea74283a9bbf881ab4a022e.zip |
add cacertfile configuration
Diffstat (limited to 'src')
-rw-r--r-- | src/cowboy_ssl_transport.erl | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/src/cowboy_ssl_transport.erl b/src/cowboy_ssl_transport.erl index 098d409..bb53418 100644 --- a/src/cowboy_ssl_transport.erl +++ b/src/cowboy_ssl_transport.erl @@ -50,6 +50,9 @@ messages() -> {ssl, ssl_closed, ssl_error}. %% certificate.</dd> %% <dt>keyfile</dt><dd>Mandatory. Path to the file containing the user's %% private PEM encoded key.</dd> +%% <dt>cacertfile</dt><dd>Optional. Path to file containing PEM encoded +%% CA certificates (trusted certificates used for verifying a peer +%% certificate).</dd> %% <dt>password</dt><dd>Mandatory. String containing the user's password. %% All private keyfiles must be password protected currently.</dd> %% </dl> @@ -58,7 +61,7 @@ messages() -> {ssl, ssl_closed, ssl_error}. %% @todo The password option shouldn't be mandatory. -spec listen([{port, inet:ip_port()} | {certfile, string()} | {keyfile, string()} | {password, string()} - | {ip, inet:ip_address()}]) + | {cacertfile, string()} | {ip, inet:ip_address()}]) -> {ok, ssl:sslsocket()} | {error, atom()}. listen(Opts) -> require([crypto, public_key, ssl]), @@ -70,11 +73,16 @@ listen(Opts) -> ListenOpts0 = [binary, {active, false}, {backlog, Backlog}, {packet, raw}, {reuseaddr, true}, {certfile, CertFile}, {keyfile, KeyFile}, {password, Password}], - ListenOpts = + ListenOpts1 = case lists:keyfind(ip, 1, Opts) of false -> ListenOpts0; Ip -> [Ip|ListenOpts0] end, + ListenOpts = + case lists:keyfind(cacertfile, 1, Opts) of + false -> ListenOpts1; + CACertFile -> [CACertFile|ListenOpts1] + end, ssl:listen(Port, ListenOpts). %% @doc Accept an incoming connection on a listen socket. |