aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--src/cowboy_ssl_transport.erl12
1 files changed, 10 insertions, 2 deletions
diff --git a/src/cowboy_ssl_transport.erl b/src/cowboy_ssl_transport.erl
index 098d409..bb53418 100644
--- a/src/cowboy_ssl_transport.erl
+++ b/src/cowboy_ssl_transport.erl
@@ -50,6 +50,9 @@ messages() -> {ssl, ssl_closed, ssl_error}.
%% certificate.</dd>
%% <dt>keyfile</dt><dd>Mandatory. Path to the file containing the user's
%% private PEM encoded key.</dd>
+%% <dt>cacertfile</dt><dd>Optional. Path to file containing PEM encoded
+%% CA certificates (trusted certificates used for verifying a peer
+%% certificate).</dd>
%% <dt>password</dt><dd>Mandatory. String containing the user's password.
%% All private keyfiles must be password protected currently.</dd>
%% </dl>
@@ -58,7 +61,7 @@ messages() -> {ssl, ssl_closed, ssl_error}.
%% @todo The password option shouldn't be mandatory.
-spec listen([{port, inet:ip_port()} | {certfile, string()}
| {keyfile, string()} | {password, string()}
- | {ip, inet:ip_address()}])
+ | {cacertfile, string()} | {ip, inet:ip_address()}])
-> {ok, ssl:sslsocket()} | {error, atom()}.
listen(Opts) ->
require([crypto, public_key, ssl]),
@@ -70,11 +73,16 @@ listen(Opts) ->
ListenOpts0 = [binary, {active, false},
{backlog, Backlog}, {packet, raw}, {reuseaddr, true},
{certfile, CertFile}, {keyfile, KeyFile}, {password, Password}],
- ListenOpts =
+ ListenOpts1 =
case lists:keyfind(ip, 1, Opts) of
false -> ListenOpts0;
Ip -> [Ip|ListenOpts0]
end,
+ ListenOpts =
+ case lists:keyfind(cacertfile, 1, Opts) of
+ false -> ListenOpts1;
+ CACertFile -> [CACertFile|ListenOpts1]
+ end,
ssl:listen(Port, ListenOpts).
%% @doc Accept an incoming connection on a listen socket.