1 files changed, 10 insertions, 2 deletions

diff --git a/src/cowboy_ssl_transport.erl b/src/cowboy_ssl_transport.erl
index 098d409..bf8b1fb 100644
--- a/src/cowboy_ssl_transport.erl
+++ b/src/cowboy_ssl_transport.erl
@@ -50,6 +50,9 @@ messages() -> {ssl, ssl_closed, ssl_error}.
 %%   certificate.</dd>
 %%  <dt>keyfile</dt><dd>Mandatory. Path to the file containing the user's
 %%   private PEM encoded key.</dd>
+%%  <dt>cacertfile</dt><dd>Optional. Path to file containing PEM encoded
+%%   CA certificates (trusted certificates used for verifying a peer
+%%   certificate).</dd>
 %%  <dt>password</dt><dd>Mandatory. String containing the user's password.
 %%   All private keyfiles must be password protected currently.</dd>
 %% </dl>
@@ -58,7 +61,7 @@ messages() -> {ssl, ssl_closed, ssl_error}.
 %% @todo The password option shouldn't be mandatory.
 -spec listen([{port, inet:ip_port()} | {certfile, string()}
 	| {keyfile, string()} | {password, string()}
-	| {ip, inet:ip_address()}])
+	| {cacertfile, string()} | {ip, inet:ip_address()}])
 	-> {ok, ssl:sslsocket()} | {error, atom()}.
 listen(Opts) ->
 	require([crypto, public_key, ssl]),
@@ -70,11 +73,16 @@ listen(Opts) ->
 	ListenOpts0 = [binary, {active, false},
 		{backlog, Backlog}, {packet, raw}, {reuseaddr, true},
 		{certfile, CertFile}, {keyfile, KeyFile}, {password, Password}],
-	ListenOpts =
+	ListenOpts1 =
 		case lists:keyfind(ip, 1, Opts) of
 			false -> ListenOpts0;
 			Ip -> [Ip|ListenOpts0]
 		end,
+	ListenOpts =
+		case lists:keyfind(cacertfile, 1, Opts) of
+			false -> ListenOpts1;
+			CACertFile -> [CACertFile|ListenOpts1]
+		end,
 	ssl:listen(Port, ListenOpts).
 
 %% @doc Accept an incoming connection on a listen socket.