<div dir="ltr"><br><div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Jun 4, 2014 at 4:48 PM, Loïc Hoguin <span dir="ltr"><<a href="mailto:essen@ninenines.eu" target="_blank">essen@ninenines.eu</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="">On 06/04/2014 10:08 PM, Daniel Goertzen wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
I am having very good luck with Cowboy so far, but I have some questions:<br>
<br>
1. There doesn't appear to be any way to do client certificate<br>
authorization in Cowboy, although I see there is an example for doing<br>
exactly that with Ranch. I think I could modify Cowboy to do what I<br>
want, but I thought I would ask if there were other options before doing<br>
that.<br>
</blockquote>
<br></div>
Same as Ranch really, you just gotta take the socket and then call the ssl functions.<div class=""><br></div></blockquote><div><br></div><div>Yes, but in cowboy there's no API to get at the socket.</div><div><br></div>
<div>I was thinking of adding a "onconnect" hook similar to how there are "onrequest" and "onresponse" hooks. The hook would be called in cowboy_protocol:init(), would accept Transport and Socket, and return a "user connection state" term that gets stashed in the state record. The user connection state would then be provided in the Req object to each handler. With these features one could do whatever computation they want on the socket and provide the result to all subsequent requests on that socket. I want to use it for client cert checking, but it could be used for other things such as an IP address security check.</div>
<div><br></div><div>Dan.<br></div><div> </div></div></div></div>