Add support for additional ssl options.

1 files changed, 25 insertions, 2 deletions

diff --git a/src/ranch_ssl.erl b/src/ranch_ssl.erl
index e6352ed..4129f18 100644
--- a/src/ranch_ssl.erl
+++ b/src/ranch_ssl.erl
@@ -55,7 +55,11 @@
 	| {port, inet:port_number()}
 	| {raw, non_neg_integer(), non_neg_integer(),
 		non_neg_integer() | binary()}
-	| {verify, ssl:verify_type()}].
+	| {reuse_session, fun()}
+	| {reuse_sessions, boolean()}
+	| {secure_renegotiate, boolean()}
+	| {verify, ssl:verify_type()}
+	| {verify_fun, {fun(), InitialUserState::term()}}].
 -export_type([opts/0]).
 
 %% @doc Name of this transport, <em>ssl</em>.
@@ -75,6 +79,8 @@ messages() -> {ssl, ssl_closed, ssl_error}.
 %%  <dt>cacertfile</dt><dd>Optional. Path to file containing PEM encoded
 %%   CA certificates (trusted certificates used for verifying a peer
 %%   certificate).</dd>
+%%  <dt>cert</dt><dd>Optional. The DER encoded users certificate. If this
+%%   option is supplied it will override the certfile option.</dd>
 %%  <dt>certfile</dt><dd>Mandatory. Path to a file containing the user's
 %%   certificate.</dd>
 %%  <dt>ciphers</dt><dd>Optional. The cipher suites that should be supported.
@@ -87,6 +93,8 @@ messages() -> {ssl, ssl_closed, ssl_error}.
 %%   certificate is considered valid).</dd>
 %%  <dt>ip</dt><dd>Interface to listen on. Listen on all interfaces
 %%   by default.</dd>
+%%  <dt>key</dt><dd>Optional. The DER encoded users private key. If this option
+%%   is supplied it will override the keyfile option.</dd>
 %%  <dt>keyfile</dt><dd>Optional. Path to the file containing the user's
 %%   private PEM encoded key.</dd>
 %%  <dt>next_protocols_advertised</dt><dd>Optional. Erlang R16B+ required.
@@ -96,8 +104,22 @@ messages() -> {ssl, ssl_closed, ssl_error}.
 %%  <dt>password</dt><dd>Optional. String containing the user's password.
 %%   All private keyfiles must be password protected currently.</dd>
 %%  <dt>port</dt><dd>TCP port number to open. Defaults to 0 (see below)</dd>
+%%  <dt>reuse_session</dt><dd>Optional. Enables the ssl server to have a local
+%%   policy for deciding if a session should be reused or not, only meaningful
+%%   if reuse_sessions is set to true.</dd>
+%%  <dt>reuse_sessions</dt><dd>Optional. Specifies if the server should agree
+%%   to reuse sessions when the clients request to do so.</dd>
+%%  <dt>secure_renegotiate</dt><dd>Optional. Specifies if to reject renegotiation
+%%   attempt that does not live up to RFC 5746. By default secure_renegotiate is
+%%   set to false i.e. secure renegotiation will be used if possible but it will
+%%   fallback to unsecure renegotiation if the peer does not support RFC 5746.</dd>
 %%  <dt>verify</dt><dd>Optional. If set to verify_peer, performs an x509-path
 %%   validation and request the client for a certificate.</dd>
+%%  <dt>verify_fun</dt><dd>Optional. The verify fun will be called during the
+%%   X509-path validation when an error or an extension unknown to the ssl
+%%   application is encountered. Additionally it will be called when a certificate
+%%   is considered valid by the path validation to allow access to each certificate
+%%   in the path to the user application.</dd>
 %% </dl>
 %%
 %% You can listen to a random port by setting the port option to 0.
@@ -119,7 +141,8 @@ listen(Opts) ->
 	ssl:listen(0, ranch:filter_options(Opts2,
 		[backlog, cacertfile, cacerts, cert, certfile, ciphers,
 			fail_if_no_peer_cert, ip, key, keyfile, next_protocols_advertised,
-			nodelay, password, port, raw, verify],
+			nodelay, password, port, raw, reuse_session, reuse_sessions,
+			secure_renegotiate, verify, verify_fun],
 		[binary, {active, false}, {packet, raw},
 			{reuseaddr, true}, {nodelay, true}])).