diff options
| author | Loïc Hoguin <[email protected]> | 2016-11-08 16:39:03 +0200 |
|---|---|---|
| committer | Loïc Hoguin <[email protected]> | 2016-11-08 16:39:03 +0200 |
| commit | da68b2009f59097dde61a76e3b29b9b97334dbda (patch) | |
| tree | 41982e5a98a1ae393f186df890a49f89590da5f4 | |
| parent | b2b099627424ce42b7f0ac02e5ddd8d0bf2c3381 (diff) | |
| download | ranch-da68b2009f59097dde61a76e3b29b9b97334dbda.tar.gz ranch-da68b2009f59097dde61a76e3b29b9b97334dbda.tar.bz2 ranch-da68b2009f59097dde61a76e3b29b9b97334dbda.zip | |
Allow listening with only SNI options
Cert/certfile is no longer required if SNI options are provided.
| -rw-r--r-- | src/ranch_ssl.erl | 4 | ||||
| -rw-r--r-- | test/acceptor_SUITE.erl | 31 |
2 files changed, 33 insertions, 2 deletions
diff --git a/src/ranch_ssl.erl b/src/ranch_ssl.erl index ea5d9d5..b3fab51 100644 --- a/src/ranch_ssl.erl +++ b/src/ranch_ssl.erl @@ -90,7 +90,9 @@ messages() -> {ssl, ssl_closed, ssl_error}. -spec listen(opts()) -> {ok, ssl:sslsocket()} | {error, atom()}. listen(Opts) -> true = lists:keymember(cert, 1, Opts) - orelse lists:keymember(certfile, 1, Opts), + orelse lists:keymember(certfile, 1, Opts) + orelse lists:keymember(sni_fun, 1, Opts) + orelse lists:keymember(sni_hosts, 1, Opts), Opts2 = ranch:set_option_default(Opts, backlog, 1024), Opts3 = ranch:set_option_default(Opts2, ciphers, unbroken_cipher_suites()), Opts4 = ranch:set_option_default(Opts3, nodelay, true), diff --git a/test/acceptor_SUITE.erl b/test/acceptor_SUITE.erl index b937cc7..03bcfd6 100644 --- a/test/acceptor_SUITE.erl +++ b/test/acceptor_SUITE.erl @@ -39,7 +39,9 @@ groups() -> ssl_accept_error, ssl_accept_socket, ssl_active_echo, - ssl_echo + ssl_echo, + ssl_sni_echo, + ssl_sni_fail ]}, {misc, [ misc_bad_transport, misc_bad_transport_options @@ -132,6 +134,33 @@ ssl_echo(_) -> {'EXIT', _} = begin catch ranch:get_port(Name) end, ok. +ssl_sni_echo(_) -> + doc("Ensure that SNI works with SSL transport."), + Name = name(), + Opts = ct_helper:get_certs_from_ets(), + {ok, _} = ranch:start_listener(Name, 1, ranch_ssl, [{sni_hosts, [{"localhost", Opts}]}], echo_protocol, []), + Port = ranch:get_port(Name), + {ok, Socket} = ssl:connect("localhost", Port, [binary, {active, false}, {packet, raw}]), + ok = ssl:send(Socket, <<"SSL Ranch is working!">>), + {ok, <<"SSL Ranch is working!">>} = ssl:recv(Socket, 21, 1000), + ok = ranch:stop_listener(Name), + {error, closed} = ssl:recv(Socket, 0, 1000), + %% Make sure the listener stopped. + {'EXIT', _} = begin catch ranch:get_port(Name) end, + ok. + +ssl_sni_fail(_) -> + doc("Ensure that connection fails when host is not in SNI list."), + Name = name(), + Opts = ct_helper:get_certs_from_ets(), + {ok, _} = ranch:start_listener(Name, 1, ranch_ssl, [{sni_hosts, [{"pouet", Opts}]}], echo_protocol, []), + Port = ranch:get_port(Name), + {error, _} = ssl:connect("localhost", Port, [binary, {active, false}, {packet, raw}]), + ok = ranch:stop_listener(Name), + %% Make sure the listener stopped. + {'EXIT', _} = begin catch ranch:get_port(Name) end, + ok. + %% tcp. tcp_accept_socket(_) -> |