diff options
| author | Loïc Hoguin <essen@ninenines.eu> | 2025-01-23 13:24:03 +0100 |
|---|---|---|
| committer | Loïc Hoguin <essen@ninenines.eu> | 2025-01-23 13:24:03 +0100 |
| commit | 536aa68ce51354de775f875dd49109ae6fa3a9cb (patch) | |
| tree | e4a80f9dc7153d1b593fa16a951df35af12a8282 | |
| parent | 7335184d0de59166b68e5b0bbb86ca40c3d4e5d0 (diff) | |
| download | ranch-536aa68ce51354de775f875dd49109ae6fa3a9cb.tar.gz ranch-536aa68ce51354de775f875dd49109ae6fa3a9cb.tar.bz2 ranch-536aa68ce51354de775f875dd49109ae6fa3a9cb.zip | |
Fix DTLS
Options invalid for DTLS were given to ssl. Now they are only
given for TLS.
The {packet,raw} option is no longer set because the default
for TLS is the equivalent {packet,0} and DTLS doesn't accept it.
| -rw-r--r-- | src/ranch_ssl.erl | 18 | ||||
| -rw-r--r-- | test/acceptor_SUITE.erl | 22 |
2 files changed, 35 insertions, 5 deletions
diff --git a/src/ranch_ssl.erl b/src/ranch_ssl.erl index c99335f..0ae8764 100644 --- a/src/ranch_ssl.erl +++ b/src/ranch_ssl.erl @@ -135,17 +135,25 @@ listen(TransOpts) -> end. do_listen(SocketOpts0, Logger) -> - SocketOpts1 = ranch:set_option_default(SocketOpts0, backlog, 1024), - SocketOpts2 = ranch:set_option_default(SocketOpts1, nodelay, true), - SocketOpts3 = ranch:set_option_default(SocketOpts2, send_timeout, 30000), - SocketOpts = ranch:set_option_default(SocketOpts3, send_timeout_close, true), + SocketOpts = set_default_options(SocketOpts0), DisallowedOpts0 = disallowed_listen_options(), DisallowedOpts = unsupported_tls_options(SocketOpts) ++ DisallowedOpts0, %% We set the port to 0 because it is given in the Opts directly. %% The port in the options takes precedence over the one in the %% first argument. ssl:listen(0, ranch:filter_options(SocketOpts, DisallowedOpts, - [binary, {active, false}, {packet, raw}, {reuseaddr, true}], Logger)). + [binary, {active, false}, {reuseaddr, true}], Logger)). + +set_default_options(SocketOpts0) -> + case proplists:get_value(protocol, SocketOpts0, tls) of + tls -> + SocketOpts1 = ranch:set_option_default(SocketOpts0, backlog, 1024), + SocketOpts2 = ranch:set_option_default(SocketOpts1, nodelay, true), + SocketOpts3 = ranch:set_option_default(SocketOpts2, send_timeout, 30000), + ranch:set_option_default(SocketOpts3, send_timeout_close, true); + dtls -> + SocketOpts0 + end. %% 'binary' and 'list' are disallowed but they are handled %% specifically as they do not have 2-tuple equivalents. diff --git a/test/acceptor_SUITE.erl b/test/acceptor_SUITE.erl index 0f96fae..85fde04 100644 --- a/test/acceptor_SUITE.erl +++ b/test/acceptor_SUITE.erl @@ -83,6 +83,7 @@ groups() -> ssl_active_n_echo, ssl_echo, ssl_local_echo, + ssl_dtls_echo, ssl_graceful, ssl_handshake, ssl_handshake_error, @@ -840,6 +841,27 @@ ssl_echo(_) -> {'EXIT', _} = begin catch ranch:get_port(Name) end, ok. +ssl_dtls_echo(_) -> + doc("Ensure that passive mode works with SSL transport."), + Name = name(), + %% We are using DTLS so the version should be 'dtlsv1.2'. + %% But since we don't really need it we simply don't set 'versions'. + Opts = ct_helper:get_certs_from_ets() -- [{versions, ['tlsv1.2']}], + {ok, _} = ranch:start_listener(Name, + ranch_ssl, Opts ++ [{protocol, dtls}, {verify, verify_none}], + echo_protocol, []), + Port = ranch:get_port(Name), + {ok, Socket} = ssl:connect("localhost", Port, [ + binary, {active, false}, {protocol, dtls}, + {verify, verify_none}]), + ok = ssl:send(Socket, <<"SSL Ranch is working!">>), + {ok, <<"SSL Ranch is working!">>} = ssl:recv(Socket, 21, 1000), + ok = ranch:stop_listener(Name), + {error, closed} = ssl:recv(Socket, 0, 1000), + %% Make sure the listener stopped. + {'EXIT', _} = begin catch ranch:get_port(Name) end, + ok. + ssl_handshake(_) -> doc("Ensure that multiple steps handshake works with SSL transport."), Name = name(), |