diff options
author | Maria Scott <[email protected]> | 2022-10-06 17:42:12 +0200 |
---|---|---|
committer | Loïc Hoguin <[email protected]> | 2022-10-10 11:59:53 +0200 |
commit | 61cff065a60f4d4d72edf129e5d07ac3ebcf5a86 (patch) | |
tree | c99ad9c5dab7f308597e620226b5298e2fd1bae8 | |
parent | 6a26bb8d91d61ff9755a9844bd2a5f7ca8ada888 (diff) | |
download | ranch-61cff065a60f4d4d72edf129e5d07ac3ebcf5a86.tar.gz ranch-61cff065a60f4d4d72edf129e5d07ac3ebcf5a86.tar.bz2 ranch-61cff065a60f4d4d72edf129e5d07ac3ebcf5a86.zip |
Allow new ssl option certs_keys in ranch_ssl
-rw-r--r-- | doc/src/manual/ranch_ssl.asciidoc | 11 | ||||
-rw-r--r-- | src/ranch_ssl.erl | 8 |
2 files changed, 18 insertions, 1 deletions
diff --git a/doc/src/manual/ranch_ssl.asciidoc b/doc/src/manual/ranch_ssl.asciidoc index 754d90b..d6b03de 100644 --- a/doc/src/manual/ranch_ssl.asciidoc +++ b/doc/src/manual/ranch_ssl.asciidoc @@ -45,6 +45,11 @@ ssl_opt() = {alpn_preferred_protocols, [binary()]} | {cacertfile, file:filename()} | {cacerts, [public_key:der_encoded()]} | {cert, public_key:der_encoded()} + | {certs_keys, [#{cert => public_key:der_encoded(), + key => ssl:key(), + certfile => file:filename(), + keyfile => file:filename(), + key_pem_password => iodata() | fun(() -> iodata())}]} | {certfile, file:filename()} | {ciphers, ssl:ciphers()} | {client_renegotiation, boolean()} @@ -123,6 +128,12 @@ cert:: DER encoded user certificate. +certs_keys:: + +A list of a certificate (or possible a certificate and its chain) +and the associated key of the certificate, that may be used to +authenticate the client or the server. + certfile:: Path to the PEM encoded user certificate file. May also diff --git a/src/ranch_ssl.erl b/src/ranch_ssl.erl index ff5831e..428f91c 100644 --- a/src/ranch_ssl.erl +++ b/src/ranch_ssl.erl @@ -53,6 +53,11 @@ | {cacertfile, file:filename()} | {cacerts, [public_key:der_encoded()]} | {cert, public_key:der_encoded()} + | {certs_keys, [#{cert => public_key:der_encoded(), + key => ssl:key(), + certfile => file:filename(), + keyfile => file:filename(), + key_pem_password => iodata() | fun(() -> iodata())}]} | {certfile, file:filename()} | {ciphers, ssl:ciphers()} | {client_renegotiation, boolean()} @@ -119,7 +124,8 @@ listen(TransOpts) -> orelse lists:keymember(certfile, 1, SocketOpts) orelse lists:keymember(sni_fun, 1, SocketOpts) orelse lists:keymember(sni_hosts, 1, SocketOpts) - orelse lists:keymember(user_lookup_fun, 1, SocketOpts) of + orelse lists:keymember(user_lookup_fun, 1, SocketOpts) + orelse lists:keymember(certs_keys, 1, SocketOpts) of true -> Logger = maps:get(logger, TransOpts, logger), do_listen(SocketOpts, Logger); |