diff options
| author | Loïc Hoguin <[email protected]> | 2015-08-18 17:15:45 +0200 |
|---|---|---|
| committer | Loïc Hoguin <[email protected]> | 2015-08-18 17:15:45 +0200 |
| commit | 0d5d855da3d0b2d508fae4258b125a3a5ab7b306 (patch) | |
| tree | c504903fe15cb34768b34542f3dbc5a3449fb999 /src/ranch_ssl.erl | |
| parent | d440a2c1d26e4f0770a66279de151806b1ad5ac2 (diff) | |
| download | ranch-0d5d855da3d0b2d508fae4258b125a3a5ab7b306.tar.gz ranch-0d5d855da3d0b2d508fae4258b125a3a5ab7b306.tar.bz2 ranch-0d5d855da3d0b2d508fae4258b125a3a5ab7b306.zip | |
Update the list of allowed transport options
We are now up to date with regard to transport options we should
accept for the listening socket. Documentation of existing options
has been updated with regard to recent changes in the OTP docs
and type specifications.
Diffstat (limited to 'src/ranch_ssl.erl')
| -rw-r--r-- | src/ranch_ssl.erl | 61 |
1 files changed, 34 insertions, 27 deletions
diff --git a/src/ranch_ssl.erl b/src/ranch_ssl.erl index acfe38d..305fbb8 100644 --- a/src/ranch_ssl.erl +++ b/src/ranch_ssl.erl @@ -19,6 +19,7 @@ -export([secure/0]). -export([messages/0]). -export([listen/1]). +-export([listen_options/0]). -export([accept/2]). -export([accept_ack/2]). -export([connect/3]). @@ -35,36 +36,40 @@ -export([shutdown/2]). -export([close/1]). --type opt() :: {backlog, non_neg_integer()} +-type ssl_opt() :: {alpn_preferred_protocols, [binary()]} | {cacertfile, string()} - | {cacerts, [Der::binary()]} - | {cert, Der::binary()} + | {cacerts, [public_key:der_encoded()]} + | {cert, public_key:der_encoded()} | {certfile, string()} | {ciphers, [ssl:erl_cipher_suite()] | string()} + | {client_renegotiation, boolean()} + | {crl_cache, {module(), {internal | any(), list()}}} + | {crl_check, boolean() | peer | best_effort} + | {depth, 0..255} + | {dh, public_key:der_encoded()} + | {dhfile, string()} | {fail_if_no_peer_cert, boolean()} | {hibernate_after, integer() | undefined} | {honor_cipher_order, boolean()} - | {ip, inet:ip_address()} - | {key, Der::binary()} + | {key, {'RSAPrivateKey' | 'DSAPrivateKey' | 'PrivateKeyInfo', public_key:der_encoded()}} | {keyfile, string()} - | {linger, {boolean(), non_neg_integer()}} | {log_alert, boolean()} | {next_protocols_advertised, [binary()]} - | {nodelay, boolean()} - | {partial_chain, fun(([Der::binary()]) -> - {trusted_ca, Der::binary()} | unknown_ca)} + | {partial_chain, fun(([public_key:der_encoded()]) -> {trusted_ca, public_key:der_encoded()} | unknown_ca)} | {password, string()} - | {port, inet:port_number()} - | {raw, non_neg_integer(), non_neg_integer(), - non_neg_integer() | binary()} + | {psk_identity, string()} | {reuse_session, fun()} | {reuse_sessions, boolean()} | {secure_renegotiate, boolean()} - | {send_timeout, timeout()} - | {send_timeout_close, boolean()} + | {sni_fun, fun()} + | {sni_hosts, [{string(), ssl_opt()}]} + | {user_lookup_fun, {fun(), any()}} | {verify, ssl:verify_type()} - | {verify_fun, {fun(), InitialUserState::term()}} + | {verify_fun, {fun(), any()}} | {versions, [atom()]}. +-export_type([ssl_opt/0]). + +-type opt() :: ranch_tcp:opt() | ssl_opt(). -export_type([opt/0]). -type opts() :: [opt()]. @@ -84,24 +89,26 @@ listen(Opts) -> true = lists:keymember(cert, 1, Opts) orelse lists:keymember(certfile, 1, Opts), Opts2 = ranch:set_option_default(Opts, backlog, 1024), - Opts3 = ranch:set_option_default(Opts2, send_timeout, 30000), - Opts4 = ranch:set_option_default(Opts3, send_timeout_close, true), - Opts5 = ranch:set_option_default(Opts4, ciphers, unbroken_cipher_suites()), + Opts3 = ranch:set_option_default(Opts2, ciphers, unbroken_cipher_suites()), + Opts4 = ranch:set_option_default(Opts3, nodelay, true), + Opts5 = ranch:set_option_default(Opts4, send_timeout, 30000), + Opts6 = ranch:set_option_default(Opts5, send_timeout_close, true), %% We set the port to 0 because it is given in the Opts directly. %% The port in the options takes precedence over the one in the %% first argument. - ssl:listen(0, ranch:filter_options(Opts5, - [backlog, cacertfile, cacerts, cert, certfile, ciphers, - fail_if_no_peer_cert, hibernate_after, - honor_cipher_order, ip, key, keyfile, linger, - next_protocols_advertised, nodelay, - log_alert, partial_chain, password, port, raw, - reuse_session, reuse_sessions, secure_renegotiate, - send_timeout, send_timeout_close, verify, verify_fun, - versions], + ssl:listen(0, ranch:filter_options(Opts6, listen_options(), [binary, {active, false}, {packet, raw}, {reuseaddr, true}, {nodelay, true}])). +listen_options() -> + [alpn_preferred_protocols, cacertfile, cacerts, cert, certfile, + ciphers, client_renegotiation, crl_cache, crl_check, depth, + dh, dhfile, fail_if_no_peer_cert, hibernate_after, honor_cipher_order, + key, keyfile, log_alert, next_protocols_advertised, partial_chain, + password, psk_identity, reuse_session, reuse_sessions, secure_renegotiate, + sni_fun, sni_hosts, user_lookup_fun, verify, verify_fun, versions + |ranch_tcp:listen_options()]. + -spec accept(ssl:sslsocket(), timeout()) -> {ok, ssl:sslsocket()} | {error, closed | timeout | atom()}. accept(LSocket, Timeout) -> |