diff options
-rw-r--r-- | src/ranch_ssl.erl | 4 | ||||
-rw-r--r-- | test/acceptor_SUITE.erl | 31 |
2 files changed, 33 insertions, 2 deletions
diff --git a/src/ranch_ssl.erl b/src/ranch_ssl.erl index ea5d9d5..b3fab51 100644 --- a/src/ranch_ssl.erl +++ b/src/ranch_ssl.erl @@ -90,7 +90,9 @@ messages() -> {ssl, ssl_closed, ssl_error}. -spec listen(opts()) -> {ok, ssl:sslsocket()} | {error, atom()}. listen(Opts) -> true = lists:keymember(cert, 1, Opts) - orelse lists:keymember(certfile, 1, Opts), + orelse lists:keymember(certfile, 1, Opts) + orelse lists:keymember(sni_fun, 1, Opts) + orelse lists:keymember(sni_hosts, 1, Opts), Opts2 = ranch:set_option_default(Opts, backlog, 1024), Opts3 = ranch:set_option_default(Opts2, ciphers, unbroken_cipher_suites()), Opts4 = ranch:set_option_default(Opts3, nodelay, true), diff --git a/test/acceptor_SUITE.erl b/test/acceptor_SUITE.erl index b937cc7..03bcfd6 100644 --- a/test/acceptor_SUITE.erl +++ b/test/acceptor_SUITE.erl @@ -39,7 +39,9 @@ groups() -> ssl_accept_error, ssl_accept_socket, ssl_active_echo, - ssl_echo + ssl_echo, + ssl_sni_echo, + ssl_sni_fail ]}, {misc, [ misc_bad_transport, misc_bad_transport_options @@ -132,6 +134,33 @@ ssl_echo(_) -> {'EXIT', _} = begin catch ranch:get_port(Name) end, ok. +ssl_sni_echo(_) -> + doc("Ensure that SNI works with SSL transport."), + Name = name(), + Opts = ct_helper:get_certs_from_ets(), + {ok, _} = ranch:start_listener(Name, 1, ranch_ssl, [{sni_hosts, [{"localhost", Opts}]}], echo_protocol, []), + Port = ranch:get_port(Name), + {ok, Socket} = ssl:connect("localhost", Port, [binary, {active, false}, {packet, raw}]), + ok = ssl:send(Socket, <<"SSL Ranch is working!">>), + {ok, <<"SSL Ranch is working!">>} = ssl:recv(Socket, 21, 1000), + ok = ranch:stop_listener(Name), + {error, closed} = ssl:recv(Socket, 0, 1000), + %% Make sure the listener stopped. + {'EXIT', _} = begin catch ranch:get_port(Name) end, + ok. + +ssl_sni_fail(_) -> + doc("Ensure that connection fails when host is not in SNI list."), + Name = name(), + Opts = ct_helper:get_certs_from_ets(), + {ok, _} = ranch:start_listener(Name, 1, ranch_ssl, [{sni_hosts, [{"pouet", Opts}]}], echo_protocol, []), + Port = ranch:get_port(Name), + {error, _} = ssl:connect("localhost", Port, [binary, {active, false}, {packet, raw}]), + ok = ranch:stop_listener(Name), + %% Make sure the listener stopped. + {'EXIT', _} = begin catch ranch:get_port(Name) end, + ok. + %% tcp. tcp_accept_socket(_) -> |