aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--src/ranch_ssl.erl4
-rw-r--r--test/acceptor_SUITE.erl31
2 files changed, 33 insertions, 2 deletions
diff --git a/src/ranch_ssl.erl b/src/ranch_ssl.erl
index ea5d9d5..b3fab51 100644
--- a/src/ranch_ssl.erl
+++ b/src/ranch_ssl.erl
@@ -90,7 +90,9 @@ messages() -> {ssl, ssl_closed, ssl_error}.
-spec listen(opts()) -> {ok, ssl:sslsocket()} | {error, atom()}.
listen(Opts) ->
true = lists:keymember(cert, 1, Opts)
- orelse lists:keymember(certfile, 1, Opts),
+ orelse lists:keymember(certfile, 1, Opts)
+ orelse lists:keymember(sni_fun, 1, Opts)
+ orelse lists:keymember(sni_hosts, 1, Opts),
Opts2 = ranch:set_option_default(Opts, backlog, 1024),
Opts3 = ranch:set_option_default(Opts2, ciphers, unbroken_cipher_suites()),
Opts4 = ranch:set_option_default(Opts3, nodelay, true),
diff --git a/test/acceptor_SUITE.erl b/test/acceptor_SUITE.erl
index b937cc7..03bcfd6 100644
--- a/test/acceptor_SUITE.erl
+++ b/test/acceptor_SUITE.erl
@@ -39,7 +39,9 @@ groups() ->
ssl_accept_error,
ssl_accept_socket,
ssl_active_echo,
- ssl_echo
+ ssl_echo,
+ ssl_sni_echo,
+ ssl_sni_fail
]}, {misc, [
misc_bad_transport,
misc_bad_transport_options
@@ -132,6 +134,33 @@ ssl_echo(_) ->
{'EXIT', _} = begin catch ranch:get_port(Name) end,
ok.
+ssl_sni_echo(_) ->
+ doc("Ensure that SNI works with SSL transport."),
+ Name = name(),
+ Opts = ct_helper:get_certs_from_ets(),
+ {ok, _} = ranch:start_listener(Name, 1, ranch_ssl, [{sni_hosts, [{"localhost", Opts}]}], echo_protocol, []),
+ Port = ranch:get_port(Name),
+ {ok, Socket} = ssl:connect("localhost", Port, [binary, {active, false}, {packet, raw}]),
+ ok = ssl:send(Socket, <<"SSL Ranch is working!">>),
+ {ok, <<"SSL Ranch is working!">>} = ssl:recv(Socket, 21, 1000),
+ ok = ranch:stop_listener(Name),
+ {error, closed} = ssl:recv(Socket, 0, 1000),
+ %% Make sure the listener stopped.
+ {'EXIT', _} = begin catch ranch:get_port(Name) end,
+ ok.
+
+ssl_sni_fail(_) ->
+ doc("Ensure that connection fails when host is not in SNI list."),
+ Name = name(),
+ Opts = ct_helper:get_certs_from_ets(),
+ {ok, _} = ranch:start_listener(Name, 1, ranch_ssl, [{sni_hosts, [{"pouet", Opts}]}], echo_protocol, []),
+ Port = ranch:get_port(Name),
+ {error, _} = ssl:connect("localhost", Port, [binary, {active, false}, {packet, raw}]),
+ ok = ranch:stop_listener(Name),
+ %% Make sure the listener stopped.
+ {'EXIT', _} = begin catch ranch:get_port(Name) end,
+ ok.
+
%% tcp.
tcp_accept_socket(_) ->