diff options
Diffstat (limited to 'src/ranch_ssl.erl')
-rw-r--r-- | src/ranch_ssl.erl | 61 |
1 files changed, 34 insertions, 27 deletions
diff --git a/src/ranch_ssl.erl b/src/ranch_ssl.erl index acfe38d..305fbb8 100644 --- a/src/ranch_ssl.erl +++ b/src/ranch_ssl.erl @@ -19,6 +19,7 @@ -export([secure/0]). -export([messages/0]). -export([listen/1]). +-export([listen_options/0]). -export([accept/2]). -export([accept_ack/2]). -export([connect/3]). @@ -35,36 +36,40 @@ -export([shutdown/2]). -export([close/1]). --type opt() :: {backlog, non_neg_integer()} +-type ssl_opt() :: {alpn_preferred_protocols, [binary()]} | {cacertfile, string()} - | {cacerts, [Der::binary()]} - | {cert, Der::binary()} + | {cacerts, [public_key:der_encoded()]} + | {cert, public_key:der_encoded()} | {certfile, string()} | {ciphers, [ssl:erl_cipher_suite()] | string()} + | {client_renegotiation, boolean()} + | {crl_cache, {module(), {internal | any(), list()}}} + | {crl_check, boolean() | peer | best_effort} + | {depth, 0..255} + | {dh, public_key:der_encoded()} + | {dhfile, string()} | {fail_if_no_peer_cert, boolean()} | {hibernate_after, integer() | undefined} | {honor_cipher_order, boolean()} - | {ip, inet:ip_address()} - | {key, Der::binary()} + | {key, {'RSAPrivateKey' | 'DSAPrivateKey' | 'PrivateKeyInfo', public_key:der_encoded()}} | {keyfile, string()} - | {linger, {boolean(), non_neg_integer()}} | {log_alert, boolean()} | {next_protocols_advertised, [binary()]} - | {nodelay, boolean()} - | {partial_chain, fun(([Der::binary()]) -> - {trusted_ca, Der::binary()} | unknown_ca)} + | {partial_chain, fun(([public_key:der_encoded()]) -> {trusted_ca, public_key:der_encoded()} | unknown_ca)} | {password, string()} - | {port, inet:port_number()} - | {raw, non_neg_integer(), non_neg_integer(), - non_neg_integer() | binary()} + | {psk_identity, string()} | {reuse_session, fun()} | {reuse_sessions, boolean()} | {secure_renegotiate, boolean()} - | {send_timeout, timeout()} - | {send_timeout_close, boolean()} + | {sni_fun, fun()} + | {sni_hosts, [{string(), ssl_opt()}]} + | {user_lookup_fun, {fun(), any()}} | {verify, ssl:verify_type()} - | {verify_fun, {fun(), InitialUserState::term()}} + | {verify_fun, {fun(), any()}} | {versions, [atom()]}. +-export_type([ssl_opt/0]). + +-type opt() :: ranch_tcp:opt() | ssl_opt(). -export_type([opt/0]). -type opts() :: [opt()]. @@ -84,24 +89,26 @@ listen(Opts) -> true = lists:keymember(cert, 1, Opts) orelse lists:keymember(certfile, 1, Opts), Opts2 = ranch:set_option_default(Opts, backlog, 1024), - Opts3 = ranch:set_option_default(Opts2, send_timeout, 30000), - Opts4 = ranch:set_option_default(Opts3, send_timeout_close, true), - Opts5 = ranch:set_option_default(Opts4, ciphers, unbroken_cipher_suites()), + Opts3 = ranch:set_option_default(Opts2, ciphers, unbroken_cipher_suites()), + Opts4 = ranch:set_option_default(Opts3, nodelay, true), + Opts5 = ranch:set_option_default(Opts4, send_timeout, 30000), + Opts6 = ranch:set_option_default(Opts5, send_timeout_close, true), %% We set the port to 0 because it is given in the Opts directly. %% The port in the options takes precedence over the one in the %% first argument. - ssl:listen(0, ranch:filter_options(Opts5, - [backlog, cacertfile, cacerts, cert, certfile, ciphers, - fail_if_no_peer_cert, hibernate_after, - honor_cipher_order, ip, key, keyfile, linger, - next_protocols_advertised, nodelay, - log_alert, partial_chain, password, port, raw, - reuse_session, reuse_sessions, secure_renegotiate, - send_timeout, send_timeout_close, verify, verify_fun, - versions], + ssl:listen(0, ranch:filter_options(Opts6, listen_options(), [binary, {active, false}, {packet, raw}, {reuseaddr, true}, {nodelay, true}])). +listen_options() -> + [alpn_preferred_protocols, cacertfile, cacerts, cert, certfile, + ciphers, client_renegotiation, crl_cache, crl_check, depth, + dh, dhfile, fail_if_no_peer_cert, hibernate_after, honor_cipher_order, + key, keyfile, log_alert, next_protocols_advertised, partial_chain, + password, psk_identity, reuse_session, reuse_sessions, secure_renegotiate, + sni_fun, sni_hosts, user_lookup_fun, verify, verify_fun, versions + |ranch_tcp:listen_options()]. + -spec accept(ssl:sslsocket(), timeout()) -> {ok, ssl:sslsocket()} | {error, closed | timeout | atom()}. accept(LSocket, Timeout) -> |