1 files changed, 7 insertions, 1 deletions

diff --git a/src/ranch_ssl.erl b/src/ranch_ssl.erl
index d880cc8..a5de96e 100644
--- a/src/ranch_ssl.erl
+++ b/src/ranch_ssl.erl
@@ -61,6 +61,11 @@ messages() -> {ssl, ssl_closed, ssl_error}.
 %%  <dt>ciphers</dt><dd>Optional. The cipher suites that should be supported.
 %%   The function ssl:cipher_suites/0 can be used to find all available
 %%   ciphers.</dd>
+%%  <dt>fail_if_no_peer_cert</dt><dd>Optional. Used together with {verify, verify_peer}.
+%%   If set to true, the server will fail if the client does not have a certificate
+%%   to send, i.e. sends a empty certificate, if set to false (that is by default)
+%%   it will only fail if the client sends an invalid certificate (an empty
+%%   certificate is considered valid).</dd>
 %%  <dt>ip</dt><dd>Interface to listen on. Listen on all interfaces
 %%   by default.</dd>
 %%  <dt>keyfile</dt><dd>Optional. Path to the file containing the user's
@@ -82,6 +87,7 @@ messages() -> {ssl, ssl_closed, ssl_error}.
 %% @see ssl:listen/2
 -spec listen([{backlog, non_neg_integer()} | {cacertfile, string()}
 	| {certfile, string()} | {ciphers, [ssl:erl_cipher_suite()] | string()}
+	| {fail_if_no_peer_cert, boolean()}
 	| {ip, inet:ip_address()} | {keyfile, string()} | {nodelay, boolean()}
 	| {password, string()} | {port, inet:port_number()}
 	| {verify, ssl:verify_type()}])
@@ -94,7 +100,7 @@ listen(Opts) ->
 	%% The port in the options takes precedence over the one in the
 	%% first argument.
 	ssl:listen(0, ranch:filter_options(Opts2,
-		[backlog, cacertfile, certfile, ciphers, ip,
+		[backlog, cacertfile, certfile, ciphers, fail_if_no_peer_cert, ip,
 			keyfile, nodelay, password, port, raw, verify],
 		[binary, {active, false}, {packet, raw},
 			{reuseaddr, true}, {nodelay, true}])).