Age | Commit message (Collapse) | Author |
|
|
|
Simplify some return values, improve error messages for
eaddrinuse and no_cert.
Amended to add tests and simpler code. Also hides the
contents of cert and key transport options, if any.
|
|
Cert/certfile is no longer required if SNI options are provided.
|
|
Dialyzer will still complain about unknown options, but at
least users won't be stuck waiting for an upstream update.
|
|
|
|
Added in ssl-7.3.1 (OTP-13261). Documented in ssl-8.0.
|
|
When SSL is stopped before Ranch, the acceptors crash and
Ranch tries to restart them. The problem is that the
ranch_ssl:listen/1 call was trying to start the SSL
application to make sure it works (an old artifact from
when releases were not ubiquitous). Because the application
controller is trying to shutdown Ranch, and Ranch tries to
tell it to start an application, everything would get stuck.
To avoid a breaking change, we move this in the start_listener
call (or child_spec). Note that there are still logs when the
SSL application is closed, because the acceptors crash. But
at least we don't block node shutdown anymore.
In Ranch 2.0, we will implement the proper fix which is to
simply depend on the SSL application normally. Nowadays, it's
not too difficult to build a release that excludes applications
we don't want, although we should document that in the Ranch
user guide.
|
|
|
|
We are now up to date with regard to transport options we should
accept for the listening socket. Documentation of existing options
has been updated with regard to recent changes in the OTP docs
and type specifications.
|
|
Should fix Dialyzer issues. The options are now also
documented in the Ranch module, and there's new ranch:opt(),
ranch_tcp:opt() and ranch_ssl:opt() for use in third party
code.
|
|
|
|
|
|
|
|
SSL socket might be closed on accept_ack, it happens quite often
and it is not a problem, so don't report error on the case.
|
|
Currently Ranch checks if a connection is secure by checking if its name
is 'ssl'. This isn't a very modular solution, adding an API function
that returns whether a connection is secure.
|
|
|
|
|
|
These errors just pollute the logs when garbage is sent to the
socket. Exit the process normally to avoid unwanted logs.
|
|
Allows closing the socket in one or two directions.
|
|
All of it can be found in the manual, which defines what the
code must do, and is always up to date unlike the code comments.
|
|
|
|
|
|
Doing this in the connection process allows us to free acceptors
to start accepting more connections quicker, especially under load.
|
|
|
|
|
|
Adds a transport connect method that takes a timeout, with implementations for both ssl and tcp connections.
|
|
|
|
|
|
The implementation of elliptic-curve ciphers that has been introduced in
R16B01 is still incomplete (and broken). This makes our previous
workaround (see c0c09a1311) work for R16B02 as well.
|
|
Adds offset based sendfile to transports. Same behaviour as
file:sendfile/4,/5 except socket and file arguments are reversed and
either a raw file or a filename can be used.
sendfile/2,/4,/5 now compulsory callbacks in ranch_transport.
ranch_tcp:sendfile/2 now defaults to a chunk_size of 8191 - the default
for ranch_ssl:sendfile/2. The same default is used for both
ranch_tcp:sendfile/4,5 and ranch_ssl:sendfile/4,5.
|
|
Unfortunately the implementation of elliptic-curve ciphers that has
been introduced in R16B01 is incomplete. Depending on the particular
client, this can cause the TLS handshake to break during key agreement.
As it turns out that most popular browsers (e.g. Firefox, Chromium,
and Safari) are affected by this bug, we provide this workaround.
This workaround makes sure that only cipher suite implementations that
are not known to be broken are supported by default.
|
|
|
|
|
|
|
|
The Erlang SSL library allows keys, certs and cacerts to be passed either as DER encoded binaries or in PEM encoded files. This patch allows ranch_ssl to be configured in either manner.
|
|
This should be an acceptable temporary solution to the ssl_accept
problem. We no longer have to worry about acceptors being dead
because ssl_accept never returned.
|
|
For TLS Next Protocol Negotiation support.
|
|
|
|
This patch lets the user set and use raw socket options as described in
inet:setopts/2 documentation.
The raw options can be useful to use TCP features that are platform-
specific and not supported in inet in general, such as TCP_DEFER_ACCEPT
or TCP_LINGER2 in linux stacks, for example.
|
|
Uses file:sendfile/2 for TCP, a fallback function for SSL.
|
|
|
|
|
|
|
|
Enabled by default.
A comprehensive explanation about TCP_NODELAY and the Nagle algorithm
can be found at http://www.stuartcheshire.org/papers/NagleDelayedAck/
|
|
At the same time we make the 'port' option optional, defaulting to 0.
|
|
Distinguish the errors from transport_accept and ssl_accept
in ranch_ssl. {error, closed} for the first one means the listening
socket got closed; for the second one it means the connection
socket was.
Ignore all errors except when the listening socket got closed,
where we want to crash to allow opening the socket again.
|
|
Also use one export per line to improve future diffs.
Bump the version to 0.2.1 to reflect this change.
|
|
Modules were renamed. The 'cowboy_' prefix became 'ranch_'.
At the same time, ranch_ssl_transport became ranch_ssl,
and ranch_tcp_transport became ranch_tcp, because appending
'_transport' felt a bit redundant considering SSL and TCP
clearly are transports.
One test has been added to make sure everything is working.
|