aboutsummaryrefslogtreecommitdiffstats
path: root/src/ranch_ssl.erl
AgeCommit message (Collapse)Author
2018-07-31Fix some whitespaceLoïc Hoguin
2018-07-04Return errors from Transport:handshakeLoïc Hoguin
The "normal" errors are still silenced when calling ranch:handshake.
2018-07-04Enable TLS upgrades via ranch_ssl:handshake/3Loïc Hoguin
Based on the work done by @juhlig.
2018-07-02Remove an old R16B01/02 workaroundLoïc Hoguin
Next release will only support 18+.
2018-07-02Introduce Transport:handshake/1,2j.uhlig
This commit deprecates Transport:accept_ack/1 in favor of a new forward-compatible function. Transport:handshake/1,2 will use ssl:handshake/2,3 from Ranch 2.0 onward.
2018-04-10Ranch 1.5.01.5.0Loïc Hoguin
2018-01-22Added transport functions getopts/2, getstat/1 and getstat/2Jan Uhlig
2017-06-07Update Copyright to 20171.4.0Loïc Hoguin
2016-11-24Update copyright yearLoïc Hoguin
2016-11-15Improve error reportingAlexey Lebedeff
Simplify some return values, improve error messages for eaddrinuse and no_cert. Amended to add tests and simpler code. Also hides the contents of cert and key transport options, if any.
2016-11-08Allow listening with only SNI optionsLoïc Hoguin
Cert/certfile is no longer required if SNI options are provided.
2016-11-08Blacklist listen options instead of whitelistLoïc Hoguin
Dialyzer will still complain about unknown options, but at least users won't be stuck waiting for an upstream update.
2016-11-01Add SSL options for legacy software interoperabilityAlexandru Munteanu
2016-10-09Make values for the TLS 1.2 signature_algorithms extension configurableVictor
Added in ssl-7.3.1 (OTP-13261). Documented in ssl-8.0.
2015-12-18Fix node shutdown getting stuckLoïc Hoguin
When SSL is stopped before Ranch, the acceptors crash and Ranch tries to restart them. The problem is that the ranch_ssl:listen/1 call was trying to start the SSL application to make sure it works (an old artifact from when releases were not ubiquitous). Because the application controller is trying to shutdown Ranch, and Ranch tries to tell it to start an application, everything would get stuck. To avoid a breaking change, we move this in the start_listener call (or child_spec). Note that there are still logs when the SSL application is closed, because the acceptors crash. But at least we don't block node shutdown anymore. In Ranch 2.0, we will implement the proper fix which is to simply depend on the SSL application normally. Nowadays, it's not too difficult to build a release that excludes applications we don't want, although we should document that in the Ranch user guide.
2015-08-18Welcome to 2015Loïc Hoguin
2015-08-18Update the list of allowed transport optionsLoïc Hoguin
We are now up to date with regard to transport options we should accept for the listening socket. Documentation of existing options has been updated with regard to recent changes in the OTP docs and type specifications.
2015-08-17Don't pass Ranch-specific options down to transportsLoïc Hoguin
Should fix Dialyzer issues. The options are now also documented in the Ranch module, and there's new ranch:opt(), ranch_tcp:opt() and ranch_ssl:opt() for use in third party code.
2014-11-02support ssl partial_chain featureAndre Graf
2014-09-11Merge branch 'add_transport_secure' of git://github.com/matrixise/ranchLoïc Hoguin
2014-09-11Merge branch 'ssl_closed' of git://github.com/yjh0502/ranchLoïc Hoguin
2014-09-11Don't report error on ssl {error, closed}Jihyun Yu
SSL socket might be closed on accept_ack, it happens quite often and it is not a problem, so don't report error on the case.
2014-09-02Add Transport:secure/0Stéphane Wirtel
Currently Ranch checks if a connection is secure by checking if its name is 'ssl'. This isn't a very modular solution, adding an API function that returns whether a connection is secure.
2014-06-10Update copyright yearsLoïc Hoguin
2014-04-30additional ssl option supportRansom Richardson
2014-04-23Ignore some errors that may occur during handshakeLoïc Hoguin
These errors just pollute the logs when garbage is sent to the socket. Exit the process normally to avoid unwanted logs.
2013-12-07Add Transport:shutdown/2Loïc Hoguin
Allows closing the socket in one or two directions.
2013-12-07Get rid of a ton of pointless commentsLoïc Hoguin
All of it can be found in the manual, which defines what the code must do, and is always up to date unlike the code comments.
2013-12-07Add transport options linger, send_timeout, send_timeout_closeLoïc Hoguin
2013-12-07Merge branch 'connect_timeout' of git://github.com/heroku/ranchLoïc Hoguin
2013-11-26Add accept_ack on all transports and ack_timeout transport optionLoïc Hoguin
Doing this in the connection process allows us to free acceptors to start accepting more connections quicker, especially under load.
2013-11-25Small fixes to specsLoïc Hoguin
2013-11-14Fix a socket leak with SSL when ssl_accept failsLoïc Hoguin
2013-11-07Implements ranch_transport:connect/4.Geoff Cant
Adds a transport connect method that takes a timeout, with implementations for both ssl and tcp connections.
2013-10-20Merge branch 'hibernate_after' of git://github.com/talko/ranchLoïc Hoguin
2013-09-23Add hibernate_after ssl optionRansom Richardson
2013-09-22Use previous ecc workaround for R16B02 as wellKlaus Trainer
The implementation of elliptic-curve ciphers that has been introduced in R16B01 is still incomplete (and broken). This makes our previous workaround (see c0c09a1311) work for R16B02 as well.
2013-08-16Add Transport:sendfile/4,/5James Fish
Adds offset based sendfile to transports. Same behaviour as file:sendfile/4,/5 except socket and file arguments are reversed and either a raw file or a filename can be used. sendfile/2,/4,/5 now compulsory callbacks in ranch_transport. ranch_tcp:sendfile/2 now defaults to a chunk_size of 8191 - the default for ranch_ssl:sendfile/2. The same default is used for both ranch_tcp:sendfile/4,5 and ranch_ssl:sendfile/4,5.
2013-07-24Work around broken elliptic-curve cipher suitesKlaus Trainer
Unfortunately the implementation of elliptic-curve ciphers that has been introduced in R16B01 is incomplete. Depending on the particular client, this can cause the TLS handshake to break during key agreement. As it turns out that most popular browsers (e.g. Firefox, Chromium, and Safari) are affected by this bug, we provide this workaround. This workaround makes sure that only cipher suite implementations that are not known to be broken are supported by default.
2013-06-20Add asn1 to the list of applications that need to be started for SSLLoïc Hoguin
2013-06-07Add support for additional ssl options.Ransom Richardson
2013-05-16Add ranch_ssl:opts() typeLoïc Hoguin
2013-04-28Allow ranch_ssl to use DER cert/key/ca options.Geoff Cant
The Erlang SSL library allows keys, certs and cacerts to be passed either as DER encoded binaries or in PEM encoded files. This patch allows ranch_ssl to be configured in either manner.
2013-04-08Never tries to ssl_accept with an infinity timeoutLoïc Hoguin
This should be an acceptable temporary solution to the ssl_accept problem. We no longer have to worry about acceptors being dead because ssl_accept never returned.
2013-03-06Add next_protocols_advertised option to ranch_sslLoïc Hoguin
For TLS Next Protocol Negotiation support.
2013-02-18Support for fail_if_no_peer_cert SSL server option.0x00F6
2013-01-15Allow raw socket options for TCP and SSLFred Hebert
This patch lets the user set and use raw socket options as described in inet:setopts/2 documentation. The raw options can be useful to use TCP features that are platform- specific and not supported in inet in general, such as TCP_DEFER_ACCEPT or TCP_LINGER2 in linux stacks, for example.
2012-12-01Add Transport:sendfile/2 supportLoïc Hoguin
Uses file:sendfile/2 for TCP, a fallback function for SSL.
2012-12-01Fix typespecs for Transport:send/2Loïc Hoguin
2012-11-12Allow IP tuples and more when connecting transportsLoïc Hoguin