From 6d8208d07d2973565754679f8c8e907413f56335 Mon Sep 17 00:00:00 2001 From: 0x00F6 <0x00F6@gmail.com> Date: Mon, 18 Feb 2013 14:18:49 +0400 Subject: Support for fail_if_no_peer_cert SSL server option. --- src/ranch_ssl.erl | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/ranch_ssl.erl b/src/ranch_ssl.erl index d880cc8..a5de96e 100644 --- a/src/ranch_ssl.erl +++ b/src/ranch_ssl.erl @@ -61,6 +61,11 @@ messages() -> {ssl, ssl_closed, ssl_error}. %%
ciphers
Optional. The cipher suites that should be supported. %% The function ssl:cipher_suites/0 can be used to find all available %% ciphers.
+%%
fail_if_no_peer_cert
Optional. Used together with {verify, verify_peer}. +%% If set to true, the server will fail if the client does not have a certificate +%% to send, i.e. sends a empty certificate, if set to false (that is by default) +%% it will only fail if the client sends an invalid certificate (an empty +%% certificate is considered valid).
%%
ip
Interface to listen on. Listen on all interfaces %% by default.
%%
keyfile
Optional. Path to the file containing the user's @@ -82,6 +87,7 @@ messages() -> {ssl, ssl_closed, ssl_error}. %% @see ssl:listen/2 -spec listen([{backlog, non_neg_integer()} | {cacertfile, string()} | {certfile, string()} | {ciphers, [ssl:erl_cipher_suite()] | string()} + | {fail_if_no_peer_cert, boolean()} | {ip, inet:ip_address()} | {keyfile, string()} | {nodelay, boolean()} | {password, string()} | {port, inet:port_number()} | {verify, ssl:verify_type()}]) @@ -94,7 +100,7 @@ listen(Opts) -> %% The port in the options takes precedence over the one in the %% first argument. ssl:listen(0, ranch:filter_options(Opts2, - [backlog, cacertfile, certfile, ciphers, ip, + [backlog, cacertfile, certfile, ciphers, fail_if_no_peer_cert, ip, keyfile, nodelay, password, port, raw, verify], [binary, {active, false}, {packet, raw}, {reuseaddr, true}, {nodelay, true}])). -- cgit v1.2.3