From b2b099627424ce42b7f0ac02e5ddd8d0bf2c3381 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lo=C3=AFc=20Hoguin?= Date: Tue, 8 Nov 2016 16:38:21 +0200 Subject: Blacklist listen options instead of whitelist Dialyzer will still complain about unknown options, but at least users won't be stuck waiting for an upstream update. --- src/ranch.erl | 18 +++++++++--------- src/ranch_ssl.erl | 23 ++++++++++------------- src/ranch_tcp.erl | 16 +++++----------- 3 files changed, 24 insertions(+), 33 deletions(-) diff --git a/src/ranch.erl b/src/ranch.erl index 43e940a..7f751cf 100644 --- a/src/ranch.erl +++ b/src/ranch.erl @@ -143,18 +143,18 @@ set_protocol_options(Ref, Opts) -> -spec filter_options([inet | inet6 | {atom(), any()} | {raw, any(), any(), any()}], [atom()], Acc) -> Acc when Acc :: [any()]. -filter_options(UserOptions, AllowedKeys, DefaultOptions) -> - AllowedOptions = filter_user_options(UserOptions, AllowedKeys), +filter_options(UserOptions, DisallowedKeys, DefaultOptions) -> + AllowedOptions = filter_user_options(UserOptions, DisallowedKeys), lists:foldl(fun merge_options/2, DefaultOptions, AllowedOptions). %% 2-tuple options. -filter_user_options([Opt = {Key, _}|Tail], AllowedKeys) -> - case lists:member(Key, AllowedKeys) of - true -> - [Opt|filter_user_options(Tail, AllowedKeys)]; +filter_user_options([Opt = {Key, _}|Tail], DisallowedKeys) -> + case lists:member(Key, DisallowedKeys) of false -> + [Opt|filter_user_options(Tail, DisallowedKeys)]; + true -> filter_options_warning(Opt), - filter_user_options(Tail, AllowedKeys) + filter_user_options(Tail, DisallowedKeys) end; %% Special option forms. filter_user_options([inet|Tail], AllowedKeys) -> @@ -163,9 +163,9 @@ filter_user_options([inet6|Tail], AllowedKeys) -> [inet6|filter_user_options(Tail, AllowedKeys)]; filter_user_options([Opt = {raw, _, _, _}|Tail], AllowedKeys) -> [Opt|filter_user_options(Tail, AllowedKeys)]; -filter_user_options([Opt|Tail], AllowedKeys) -> +filter_user_options([Opt|Tail], DisallowedKeys) -> filter_options_warning(Opt), - filter_user_options(Tail, AllowedKeys); + filter_user_options(Tail, DisallowedKeys); filter_user_options([], _) -> []. diff --git a/src/ranch_ssl.erl b/src/ranch_ssl.erl index 913761d..ea5d9d5 100644 --- a/src/ranch_ssl.erl +++ b/src/ranch_ssl.erl @@ -19,7 +19,7 @@ -export([secure/0]). -export([messages/0]). -export([listen/1]). --export([listen_options/0]). +-export([disallowed_listen_options/0]). -export([accept/2]). -export([accept_ack/2]). -export([connect/3]). @@ -99,18 +99,15 @@ listen(Opts) -> %% We set the port to 0 because it is given in the Opts directly. %% The port in the options takes precedence over the one in the %% first argument. - ssl:listen(0, ranch:filter_options(Opts6, listen_options(), - [binary, {active, false}, {packet, raw}, - {reuseaddr, true}, {nodelay, true}])). - -listen_options() -> - [alpn_preferred_protocols, beast_mitigation, cacertfile, cacerts, cert, certfile, - ciphers, client_renegotiation, crl_cache, crl_check, depth, dh, dhfile, - fail_if_no_peer_cert, hibernate_after, honor_cipher_order, key, keyfile, - log_alert, next_protocols_advertised, partial_chain, password, padding_check, - psk_identity, reuse_session, reuse_sessions, secure_renegotiate, signature_algs, - sni_fun, sni_hosts, user_lookup_fun, v2_hello_compatible, verify, verify_fun, versions - |ranch_tcp:listen_options()]. + ssl:listen(0, ranch:filter_options(Opts6, disallowed_listen_options(), + [binary, {active, false}, {packet, raw}, {reuseaddr, true}])). + +%% 'binary' and 'list' are disallowed but they are handled +%% specifically as they do not have 2-tuple equivalents. +disallowed_listen_options() -> + [alpn_advertised_protocols, client_preferred_next_protocols, + fallback, server_name_indication, srp_identity + |ranch_tcp:disallowed_listen_options()]. -spec accept(ssl:sslsocket(), timeout()) -> {ok, ssl:sslsocket()} | {error, closed | timeout | atom()}. diff --git a/src/ranch_tcp.erl b/src/ranch_tcp.erl index 958b3f9..c2ad148 100644 --- a/src/ranch_tcp.erl +++ b/src/ranch_tcp.erl @@ -19,7 +19,7 @@ -export([secure/0]). -export([messages/0]). -export([listen/1]). --export([listen_options/0]). +-export([disallowed_listen_options/0]). -export([accept/2]). -export([accept_ack/2]). -export([connect/3]). @@ -83,19 +83,13 @@ listen(Opts) -> %% We set the port to 0 because it is given in the Opts directly. %% The port in the options takes precedence over the one in the %% first argument. - gen_tcp:listen(0, ranch:filter_options(Opts5, listen_options(), + gen_tcp:listen(0, ranch:filter_options(Opts5, disallowed_listen_options(), [binary, {active, false}, {packet, raw}, {reuseaddr, true}])). -%% 'inet' and 'inet6' are also allowed but they are handled +%% 'binary' and 'list' are disallowed but they are handled %% specifically as they do not have 2-tuple equivalents. -%% -%% The 4-tuple 'raw' option is also handled specifically. -listen_options() -> - [backlog, buffer, delay_send, dontroute, exit_on_close, fd, - high_msgq_watermark, high_watermark, ip, ipv6_v6only, - keepalive, linger, low_msgq_watermark, - low_watermark, nodelay, port, priority, recbuf, - send_timeout, send_timeout_close, sndbuf, tos]. +disallowed_listen_options() -> + [active, header, mode, packet, packet_size, line_delimiter, reuseaddr]. -spec accept(inet:socket(), timeout()) -> {ok, inet:socket()} | {error, closed | timeout | atom()}. -- cgit v1.2.3