From eaed0c94567a0c86ee3eedb7bc582f344c15ddb0 Mon Sep 17 00:00:00 2001 From: Ransom Richardson Date: Fri, 7 Jun 2013 19:03:23 +0000 Subject: Add support for additional ssl options. --- src/ranch_ssl.erl | 27 +++++++++++++++++++++++++-- 1 file changed, 25 insertions(+), 2 deletions(-) diff --git a/src/ranch_ssl.erl b/src/ranch_ssl.erl index e6352ed..4129f18 100644 --- a/src/ranch_ssl.erl +++ b/src/ranch_ssl.erl @@ -55,7 +55,11 @@ | {port, inet:port_number()} | {raw, non_neg_integer(), non_neg_integer(), non_neg_integer() | binary()} - | {verify, ssl:verify_type()}]. + | {reuse_session, fun()} + | {reuse_sessions, boolean()} + | {secure_renegotiate, boolean()} + | {verify, ssl:verify_type()} + | {verify_fun, {fun(), InitialUserState::term()}}]. -export_type([opts/0]). %% @doc Name of this transport, ssl. @@ -75,6 +79,8 @@ messages() -> {ssl, ssl_closed, ssl_error}. %%
cacertfile
Optional. Path to file containing PEM encoded %% CA certificates (trusted certificates used for verifying a peer %% certificate).
+%%
cert
Optional. The DER encoded users certificate. If this +%% option is supplied it will override the certfile option.
%%
certfile
Mandatory. Path to a file containing the user's %% certificate.
%%
ciphers
Optional. The cipher suites that should be supported. @@ -87,6 +93,8 @@ messages() -> {ssl, ssl_closed, ssl_error}. %% certificate is considered valid).
%%
ip
Interface to listen on. Listen on all interfaces %% by default.
+%%
key
Optional. The DER encoded users private key. If this option +%% is supplied it will override the keyfile option.
%%
keyfile
Optional. Path to the file containing the user's %% private PEM encoded key.
%%
next_protocols_advertised
Optional. Erlang R16B+ required. @@ -96,8 +104,22 @@ messages() -> {ssl, ssl_closed, ssl_error}. %%
password
Optional. String containing the user's password. %% All private keyfiles must be password protected currently.
%%
port
TCP port number to open. Defaults to 0 (see below)
+%%
reuse_session
Optional. Enables the ssl server to have a local +%% policy for deciding if a session should be reused or not, only meaningful +%% if reuse_sessions is set to true.
+%%
reuse_sessions
Optional. Specifies if the server should agree +%% to reuse sessions when the clients request to do so.
+%%
secure_renegotiate
Optional. Specifies if to reject renegotiation +%% attempt that does not live up to RFC 5746. By default secure_renegotiate is +%% set to false i.e. secure renegotiation will be used if possible but it will +%% fallback to unsecure renegotiation if the peer does not support RFC 5746.
%%
verify
Optional. If set to verify_peer, performs an x509-path %% validation and request the client for a certificate.
+%%
verify_fun
Optional. The verify fun will be called during the +%% X509-path validation when an error or an extension unknown to the ssl +%% application is encountered. Additionally it will be called when a certificate +%% is considered valid by the path validation to allow access to each certificate +%% in the path to the user application.
%% %% %% You can listen to a random port by setting the port option to 0. @@ -119,7 +141,8 @@ listen(Opts) -> ssl:listen(0, ranch:filter_options(Opts2, [backlog, cacertfile, cacerts, cert, certfile, ciphers, fail_if_no_peer_cert, ip, key, keyfile, next_protocols_advertised, - nodelay, password, port, raw, verify], + nodelay, password, port, raw, reuse_session, reuse_sessions, + secure_renegotiate, verify, verify_fun], [binary, {active, false}, {packet, raw}, {reuseaddr, true}, {nodelay, true}])). -- cgit v1.2.3