|
|
@@ -50,6 +50,9 @@ messages() -> {ssl, ssl_closed, ssl_error}.
|
|
|
%% certificate.</dd>
|
|
|
%% <dt>keyfile</dt><dd>Mandatory. Path to the file containing the user's
|
|
|
%% private PEM encoded key.</dd>
|
|
|
+%% <dt>cacertfile</dt><dd>Optional. Path to file containing PEM encoded
|
|
|
+%% CA certificates (trusted certificates used for verifying a peer
|
|
|
+%% certificate).</dd>
|
|
|
%% <dt>password</dt><dd>Mandatory. String containing the user's password.
|
|
|
%% All private keyfiles must be password protected currently.</dd>
|
|
|
%% </dl>
|
|
|
@@ -58,7 +61,7 @@ messages() -> {ssl, ssl_closed, ssl_error}.
|
|
|
%% @todo The password option shouldn't be mandatory.
|
|
|
-spec listen([{port, inet:ip_port()} | {certfile, string()}
|
|
|
| {keyfile, string()} | {password, string()}
|
|
|
- | {ip, inet:ip_address()}])
|
|
|
+ | {cacertfile, string()} | {ip, inet:ip_address()}])
|
|
|
-> {ok, ssl:sslsocket()} | {error, atom()}.
|
|
|
listen(Opts) ->
|
|
|
require([crypto, public_key, ssl]),
|
|
|
@@ -70,11 +73,16 @@ listen(Opts) ->
|
|
|
ListenOpts0 = [binary, {active, false},
|
|
|
{backlog, Backlog}, {packet, raw}, {reuseaddr, true},
|
|
|
{certfile, CertFile}, {keyfile, KeyFile}, {password, Password}],
|
|
|
- ListenOpts =
|
|
|
+ ListenOpts1 =
|
|
|
case lists:keyfind(ip, 1, Opts) of
|
|
|
false -> ListenOpts0;
|
|
|
Ip -> [Ip|ListenOpts0]
|
|
|
end,
|
|
|
+ ListenOpts =
|
|
|
+ case lists:keyfind(cacertfile, 1, Opts) of
|
|
|
+ false -> ListenOpts1;
|
|
|
+ CACertFile -> [CACertFile|ListenOpts1]
|
|
|
+ end,
|
|
|
ssl:listen(Port, ListenOpts).
|
|
|
|
|
|
%% @doc Accept an incoming connection on a listen socket.
|
Loïc Hoguin