8 years ago · 4d487ac60c
--- a/doc/src/manual/ranch_ssl.asciidoc
+++ b/doc/src/manual/ranch_ssl.asciidoc
@@ -15,6 +15,7 @@ The `ranch_ssl` module implements an SSL Ranch transport.
 
				 [source,erlang]
			
 
				 ----
			
 
				 ssl_opt() = {alpn_preferred_protocols, [binary()]}
			
 
				+	| {beast_mitigation, one_n_minus_one | zero_n | disabled}
			
 
				 	| {cacertfile, string()}
			
 
				 	| {cacerts, [public_key:der_encoded()]}
			
 
				 	| {cert, public_key:der_encoded()}
			
@@ -33,6 +34,7 @@ ssl_opt() = {alpn_preferred_protocols, [binary()]}
 
				 	| {keyfile, string()}
			
 
				 	| {log_alert, boolean()}
			
 
				 	| {next_protocols_advertised, [binary()]}
			
 
				+	| {padding_check, boolean()}
			
 
				 	| {partial_chain, fun(([public_key:der_encoded()]) -> {trusted_ca, public_key:der_encoded()} | unknown_ca)}
			
 
				 	| {password, string()}
			
 
				 	| {psk_identity, string()}
			
@@ -43,6 +45,7 @@ ssl_opt() = {alpn_preferred_protocols, [binary()]}
 
				 	| {sni_fun, fun()}
			
 
				 	| {sni_hosts, [{string(), ssl_opt()}]}
			
 
				 	| {user_lookup_fun, {fun(), any()}}
			
 
				+	| {v2_hello_compatible, boolean()}
			
 
				 	| {verify, ssl:verify_type()}
			
 
				 	| {verify_fun, {fun(), any()}}
			
 
				 	| {versions, [atom()]}.
			
@@ -67,6 +70,8 @@ The default value is given next to the option name.
 
				 
			
 
				 alpn_preferred_protocols::
			
 
				 	Perform Application-Layer Protocol Negotiation with the given list of preferred protocols.
			
 
				+beast_mitigation::
			
 
				+	Change the BEAST mitigation strategy for SSL-3.0 and TLS-1.0 to interoperate with legacy software.
			
 
				 cacertfile::
			
 
				 	Path to PEM encoded trusted certificates file used to verify peer certificates.
			
 
				 cacerts::
			
@@ -105,6 +110,8 @@ next_protocols_advertised::
 
				 	List of protocols to send to the client if it supports the Next Protocol extension.
			
 
				 nodelay (true)::
			
 
				 	Whether to enable TCP_NODELAY.
			
 
				+padding_check::
			
 
				+	Allow disabling the block cipher padding check for TLS-1.0 to be able to interoperate with legacy software.
			
 
				 partial_chain::
			
 
				 	Claim an intermediate CA in the chain as trusted.
			
 
				 password::
			
@@ -125,6 +132,8 @@ sni_hosts::
 
				 	Options to apply for the host that matches what the client requested with Server Name Indication.
			
 
				 user_lookup_fun::
			
 
				 	Function called to determine the shared secret when using PSK, or provide parameters when using SRP.
			
 
				+v2_hello_compatible::
			
 
				+	Accept clients that send hello messages in SSL-2.0 format while offering supported SSL/TLS versions.
			
 
				 verify (verify_none)::
			
 
				 	Use `verify_peer` to request a certificate from the client.
			
 
				 verify_fun::
			
--- a/src/ranch_ssl.erl
+++ b/src/ranch_ssl.erl
@@ -37,6 +37,7 @@
 
				 -export([close/1]).
			
 
				 
			
 
				 -type ssl_opt() :: {alpn_preferred_protocols, [binary()]}
			
 
				+	| {beast_mitigation, one_n_minus_one | zero_n | disabled}
			
 
				 	| {cacertfile, string()}
			
 
				 	| {cacerts, [public_key:der_encoded()]}
			
 
				 	| {cert, public_key:der_encoded()}
			
@@ -55,6 +56,7 @@
 
				 	| {keyfile, string()}
			
 
				 	| {log_alert, boolean()}
			
 
				 	| {next_protocols_advertised, [binary()]}
			
 
				+	| {padding_check, boolean()}
			
 
				 	| {partial_chain, fun(([public_key:der_encoded()]) -> {trusted_ca, public_key:der_encoded()} | unknown_ca)}
			
 
				 	| {password, string()}
			
 
				 	| {psk_identity, string()}
			
@@ -65,6 +67,7 @@
 
				 	| {sni_fun, fun()}
			
 
				 	| {sni_hosts, [{string(), ssl_opt()}]}
			
 
				 	| {user_lookup_fun, {fun(), any()}}
			
 
				+	| {v2_hello_compatible, boolean()}
			
 
				 	| {verify, ssl:verify_type()}
			
 
				 	| {verify_fun, {fun(), any()}}
			
 
				 	| {versions, [atom()]}.
			
@@ -101,12 +104,12 @@ listen(Opts) ->
 
				 			{reuseaddr, true}, {nodelay, true}])).
			
 
				 
			
 
				 listen_options() ->
			
 
				-	[alpn_preferred_protocols, cacertfile, cacerts, cert, certfile,
			
 
				-		ciphers, client_renegotiation, crl_cache, crl_check, depth,
			
 
				-		dh, dhfile, fail_if_no_peer_cert, hibernate_after, honor_cipher_order,
			
 
				-		key, keyfile, log_alert, next_protocols_advertised, partial_chain,
			
 
				-		password, psk_identity, reuse_session, reuse_sessions, secure_renegotiate,
			
 
				-		signature_algs, sni_fun, sni_hosts, user_lookup_fun, verify, verify_fun, versions
			
 
				+	[alpn_preferred_protocols, beast_mitigation, cacertfile, cacerts, cert, certfile,
			
 
				+		ciphers, client_renegotiation, crl_cache, crl_check, depth, dh, dhfile,
			
 
				+		fail_if_no_peer_cert, hibernate_after, honor_cipher_order, key, keyfile,
			
 
				+		log_alert, next_protocols_advertised, partial_chain, password, padding_check,
			
 
				+		psk_identity, reuse_session, reuse_sessions, secure_renegotiate, signature_algs,
			
 
				+		sni_fun, sni_hosts, user_lookup_fun, v2_hello_compatible, verify, verify_fun, versions
			
 
				 		|ranch_tcp:listen_options()].
			
 
				 
			
 
				 -spec accept(ssl:sslsocket(), timeout())