8 years ago · b2b0996274
--- a/src/ranch.erl
+++ b/src/ranch.erl
@@ -143,18 +143,18 @@ set_protocol_options(Ref, Opts) ->
 
				 
			
 
				 -spec filter_options([inet | inet6 | {atom(), any()} | {raw, any(), any(), any()}],
			
 
				 	[atom()], Acc) -> Acc when Acc :: [any()].
			
 
				-filter_options(UserOptions, AllowedKeys, DefaultOptions) ->
			
 
				-	AllowedOptions = filter_user_options(UserOptions, AllowedKeys),
			
 
				+filter_options(UserOptions, DisallowedKeys, DefaultOptions) ->
			
 
				+	AllowedOptions = filter_user_options(UserOptions, DisallowedKeys),
			
 
				 	lists:foldl(fun merge_options/2, DefaultOptions, AllowedOptions).
			
 
				 
			
 
				 %% 2-tuple options.
			
 
				-filter_user_options([Opt = {Key, _}|Tail], AllowedKeys) ->
			
 
				-	case lists:member(Key, AllowedKeys) of
			
 
				-		true ->
			
 
				-			[Opt|filter_user_options(Tail, AllowedKeys)];
			
 
				+filter_user_options([Opt = {Key, _}|Tail], DisallowedKeys) ->
			
 
				+	case lists:member(Key, DisallowedKeys) of
			
 
				 		false ->
			
 
				+			[Opt|filter_user_options(Tail, DisallowedKeys)];
			
 
				+		true ->
			
 
				 			filter_options_warning(Opt),
			
 
				-			filter_user_options(Tail, AllowedKeys)
			
 
				+			filter_user_options(Tail, DisallowedKeys)
			
 
				 	end;
			
 
				 %% Special option forms.
			
 
				 filter_user_options([inet|Tail], AllowedKeys) ->
			
@@ -163,9 +163,9 @@ filter_user_options([inet6|Tail], AllowedKeys) ->
 
				 	[inet6|filter_user_options(Tail, AllowedKeys)];
			
 
				 filter_user_options([Opt = {raw, _, _, _}|Tail], AllowedKeys) ->
			
 
				 	[Opt|filter_user_options(Tail, AllowedKeys)];
			
 
				-filter_user_options([Opt|Tail], AllowedKeys) ->
			
 
				+filter_user_options([Opt|Tail], DisallowedKeys) ->
			
 
				 	filter_options_warning(Opt),
			
 
				-	filter_user_options(Tail, AllowedKeys);
			
 
				+	filter_user_options(Tail, DisallowedKeys);
			
 
				 filter_user_options([], _) ->
			
 
				 	[].
			
 
				 
			
--- a/src/ranch_ssl.erl
+++ b/src/ranch_ssl.erl
@@ -19,7 +19,7 @@
 
				 -export([secure/0]).
			
 
				 -export([messages/0]).
			
 
				 -export([listen/1]).
			
 
				--export([listen_options/0]).
			
 
				+-export([disallowed_listen_options/0]).
			
 
				 -export([accept/2]).
			
 
				 -export([accept_ack/2]).
			
 
				 -export([connect/3]).
			
@@ -99,18 +99,15 @@ listen(Opts) ->
 
				 	%% We set the port to 0 because it is given in the Opts directly.
			
 
				 	%% The port in the options takes precedence over the one in the
			
 
				 	%% first argument.
			
 
				-	ssl:listen(0, ranch:filter_options(Opts6, listen_options(),
			
 
				-		[binary, {active, false}, {packet, raw},
			
 
				-			{reuseaddr, true}, {nodelay, true}])).
			
 
				-
			
 
				-listen_options() ->
			
 
				-	[alpn_preferred_protocols, beast_mitigation, cacertfile, cacerts, cert, certfile,
			
 
				-		ciphers, client_renegotiation, crl_cache, crl_check, depth, dh, dhfile,
			
 
				-		fail_if_no_peer_cert, hibernate_after, honor_cipher_order, key, keyfile,
			
 
				-		log_alert, next_protocols_advertised, partial_chain, password, padding_check,
			
 
				-		psk_identity, reuse_session, reuse_sessions, secure_renegotiate, signature_algs,
			
 
				-		sni_fun, sni_hosts, user_lookup_fun, v2_hello_compatible, verify, verify_fun, versions
			
 
				-		|ranch_tcp:listen_options()].
			
 
				+	ssl:listen(0, ranch:filter_options(Opts6, disallowed_listen_options(),
			
 
				+		[binary, {active, false}, {packet, raw}, {reuseaddr, true}])).
			
 
				+
			
 
				+%% 'binary' and 'list' are disallowed but they are handled
			
 
				+%% specifically as they do not have 2-tuple equivalents.
			
 
				+disallowed_listen_options() ->
			
 
				+	[alpn_advertised_protocols, client_preferred_next_protocols,
			
 
				+		fallback, server_name_indication, srp_identity
			
 
				+		|ranch_tcp:disallowed_listen_options()].
			
 
				 
			
 
				 -spec accept(ssl:sslsocket(), timeout())
			
 
				 	-> {ok, ssl:sslsocket()} | {error, closed | timeout | atom()}.
			
--- a/src/ranch_tcp.erl
+++ b/src/ranch_tcp.erl
@@ -19,7 +19,7 @@
 
				 -export([secure/0]).
			
 
				 -export([messages/0]).
			
 
				 -export([listen/1]).
			
 
				--export([listen_options/0]).
			
 
				+-export([disallowed_listen_options/0]).
			
 
				 -export([accept/2]).
			
 
				 -export([accept_ack/2]).
			
 
				 -export([connect/3]).
			
@@ -83,19 +83,13 @@ listen(Opts) ->
 
				 	%% We set the port to 0 because it is given in the Opts directly.
			
 
				 	%% The port in the options takes precedence over the one in the
			
 
				 	%% first argument.
			
 
				-	gen_tcp:listen(0, ranch:filter_options(Opts5, listen_options(),
			
 
				+	gen_tcp:listen(0, ranch:filter_options(Opts5, disallowed_listen_options(),
			
 
				 		[binary, {active, false}, {packet, raw}, {reuseaddr, true}])).
			
 
				 
			
 
				-%% 'inet' and 'inet6' are also allowed but they are handled
			
 
				+%% 'binary' and 'list' are disallowed but they are handled
			
 
				 %% specifically as they do not have 2-tuple equivalents.
			
 
				-%%
			
 
				-%% The 4-tuple 'raw' option is also handled specifically.
			
 
				-listen_options() ->
			
 
				-	[backlog, buffer, delay_send, dontroute, exit_on_close, fd,
			
 
				-		high_msgq_watermark, high_watermark, ip, ipv6_v6only,
			
 
				-		keepalive, linger, low_msgq_watermark,
			
 
				-		low_watermark, nodelay, port, priority, recbuf,
			
 
				-		send_timeout, send_timeout_close, sndbuf, tos].
			
 
				+disallowed_listen_options() ->
			
 
				+	[active, header, mode, packet, packet_size, line_delimiter, reuseaddr].
			
 
				 
			
 
				 -spec accept(inet:socket(), timeout())
			
 
				 	-> {ok, inet:socket()} | {error, closed | timeout | atom()}.