Merge branch 'ssl_listen_nofile' of git://github.com/archaelus/ranch

src/ranch_ssl.erl

@@ -88,25 +88,27 @@ messages() -> {ssl, ssl_closed, ssl_error}.
 %% ranch:get_port/1 instead.
 %%
 %% @see ssl:listen/2
--spec listen([{backlog, non_neg_integer()} | {cacertfile, string()}
+-spec listen([{backlog, non_neg_integer()} | {cacerts, [Der::binary()]}
+	| {cacertfile, string()} | {cert, Der::binary()}
 	| {certfile, string()} | {ciphers, [ssl:erl_cipher_suite()] | string()}
 	| {fail_if_no_peer_cert, boolean()}
-	| {ip, inet:ip_address()} | {keyfile, string()}
+	| {ip, inet:ip_address()} | {key, Der::binary()} | {keyfile, string()}
 	| {next_protocols_advertised, [binary()]} | {nodelay, boolean()}
 	| {password, string()} | {port, inet:port_number()}
 	| {verify, ssl:verify_type()}])
 	-> {ok, ssl:sslsocket()} | {error, atom()}.
 listen(Opts) ->
 	ranch:require([crypto, public_key, ssl]),
-	{certfile, _} = lists:keyfind(certfile, 1, Opts),
+	true = lists:keymember(cert, 1, Opts)
+		orelse lists:keymember(certfile, 1, Opts),
 	Opts2 = ranch:set_option_default(Opts, backlog, 1024),
 	%% We set the port to 0 because it is given in the Opts directly.
 	%% The port in the options takes precedence over the one in the
 	%% first argument.
 	ssl:listen(0, ranch:filter_options(Opts2,
-		[backlog, cacertfile, certfile, ciphers, fail_if_no_peer_cert, ip,
-			keyfile, next_protocols_advertised, nodelay, password, port,
-			raw, verify],
+		[backlog, cacerts, cacertfile, cert, certfile, ciphers,
+			fail_if_no_peer_cert, ip, key, keyfile, next_protocols_advertised,
+			nodelay, password, port, raw, verify],
 		[binary, {active, false}, {packet, raw},
 			{reuseaddr, true}, {nodelay, true}])).
 

test/acceptor_SUITE.erl

@@ -30,6 +30,7 @@
 %% ssl.
 -export([ssl_accept_error/1]).
 -export([ssl_accept_socket/1]).
+-export([ssl_accept_socket_nofile/1]).
 -export([ssl_active_echo/1]).
 -export([ssl_echo/1]).
 
@@ -70,6 +71,7 @@ groups() ->
 	]}, {ssl, [
 		ssl_accept_error,
 		ssl_accept_socket,
+		ssl_accept_socket_nofile,
 		ssl_active_echo,
 		ssl_echo
 	]}, {misc, [
@@ -136,6 +138,31 @@ ssl_accept_error(Config) ->
 	true = is_process_alive(AcceptorPid),
 	ranch:stop_listener(Name).
 
+ssl_accept_socket_nofile(Config) ->
+	%%% XXX we can't do the spawn to test the controlling process change
+	%%% because of the bug in ssl
+	{ok, Pem} = file:read_file(filename:join(?config(data_dir, Config),
+											 "cert.pem")),
+	[{KeyType, Key, not_encrypted},
+	 {_CertType, Cert, not_encrypted}] = public_key:pem_decode(Pem),
+	Name = ssl_accept_socket,
+	{ok, S} = ssl:listen(0,
+		[{cert, Cert}, {key, {KeyType, Key}}, binary,
+			{active, false}, {packet, raw}, {reuseaddr, true}]),
+	{ok, _} = ranch:start_listener(Name, 1,
+		ranch_ssl, [{socket, S}], echo_protocol, []),
+	Port = ranch:get_port(Name),
+	{ok, Socket} = ssl:connect("localhost", Port,
+		[binary, {active, false}, {packet, raw},
+		{certfile, ?config(data_dir, Config) ++ "cert.pem"}]),
+	ok = ssl:send(Socket, <<"TCP Ranch is working!">>),
+	{ok, <<"TCP Ranch is working!">>} = ssl:recv(Socket, 21, 1000),
+	ok = ranch:stop_listener(Name),
+	{error, closed} = ssl:recv(Socket, 0, 1000),
+	%% Make sure the listener stopped.
+	{'EXIT', _} = begin catch ranch:get_port(Name) end,
+	ok.
+
 ssl_accept_socket(Config) ->
 	%%% XXX we can't do the spawn to test the controlling process change
 	%%% because of the bug in ssl