Home Explore Help
Sign In
n4u
/
ranch
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: b186d01367
Branches Tags
ranch
/
src
/
ranch_ssl.erl

ranch_ssl.erl 6.4 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189 
  1. %% Copyright (c) 2011-2012, Loïc Hoguin <essen@ninenines.eu>
    2. 

  2. %%
    3. 

  3. %% Permission to use, copy, modify, and/or distribute this software for any
    4. 

  4. %% purpose with or without fee is hereby granted, provided that the above
    5. 

  5. %% copyright notice and this permission notice appear in all copies.
    6. 

  6. %%
    7. 

  7. %% THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
    8. 

  8. %% WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
    9. 

  9. %% MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
    10. 

  10. %% ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
    11. 

  11. %% WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
    12. 

  12. %% ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
    13. 

  13. %% OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
    14. 

  14. 

  15. %% @doc SSL transport API.
    16. 

  16. %%
    17. 

  17. %% Wrapper around <em>ssl</em> implementing the Ranch transport API.
    18. 

  18. %%
    19. 

  19. %% This transport requires the <em>crypto</em>, <em>public_key</em>
    20. 

  20. %% and <em>ssl</em> applications to be started. If they aren't started,
    21. 

  21. %% it will try to start them itself before opening a port to listen.
    22. 

  22. %% Applications aren't stopped when the listening socket is closed, though.
    23. 

  23. %%
    24. 

  24. %% @see ssl
    25. 

  25. -module(ranch_ssl).
    26. 

  26. 

  27. -export([name/0]).
    28. 

  28. -export([messages/0]).
    29. 

  29. -export([connect/3]).
    30. 

  30. -export([listen/1]).
    31. 

  31. -export([accept/2]).
    32. 

  32. -export([recv/3]).
    33. 

  33. -export([send/2]).
    34. 

  34. -export([setopts/2]).
    35. 

  35. -export([controlling_process/2]).
    36. 

  36. -export([peername/1]).
    37. 

  37. -export([close/1]).
    38. 

  38. -export([sockname/1]).
    39. 

  39. 

  40. %% @doc Name of this transport API, <em>ssl</em>.
    41. 

  41. -spec name() -> ssl.
    42. 

  42. name() -> ssl.
    43. 

  43. 

  44. %% @doc Atoms used in the process messages sent by this API.
    45. 

  45. %%
    46. 

  46. %% They identify incoming data, closed connection and errors when receiving
    47. 

  47. %% data in active mode.
    48. 

  48. -spec messages() -> {ssl, ssl_closed, ssl_error}.
    49. 

  49. messages() -> {ssl, ssl_closed, ssl_error}.
    50. 

  50. 

  51. %% @private
    52. 

  52. %% @todo Probably filter Opts?
    53. 

  53. -spec connect(string(), inet:port_number(), any())
    54. 

  54. 	-> {ok, inet:socket()} | {error, atom()}.
    55. 

  55. connect(Host, Port, Opts) when is_list(Host), is_integer(Port) ->
    56. 

  56. 	ssl:connect(Host, Port,
    57. 

  57. 		Opts ++ [binary, {active, false}, {packet, raw}]).
    58. 

  58. 

  59. %% @doc Setup a socket to listen on the given port on the local host.
    60. 

  60. %%
    61. 

  61. %% The available options are:
    62. 

  62. %% <dl>
    63. 

  63. %%  <dt>port</dt><dd>Mandatory. TCP port number to open.</dd>
    64. 

  64. %%  <dt>backlog</dt><dd>Maximum length of the pending connections queue.
    65. 

  65. %%   Defaults to 1024.</dd>
    66. 

  66. %%  <dt>ip</dt><dd>Interface to listen on. Listen on all interfaces
    67. 

  67. %%   by default.</dd>
    68. 

  68. %%  <dt>certfile</dt><dd>Mandatory. Path to a file containing the user's
    69. 

  69. %%   certificate.</dd>
    70. 

  70. %%  <dt>keyfile</dt><dd>Optional. Path to the file containing the user's
    71. 

  71. %%   private PEM encoded key.</dd>
    72. 

  72. %%  <dt>cacertfile</dt><dd>Optional. Path to file containing PEM encoded
    73. 

  73. %%   CA certificates (trusted certificates used for verifying a peer
    74. 

  74. %%   certificate).</dd>
    75. 

  75. %%  <dt>password</dt><dd>Optional. String containing the user's password.
    76. 

  76. %%   All private keyfiles must be password protected currently.</dd>
    77. 

  77. %%  <dt>ciphers</dt><dd>Optional. The cipher suites that should be supported.
    78. 

  78. %%  The function ssl:cipher_suites/0 can be used to find all available
    79. 

  79. %%  ciphers.</dd>
    80. 

  80. %% </dl>
    81. 

  81. %%
    82. 

  82. %% @see ssl:listen/2
    83. 

  83. -spec listen([{port, inet:port_number()} | {certfile, string()}
    84. 

  84. 	| {keyfile, string()} | {password, string()}
    85. 

  85. 	| {cacertfile, string()} | {ip, inet:ip_address()}])
    86. 

  86. 	-> {ok, ssl:sslsocket()} | {error, atom()}.
    87. 

  87. listen(Opts) ->
    88. 

  88. 	require([crypto, public_key, ssl]),
    89. 

  89. 	{port, Port} = lists:keyfind(port, 1, Opts),
    90. 

  90. 	Backlog = proplists:get_value(backlog, Opts, 1024),
    91. 

  91. 	{certfile, CertFile} = lists:keyfind(certfile, 1, Opts),
    92. 

  92. 

  93. 	ListenOpts0 = [binary, {active, false},
    94. 

  94. 		{backlog, Backlog}, {packet, raw}, {reuseaddr, true},
    95. 

  95. 		{certfile, CertFile}],
    96. 

  96. 	ListenOpts = lists:foldl(fun
    97. 

  97. 		({ip, _} = Ip, Acc) -> [Ip | Acc];
    98. 

  98. 		({keyfile, _} = KeyFile, Acc) -> [KeyFile | Acc];
    99. 

  99. 		({cacertfile, _} = CACertFile, Acc) -> [CACertFile | Acc];
    100. 

  100. 		({password, _} = Password, Acc) -> [Password | Acc];
    101. 

  101. 		({ciphers, _} = Ciphers, Acc) -> [Ciphers | Acc];
    102. 

  102. 		(_, Acc) -> Acc
    103. 

  103. 	end, ListenOpts0, Opts),
    104. 

  104. 	ssl:listen(Port, ListenOpts).
    105. 

  105. 

  106. %% @doc Accept an incoming connection on a listen socket.
    107. 

  107. %%
    108. 

  108. %% Note that this function does both the transport accept and
    109. 

  109. %% the SSL handshake.
    110. 

  110. %%
    111. 

  111. %% @see ssl:transport_accept/2
    112. 

  112. %% @see ssl:ssl_accept/2
    113. 

  113. -spec accept(ssl:sslsocket(), timeout())
    114. 

  114. 	-> {ok, ssl:sslsocket()} | {error, closed | timeout | atom() | tuple()}.
    115. 

  115. accept(LSocket, Timeout) ->
    116. 

  116. 	case ssl:transport_accept(LSocket, Timeout) of
    117. 

  117. 		{ok, CSocket} ->
    118. 

  118. 			ssl_accept(CSocket, Timeout);
    119. 

  119. 		{error, Reason} ->
    120. 

  120. 			{error, Reason}
    121. 

  121. 	end.
    122. 

  122. 

  123. %% @doc Receive a packet from a socket in passive mode.
    124. 

  124. %% @see ssl:recv/3
    125. 

  125. -spec recv(ssl:sslsocket(), non_neg_integer(), timeout())
    126. 

  126. 	-> {ok, any()} | {error, closed | atom()}.
    127. 

  127. recv(Socket, Length, Timeout) ->
    128. 

  128. 	ssl:recv(Socket, Length, Timeout).
    129. 

  129. 

  130. %% @doc Send a packet on a socket.
    131. 

  131. %% @see ssl:send/2
    132. 

  132. -spec send(ssl:sslsocket(), iolist()) -> ok | {error, atom()}.
    133. 

  133. send(Socket, Packet) ->
    134. 

  134. 	ssl:send(Socket, Packet).
    135. 

  135. 

  136. %% @doc Set one or more options for a socket.
    137. 

  137. %% @see ssl:setopts/2
    138. 

  138. -spec setopts(ssl:sslsocket(), list()) -> ok | {error, atom()}.
    139. 

  139. setopts(Socket, Opts) ->
    140. 

  140. 	ssl:setopts(Socket, Opts).
    141. 

  141. 

  142. %% @doc Assign a new controlling process <em>Pid</em> to <em>Socket</em>.
    143. 

  143. %% @see ssl:controlling_process/2
    144. 

  144. -spec controlling_process(ssl:sslsocket(), pid())
    145. 

  145. 	-> ok | {error, closed | not_owner | atom()}.
    146. 

  146. controlling_process(Socket, Pid) ->
    147. 

  147. 	ssl:controlling_process(Socket, Pid).
    148. 

  148. 

  149. %% @doc Return the address and port for the other end of a connection.
    150. 

  150. %% @see ssl:peername/1
    151. 

  151. -spec peername(ssl:sslsocket())
    152. 

  152. 	-> {ok, {inet:ip_address(), inet:port_number()}} | {error, atom()}.
    153. 

  153. peername(Socket) ->
    154. 

  154. 	ssl:peername(Socket).
    155. 

  155. 

  156. %% @doc Close a TCP socket.
    157. 

  157. %% @see ssl:close/1
    158. 

  158. -spec close(ssl:sslsocket()) -> ok.
    159. 

  159. close(Socket) ->
    160. 

  160. 	ssl:close(Socket).
    161. 

  161. 

  162. %% @doc Get the local address and port of a socket
    163. 

  163. %% @see ssl:sockname/1
    164. 

  164. -spec sockname(ssl:sslsocket())
    165. 

  165. 	-> {ok, {inet:ip_address(), inet:port_number()}} | {error, atom()}.
    166. 

  166. sockname(Socket) ->
    167. 

  167. 	ssl:sockname(Socket).
    168. 

  168. 

  169. %% Internal.
    170. 

  170. 

  171. -spec require(list(module())) -> ok.
    172. 

  172. require([]) ->
    173. 

  173. 	ok;
    174. 

  174. require([App|Tail]) ->
    175. 

  175. 	case application:start(App) of
    176. 

  176. 		ok -> ok;
    177. 

  177. 		{error, {already_started, App}} -> ok
    178. 

  178. 	end,
    179. 

  179. 	require(Tail).
    180. 

  180. 

  181. -spec ssl_accept(ssl:sslsocket(), timeout())
    182. 

  182. 	-> {ok, ssl:sslsocket()} | {error, {ssl_accept, atom()}}.
    183. 

  183. ssl_accept(Socket, Timeout) ->
    184. 

  184. 	case ssl:ssl_accept(Socket, Timeout) of
    185. 

  185. 		ok ->
    186. 

  186. 			{ok, Socket};
    187. 

  187. 		{error, Reason} ->
    188. 

  188. 			{error, {ssl_accept, Reason}}
    189. 

  189. 	end.
    190.