umgeher/cowboy
0
Fork 0
mirror of https://github.com/ninenines/cowboy.git synced 2025-07-14 20:30:23 +00:00
Code Issues Wiki Activity

Merge branch 'add-ssl-ciphers-configuration' of https://github.com/tillitech/cowboy

Browse source
This commit is contained in:
Loïc Hoguin 2012-03-23 12:48:05 +01:00
commit 4fb2a6face
1 changed files with 14 additions and 23 deletions
Download patch file Download diff file Expand all files Collapse all files

37
src/cowboy_ssl_transport.erl
View file

@ -48,13 +48,16 @@ messages() -> {ssl, ssl_closed, ssl_error}.
%% by default.</dd> %% by default.</dd>
%% <dt>certfile</dt><dd>Mandatory. Path to a file containing the user's %% <dt>certfile</dt><dd>Mandatory. Path to a file containing the user's
%% certificate.</dd> %% certificate.</dd>
%% <dt>keyfile</dt><dd>Mandatory. Path to the file containing the user's %% <dt>keyfile</dt><dd>Optional. Path to the file containing the user's
%% private PEM encoded key.</dd> %% private PEM encoded key.</dd>
%% <dt>cacertfile</dt><dd>Optional. Path to file containing PEM encoded %% <dt>cacertfile</dt><dd>Optional. Path to file containing PEM encoded
%% CA certificates (trusted certificates used for verifying a peer %% CA certificates (trusted certificates used for verifying a peer
%% certificate).</dd> %% certificate).</dd>
%% <dt>password</dt><dd>Mandatory. String containing the user's password. %% <dt>password</dt><dd>Optional. String containing the user's password.
%% All private keyfiles must be password protected currently.</dd> %% All private keyfiles must be password protected currently.</dd>
%% <dt>ciphers</dt><dd>Optional. The cipher suites that should be supported.
%% The function ssl:cipher_suites/0 can be used to find all available
%% ciphers.</dd>
%% </dl> %% </dl>
%% %%
%% @see ssl:listen/2 %% @see ssl:listen/2
@ -67,30 +70,18 @@ listen(Opts) ->
{port, Port} = lists:keyfind(port, 1, Opts), {port, Port} = lists:keyfind(port, 1, Opts),
Backlog = proplists:get_value(backlog, Opts, 1024), Backlog = proplists:get_value(backlog, Opts, 1024),
{certfile, CertFile} = lists:keyfind(certfile, 1, Opts), {certfile, CertFile} = lists:keyfind(certfile, 1, Opts),
KeyFileOpts =
case lists:keyfind(keyfile, 1, Opts) of
false -> [];
KeyFile -> [KeyFile]
end,
PasswordOpts =
case lists:keyfind(password, 1, Opts) of
false -> [];
Password -> [Password]
end,
ListenOpts0 = [binary, {active, false}, ListenOpts0 = [binary, {active, false},
{backlog, Backlog}, {packet, raw}, {reuseaddr, true}, {backlog, Backlog}, {packet, raw}, {reuseaddr, true},
{certfile, CertFile}], {certfile, CertFile}],
ListenOpts1 = ListenOpts = lists:foldl(fun
case lists:keyfind(ip, 1, Opts) of ({ip, _} = Ip, Acc) -> [Ip | Acc];
false -> ListenOpts0; ({keyfile, _} = KeyFile, Acc) -> [KeyFile | Acc];
Ip -> [Ip|ListenOpts0] ({cacertfile, _} = CACertFile, Acc) -> [CACertFile | Acc];
end, ({password, _} = Password, Acc) -> [Password | Acc];
ListenOpts2 = ({ciphers, _} = Ciphers, Acc) -> [Ciphers | Acc];
case lists:keyfind(cacertfile, 1, Opts) of (_, Acc) -> Acc
false -> ListenOpts1; end, ListenOpts0, Opts),
CACertFile -> [CACertFile|ListenOpts1]
end,
ListenOpts = ListenOpts2 ++ KeyFileOpts ++ PasswordOpts,
ssl:listen(Port, ListenOpts). ssl:listen(Port, ListenOpts).
%% @doc Accept an incoming connection on a listen socket. %% @doc Accept an incoming connection on a listen socket.