Support for fail_if_no_peer_cert SSL server option. #34

Closed
wants to merge 2 commits into
from

Projects

None yet

2 participants

Contributor
0x00F6 commented Feb 11, 2013

SSL option verify alone does not gives full security. Client could send empty certificate and happily access your inner API.

@0x00F6 0x00F6 Update src/ranch_ssl.erl
Support for fail_if_no_peer_cert SSL server option.
1fef5d1
Owner
essen commented Feb 11, 2013

Options in alphabetical order please.

Contributor
0x00F6 commented Feb 12, 2013

OK, I'll do.
But, in the first place, is ranch:filter_options really needed in ranch_ssl:listen?
Why not pass all Opts directly to ssl:listen?
All ssl server options are well known and documented: http://www.erlang.org/doc/man/ssl.html.
When passing unsupported option programmer will get nice and clear exception exit: badarg.
Is there ssl server option undesirable/unsupported by ranch?

Owner
essen commented Feb 14, 2013

Please squash the commits into one and I will merge it.

@0x00F6 0x00F6 closed this Feb 18, 2013
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment