Fix DTLS

Options invalid for DTLS were given to ssl. Now they are only
given for TLS.

The {packet,raw} option is no longer set because the default
for TLS is the equivalent {packet,0} and DTLS doesn't accept it.

Author: essen

src/ranch_ssl.erl

@@ -135,17 +135,25 @@ listen(TransOpts) ->
 	end.
 
 do_listen(SocketOpts0, Logger) ->
-	SocketOpts1 = ranch:set_option_default(SocketOpts0, backlog, 1024),
-	SocketOpts2 = ranch:set_option_default(SocketOpts1, nodelay, true),
-	SocketOpts3 = ranch:set_option_default(SocketOpts2, send_timeout, 30000),
-	SocketOpts = ranch:set_option_default(SocketOpts3, send_timeout_close, true),
+	SocketOpts = set_default_options(SocketOpts0),
 	DisallowedOpts0 = disallowed_listen_options(),
 	DisallowedOpts = unsupported_tls_options(SocketOpts) ++ DisallowedOpts0,
 	%% We set the port to 0 because it is given in the Opts directly.
 	%% The port in the options takes precedence over the one in the
 	%% first argument.
 	ssl:listen(0, ranch:filter_options(SocketOpts, DisallowedOpts,
-		[binary, {active, false}, {packet, raw}, {reuseaddr, true}], Logger)).
+		[binary, {active, false}, {reuseaddr, true}], Logger)).
+
+set_default_options(SocketOpts0) ->
+	case proplists:get_value(protocol, SocketOpts0, tls) of
+		tls ->
+			SocketOpts1 = ranch:set_option_default(SocketOpts0, backlog, 1024),
+			SocketOpts2 = ranch:set_option_default(SocketOpts1, nodelay, true),
+			SocketOpts3 = ranch:set_option_default(SocketOpts2, send_timeout, 30000),
+			ranch:set_option_default(SocketOpts3, send_timeout_close, true);
+		dtls ->
+			SocketOpts0
+	end.
 
 %% 'binary' and 'list' are disallowed but they are handled
 %% specifically as they do not have 2-tuple equivalents.

test/acceptor_SUITE.erl

@@ -83,6 +83,7 @@ groups() ->
 		ssl_active_n_echo,
 		ssl_echo,
 		ssl_local_echo,
+		ssl_dtls_echo,
 		ssl_graceful,
 		ssl_handshake,
 		ssl_handshake_error,
@@ -840,6 +841,27 @@ ssl_echo(_) ->
 	{'EXIT', _} = begin catch ranch:get_port(Name) end,
 	ok.
 
+ssl_dtls_echo(_) ->
+	doc("Ensure that passive mode works with SSL transport."),
+	Name = name(),
+	%% We are using DTLS so the version should be 'dtlsv1.2'.
+	%% But since we don't really need it we simply don't set 'versions'.
+	Opts = ct_helper:get_certs_from_ets() -- [{versions, ['tlsv1.2']}],
+	{ok, _} = ranch:start_listener(Name,
+		ranch_ssl, Opts ++ [{protocol, dtls}, {verify, verify_none}],
+		echo_protocol, []),
+	Port = ranch:get_port(Name),
+	{ok, Socket} = ssl:connect("localhost", Port, [
+		binary, {active, false}, {protocol, dtls},
+		{verify, verify_none}]),
+	ok = ssl:send(Socket, <<"SSL Ranch is working!">>),
+	{ok, <<"SSL Ranch is working!">>} = ssl:recv(Socket, 21, 1000),
+	ok = ranch:stop_listener(Name),
+	{error, closed} = ssl:recv(Socket, 0, 1000),
+	%% Make sure the listener stopped.
+	{'EXIT', _} = begin catch ranch:get_port(Name) end,
+	ok.
+
 ssl_handshake(_) ->
 	doc("Ensure that multiple steps handshake works with SSL transport."),
 	Name = name(),