From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <e@80x24.org>
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on dcvr.yhbt.net
X-Spam-Level: 
X-Spam-ASN: 
X-Spam-Status: No, score=-2.9 required=3.0 tests=ALL_TRUSTED,AWL,BAYES_00,
 URIBL_BLOCKED shortcircuit=no autolearn=unavailable version=3.3.2
X-Original-To: yahns-public@yhbt.net
Received: from localhost (dcvr.yhbt.net [127.0.0.1]) by dcvr.yhbt.net
 (Postfix) with ESMTP id 95575202F6; Sun, 14 Feb 2016 11:33:41 +0000 (UTC)
Date: Sun, 14 Feb 2016 11:33:41 +0000
From: Eric Wong <e@80x24.org>
To: yahns-public@yhbt.net
Subject: [PATCH 2/2] doc: document ssl_ctx for "listen" directive
Message-ID: <20160214113341.GB17758@dcvr.yhbt.net>
References: <20160214112856.GA17497@dcvr.yhbt.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20160214112856.GA17497@dcvr.yhbt.net>
List-Id: <yahns-public@yhbt.net>

With the advent of Let's Encrypt, we'll see more users
interested in using yahns with OpenSSL support.
So document how a listener may be passed an SSLContext.
---
 Documentation/yahns_config.pod | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)

diff --git a/Documentation/yahns_config.pod b/Documentation/yahns_config.pod
index 12ec75e..858aaf1 100644
--- a/Documentation/yahns_config.pod
+++ b/Documentation/yahns_config.pod
@@ -422,6 +422,37 @@ ref: https://lwn.net/Articles/542629/
 
 Default: false (unset)
 
+=item ssl_ctx: OpenSSL::SSL::SSLContext Ruby object
+
+To enable TLS connections, you must configure this yourself.
+See documentation for OpenSSL::SSL::SSLContext
+for more information:
+
+L<http://docs.ruby-lang.org/en/trunk/OpenSSL/SSL/SSLContext.html>
+
+Default: none
+
+An example which seems to work is:
+
+  require 'openssl'
+  ctx = OpenSSL::SSL::SSLContext.new
+  ctx.cert =
+    OpenSSL::X509::Certificate.new(
+      IO.read('/etc/ssl/certs/example.crt')
+    )
+  ctx.extra_chain_cert = [
+    OpenSSL::X509::Certificate.new(
+      IO.read('/etc/ssl/certs/chain.crt')
+    )
+  ]
+  ctx.key = OpenSSL::PKey::RSA.new(
+    IO.read('/etc/ssl/private/example.key')
+  )
+
+  app(:rack, "/path/to/my/app/config.ru") do
+    listen 443, ssl_ctx: ctx
+  end
+
 =item umask: MODE
 
 Sets the file mode creation mask for UNIX sockets.  If specified,
-- 
EW