public_key, ssl: Patch 1112

    OTP-7046  Support for Diffie-Hellman. ssl-3.11 requires public_key-0.6.

    OTP-8553  Moved extended key usage test for ssl values to ssl.

    OTP-8557  Fixes handling of the option fail_if_no_peer_cert and some
              undocumented options. Thanks to Rory Byrne.

    OTP-7046  Support for Diffie-Hellman. ssl-3.11 requires public_key-0.6.

    OTP-8517  New ssl now properly handles ssl renegotiation, and initiates
              a renegotiation if ssl/ltls-sequence numbers comes close
              to the max value. However RFC-5746 is not yet supported,
              but will be in an upcoming release.

    OTP-8545  When gen_tcp is configured with the {packet,http} option,
              it automatically switches to expect HTTP Headers after a
              HTTP Request/Response line has been received. This update
              fixes ssl to behave in the same way. Thanks to Rory Byrne.

    OTP-8554  Ssl now correctly verifies the extended_key_usage extension
              and also allows the user to verify application specific
              extensions by supplying an appropriate fun.

    OTP-8560  Fixed ssl:transport_accept/2 to return properly when socket
              is closed. Thanks to Rory Byrne.

3 files changed, 30 insertions, 6 deletions

diff --git a/lib/public_key/asn1/Makefile b/lib/public_key/asn1/Makefile
index fbea701be9..94abec083c 100644
--- a/lib/public_key/asn1/Makefile
+++ b/lib/public_key/asn1/Makefile
@@ -1,19 +1,19 @@
 #
 # %CopyrightBegin%
-# 
-# Copyright Ericsson AB 2008-2009. All Rights Reserved.
-# 
+#
+# Copyright Ericsson AB 2008-2010. All Rights Reserved.
+#
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
 # compliance with the License. You should have received a copy of the
 # Erlang Public License along with this software. If not, it can be
 # retrieved online at http://www.erlang.org/.
-# 
+#
 # Software distributed under the License is distributed on an "AS IS"
 # basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
 # the License for the specific language governing rights and limitations
 # under the License.
-# 
+#
 # %CopyrightEnd%
 #
 
@@ -40,7 +40,7 @@ RELSYSDIR = $(RELEASE_PATH)/lib/public_key-$(VSN)
 
 ASN_TOP = OTP-PUB-KEY
 ASN_MODULES = PKIX1Explicit88 PKIX1Implicit88 PKIX1Algorithms88 \
-	PKIXAttributeCertificate OTP-PKIX 
+	PKIXAttributeCertificate PKCS-1 PKCS-3 OTP-PKIX 
 ASN_ASNS = $(ASN_MODULES:%=%.asn1)
 ASN_ERLS = $(ASN_TOP).erl
 ASN_HRLS = $(ASN_TOP).hrl
@@ -110,4 +110,6 @@ OTP-PUB-KEY.asn1db:		PKIX1Algorithms88.asn1 \
 				PKIX1Explicit88.asn1 \
 				PKIX1Implicit88.asn1 \
 				PKIXAttributeCertificate.asn1 \
+				PKCS-1.asn1\
+				PKCS-3.asn1\
 				OTP-PKIX.asn1
diff --git a/lib/public_key/asn1/OTP-PUB-KEY.set.asn b/lib/public_key/asn1/OTP-PUB-KEY.set.asn
index 2f9ccd6b0e..5c76d13115 100644
--- a/lib/public_key/asn1/OTP-PUB-KEY.set.asn
+++ b/lib/public_key/asn1/OTP-PUB-KEY.set.asn
@@ -4,4 +4,5 @@ PKIX1Implicit88.asn1
 PKIXAttributeCertificate.asn1
 PKIX1Algorithms88.asn1
 PKCS-1.asn1
+PKCS-3.asn1
 DSS.asn1
diff --git a/lib/public_key/asn1/PKCS-3.asn1 b/lib/public_key/asn1/PKCS-3.asn1
new file mode 100644
index 0000000000..64180b3a85
--- /dev/null
+++ b/lib/public_key/asn1/PKCS-3.asn1
@@ -0,0 +1,21 @@
+PKCS-3 {
+       iso(1) member-body(2) us(840) rsadsi(113549)
+      pkcs(1) 3
+}
+
+DEFINITIONS EXPLICIT TAGS ::=
+
+BEGIN
+	
+pkcs-3 OBJECT IDENTIFIER ::=
+  { iso(1) member-body(2) us(840) rsadsi(113549)
+      pkcs(1) 3 }
+      
+dhKeyAgreement OBJECT IDENTIFIER ::= { pkcs-3 1 }
+
+DHParameter ::= SEQUENCE {
+  prime INTEGER, -- p
+  base INTEGER, -- g
+  privateValueLength INTEGER OPTIONAL }
+
+END
\ No newline at end of file