aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/doc/src/ssl.xml
diff options
context:
space:
mode:
authorIngela Anderton Andin <[email protected]>2018-06-08 09:56:43 +0200
committerIngela Anderton Andin <[email protected]>2018-06-08 09:56:43 +0200
commitcabbb94eab4d94f3c924f8854e3f030d7ceca9cc (patch)
tree4b53159ae1918ef7d8b2814dfb45f71cd62b0910 /lib/ssl/doc/src/ssl.xml
parentec031cb823e7691ab28d7599a4064331ccd90754 (diff)
parentf821c91cebe0cee22c1c6e0a9dfe45d4e9b5f129 (diff)
downloadotp-cabbb94eab4d94f3c924f8854e3f030d7ceca9cc.tar.gz
otp-cabbb94eab4d94f3c924f8854e3f030d7ceca9cc.tar.bz2
otp-cabbb94eab4d94f3c924f8854e3f030d7ceca9cc.zip
Merge branch 'ingela/ssl/verify-hostname-customize/OTP-15102'
* ingela/ssl/verify-hostname-customize/OTP-15102: ssl: Add option customize_hostname_check
Diffstat (limited to 'lib/ssl/doc/src/ssl.xml')
-rw-r--r--lib/ssl/doc/src/ssl.xml9
1 files changed, 9 insertions, 0 deletions
diff --git a/lib/ssl/doc/src/ssl.xml b/lib/ssl/doc/src/ssl.xml
index 029f29cdb3..825bf46459 100644
--- a/lib/ssl/doc/src/ssl.xml
+++ b/lib/ssl/doc/src/ssl.xml
@@ -89,6 +89,7 @@
[binary()]} | {client | server, [binary()], binary()}}</c></p>
<p><c>| {log_alert, boolean()}</c></p>
<p><c>| {server_name_indication, hostname() | disable}</c></p>
+ <p><c>| {customize_hostname_check, list()}</c></p>
<p><c>| {sni_hosts, [{hostname(), [ssl_option()]}]}</c></p>
<p><c>| {sni_fun, SNIfun::fun()}</c></p>
</item>
@@ -649,6 +650,14 @@ fun(srp, Username :: string(), UserState :: term()) ->
disables the hostname verification check
<seealso marker="public_key:public_key#pkix_verify_hostname-2">public_key:pkix_verify_hostname/2</seealso> </p>
</item>
+
+ <tag><c>{customize_hostname_check, Options::list()}</c></tag>
+ <item>
+ <p> Customizes the hostname verification of the peer certificate, as different protocols that use
+ TLS such as HTTP or LDAP may want to do it differently, for possible options see
+ <seealso marker="public_key:public_key#pkix_verify_hostname-3">public_key:pkix_verify_hostname/3</seealso> </p>
+ </item>
+
<tag><c>{fallback, boolean()}</c></tag>
<item>
<p> Send special cipher suite TLS_FALLBACK_SCSV to avoid undesired TLS version downgrade.