aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/doc/src
diff options
context:
space:
mode:
authorGustav Simonsson <[email protected]>2012-03-26 15:50:31 +0200
committerGustav Simonsson <[email protected]>2012-03-26 15:51:03 +0200
commitc1f3ffc3df15422bb60a24eb6417069feec9352f (patch)
tree4f7f95d95f33d6680ef09e5708b4db5bae7659dd /lib/ssl/doc/src
parent49bd93a2bc608f84bc1bb849ee98e0677e34dd43 (diff)
parent89ae746305215c5dd077441ba796ff37b03fdaa3 (diff)
downloadotp-c1f3ffc3df15422bb60a24eb6417069feec9352f.tar.gz
otp-c1f3ffc3df15422bb60a24eb6417069feec9352f.tar.bz2
otp-c1f3ffc3df15422bb60a24eb6417069feec9352f.zip
Merge branch 'as/ssl-tls-prf-function' into maint
* as/ssl-tls-prf-function: Some protocols (e.g. EAP-PEAP, EAP-TLS, EAP-TTLS) that use TLS as transport layer need to generate additional application specific key material One way to generate such material is to use the TLS PRF and key material from the TLS session itself OTP-10024
Diffstat (limited to 'lib/ssl/doc/src')
-rw-r--r--lib/ssl/doc/src/ssl.xml23
1 files changed, 23 insertions, 0 deletions
diff --git a/lib/ssl/doc/src/ssl.xml b/lib/ssl/doc/src/ssl.xml
index 4910a6f1b8..62a79e15eb 100644
--- a/lib/ssl/doc/src/ssl.xml
+++ b/lib/ssl/doc/src/ssl.xml
@@ -122,6 +122,9 @@
<p> <c>hash() = md5 | sha
</c></p>
+ <p><c>prf_random() = client_random | server_random
+ </c></p>
+
</section>
<section>
@@ -561,6 +564,26 @@ fun(OtpCert :: #'OTPCertificate'{}, Event :: {bad_cert, Reason :: atom()} |
</func>
<func>
+ <name>prf(Socket, Secret, Label, Seed, WantedLength) -> {ok, binary()} | {error, reason()}</name>
+ <fsummary>Use a sessions pseudo random function to generate key material.</fsummary>
+ <type>
+ <v>Socket = sslsocket()</v>
+ <v>Secret = binary() | master_secret</v>
+ <v>Label = binary()</v>
+ <v>Seed = [binary() | prf_random()]</v>
+ <v>WantedLength = non_neg_integer()</v>
+ </type>
+ <desc>
+ <p>Use the pseudo random function (PRF) of a TLS session to generate
+ additional key material. It either takes user generated values for
+ <c>Secret</c> and <c>Seed</c> or atoms directing it use a specific
+ value from the session security parameters.</p>
+ <p>This function can only be used with TLS connections, <c>{error, undefined}</c>
+ is returned for SSLv3 connections.</p>
+ </desc>
+ </func>
+
+ <func>
<name>renegotiate(Socket) -> ok | {error, Reason}</name>
<fsummary> Initiates a new handshake.</fsummary>
<type>