aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/doc
diff options
context:
space:
mode:
authorDan Gudmundsson <[email protected]>2010-04-20 12:00:00 +0200
committerBjörn Gustavsson <[email protected]>2010-08-20 08:50:41 +0200
commitf0dbde23b539999add8754ec84541698419fc8b5 (patch)
treec2924c60a51335f1b25ef6493b8013fb6de52c7a /lib/ssl/doc
parentb792ebc90dca5c9ba3d75d7f3c56e2295ae5d6f3 (diff)
downloadotp-f0dbde23b539999add8754ec84541698419fc8b5.tar.gz
otp-f0dbde23b539999add8754ec84541698419fc8b5.tar.bz2
otp-f0dbde23b539999add8754ec84541698419fc8b5.zip
public_key, ssl: Patch 1112
OTP-7046 Support for Diffie-Hellman. ssl-3.11 requires public_key-0.6. OTP-8553 Moved extended key usage test for ssl values to ssl. OTP-8557 Fixes handling of the option fail_if_no_peer_cert and some undocumented options. Thanks to Rory Byrne. OTP-7046 Support for Diffie-Hellman. ssl-3.11 requires public_key-0.6. OTP-8517 New ssl now properly handles ssl renegotiation, and initiates a renegotiation if ssl/ltls-sequence numbers comes close to the max value. However RFC-5746 is not yet supported, but will be in an upcoming release. OTP-8545 When gen_tcp is configured with the {packet,http} option, it automatically switches to expect HTTP Headers after a HTTP Request/Response line has been received. This update fixes ssl to behave in the same way. Thanks to Rory Byrne. OTP-8554 Ssl now correctly verifies the extended_key_usage extension and also allows the user to verify application specific extensions by supplying an appropriate fun. OTP-8560 Fixed ssl:transport_accept/2 to return properly when socket is closed. Thanks to Rory Byrne.
Diffstat (limited to 'lib/ssl/doc')
-rw-r--r--lib/ssl/doc/src/new_ssl.xml25
-rw-r--r--lib/ssl/doc/src/notes.xml61
2 files changed, 82 insertions, 4 deletions
diff --git a/lib/ssl/doc/src/new_ssl.xml b/lib/ssl/doc/src/new_ssl.xml
index b642280096..08868a1b3c 100644
--- a/lib/ssl/doc/src/new_ssl.xml
+++ b/lib/ssl/doc/src/new_ssl.xml
@@ -84,8 +84,6 @@
<item>New API functions are
ssl:shutdown/2, ssl:cipher_suites/[0,1] and
ssl:versions/0</item>
- <item>Diffie-Hellman keyexchange is
- not supported yet.</item>
<item>CRL and policy certificate
extensions are not supported yet. </item>
<item>Supported SSL/TLS-versions are SSL-3.0 and TLS-1.0 </item>
@@ -118,8 +116,8 @@
{fail_if_no_peer_cert, boolean()}
{depth, integer()} |
{certfile, path()} | {keyfile, path()} | {password, string()} |
- {cacertfile, path()} | {ciphers, ciphers()} | {ssl_imp, ssl_imp()}
- | {reuse_sessions, boolean()} | {reuse_session, fun()}
+ {cacertfile, path()} | {dhfile, path()} | {ciphers, ciphers()} |
+ {ssl_imp, ssl_imp()} | {reuse_sessions, boolean()} | {reuse_session, fun()}
</c></p>
<p><c>transportoption() = {CallbackModule, DataTag, ClosedTag}
@@ -262,6 +260,12 @@ end
CA certificates (trusted certificates used for verifying a peer
certificate). May be omitted if you do not want to verify
the peer.</item>
+
+ <tag>{dhfile, path()}</tag>
+ <item>Path to file containing PEM encoded Diffie Hellman parameters,
+ for the server to use if a cipher suite using Diffie Hellman key exchange
+ is negotiated. If not specified hardcode parameters will be used.
+ </item>
<tag>{ciphers, ciphers()}</tag>
<item>The function <c>ciphers_suites/0</c> can
@@ -491,6 +495,19 @@ end
</func>
<func>
+ <name>renegotiate(Socket) -> ok | {error, Reason}</name>
+ <fsummary> Initiates a new handshake.</fsummary>
+ <type>
+ <v>Socket = sslsocket()</v>
+ </type>
+ <desc><p>Initiates a new handshake. A notable return value is
+ <c>{error, renegotiation_rejected}</c> indicating that the peer
+ refused to go through with the renegotiation but the connection
+ is still active using the previously negotiated session.</p>
+ </desc>
+ </func>
+
+ <func>
<name>send(Socket, Data) -> ok | {error, Reason}</name>
<fsummary>Write data to a socket.</fsummary>
<type>
diff --git a/lib/ssl/doc/src/notes.xml b/lib/ssl/doc/src/notes.xml
index 2dd11bc88e..9d13427677 100644
--- a/lib/ssl/doc/src/notes.xml
+++ b/lib/ssl/doc/src/notes.xml
@@ -30,6 +30,67 @@
</header>
<p>This document describes the changes made to the SSL application.
</p>
+<section><title>SSL 3.11</title>
+
+ <section><title>Fixed Bugs and Malfunctions</title>
+ <list>
+ <item>
+ <p>
+ Fixes handling of the option fail_if_no_peer_cert and
+ some undocumented options. Thanks to Rory Byrne.</p>
+ <p>
+ Own Id: OTP-8557</p>
+ </item>
+ </list>
+ </section>
+
+ <section><title>Improvements and New Features</title>
+ <list>
+ <item>
+ <p>
+ Support for Diffie-Hellman. ssl-3.11 requires
+ public_key-0.6.</p>
+ <p>
+ Own Id: OTP-7046</p>
+ </item>
+ <item>
+ <p>
+ New ssl now properly handles ssl renegotiation, and
+ initiates a renegotiation if ssl/ltls-sequence numbers
+ comes close to the max value. However RFC-5746 is not yet
+ supported, but will be in an upcoming release.</p>
+ <p>
+ Own Id: OTP-8517</p>
+ </item>
+ <item>
+ <p>
+ When gen_tcp is configured with the {packet,http} option,
+ it automatically switches to expect HTTP Headers after a
+ HTTP Request/Response line has been received. This update
+ fixes ssl to behave in the same way. Thanks to Rory
+ Byrne.</p>
+ <p>
+ Own Id: OTP-8545</p>
+ </item>
+ <item>
+ <p>
+ Ssl now correctly verifies the extended_key_usage
+ extension and also allows the user to verify application
+ specific extensions by supplying an appropriate fun.</p>
+ <p>
+ Own Id: OTP-8554 Aux Id: OTP-8553 </p>
+ </item>
+ <item>
+ <p>
+ Fixed ssl:transport_accept/2 to return properly when
+ socket is closed. Thanks to Rory Byrne.</p>
+ <p>
+ Own Id: OTP-8560</p>
+ </item>
+ </list>
+ </section>
+
+</section>
<section><title>SSL 3.10.9</title>