1 files changed, 156 insertions, 2 deletions

diff --git a/lib/ssl/doc/src/notes.xml b/lib/ssl/doc/src/notes.xml
index 5f9e436348..52ee9c086a 100644
--- a/lib/ssl/doc/src/notes.xml
+++ b/lib/ssl/doc/src/notes.xml
@@ -4,7 +4,7 @@
 <chapter>
   <header>
     <copyright>
-      <year>1999</year><year>2010</year>
+      <year>1999</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -31,7 +31,161 @@
   <p>This document describes the changes made to the SSL application.
     </p>
 
-    <section><title>SSL 4.0.1</title>
+    <section><title>SSL 4.1.4</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    Reduced memory footprint of an ssl connection.</p>
+          <p>
+	    Handshake hashes, premaster secret and "public_key_info"
+	    does not need to be saved when the connection has been
+	    established. The own certificate is no longer duplicated
+	    in the state.</p>
+          <p>
+	    Own Id: OTP-9021</p>
+        </item>
+        <item>
+          <p>
+	    Add the option {hibernate_after, int()} to ssl:connect
+	    and ssl:listen</p>
+          <p>
+	    Own Id: OTP-9106</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
+<section><title>SSL 4.1.3</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+          <p>
+	    Fixed error in cache-handling fix from ssl-4.1.2</p>
+          <p>
+	    Own Id: OTP-9018 Aux Id: seq11739 </p>
+        </item>
+        <item>
+          <p>
+	    Verification of a critical extended_key_usage-extension
+	    corrected</p>
+          <p>
+	    Own Id: OTP-9029 Aux Id: seq11541 </p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
+<section><title>SSL 4.1.2</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+          <p>
+	    The ssl application caches certificate files, it will now
+	    invalidate cache entries if the diskfile is changed.</p>
+          <p>
+	    Own Id: OTP-8965 Aux Id: seq11739 </p>
+        </item>
+        <item>
+          <p>
+	    Now runs the terminate function before returning from the
+	    call made by ssl:close/1, as before the caller of
+	    ssl:close/1 could get problems with the reuseaddr option.</p>
+          <p>
+	    Own Id: OTP-8992</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
+<section><title>SSL 4.1.1</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+          <p>
+	    Correct handling of client certificate verify message
+	    When checking the client certificate verify message the
+	    server used the wrong algorithm identifier to determine
+	    the signing algorithm, causing a function clause error in
+	    the public_key application when the key-exchange
+	    algorithm and the public key algorithm of the client
+	    certificate happen to differ.</p>
+          <p>
+	    Own Id: OTP-8897</p>
+        </item>
+      </list>
+    </section>
+
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    For testing purposes ssl now also support some anonymous
+	    cipher suites when explicitly configured to do so.</p>
+          <p>
+	    Own Id: OTP-8870</p>
+        </item>
+        <item>
+          <p>
+	    Sends an error alert instead of crashing if a crypto
+	    function for the selected cipher suite fails.</p>
+          <p>
+	    Own Id: OTP-8930 Aux Id: seq11720 </p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
+<section><title>SSL 4.1</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    Updated ssl to ignore CA certs that violate the asn1-spec
+	    for a certificate, and updated public key asn1 spec to
+	    handle inherited DSS-params.</p>
+          <p>
+	    Own Id: OTP-7884</p>
+        </item>
+        <item>
+          <p>
+	    Changed ssl implementation to retain backwards
+	    compatibility for old option {verify, 0} that shall be
+	    equivalent to {verify, verify_none}, also separate the
+	    cases unknown ca and selfsigned peer cert, and restored
+	    return value of deprecated function
+	    public_key:pem_to_der/1.</p>
+          <p>
+	    Own Id: OTP-8858</p>
+        </item>
+        <item>
+          <p>
+	    Changed the verify fun so that it differentiate between
+	    the peer certificate and CA certificates by using
+	    valid_peer or valid as the second argument to the verify
+	    fun. It may not always be trivial or even possible to
+	    know when the peer certificate is reached otherwise.</p>
+          <p>
+	    *** POTENTIAL INCOMPATIBILITY ***</p>
+          <p>
+	    Own Id: OTP-8873</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
+<section><title>SSL 4.0.1</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
       <list>