1 files changed, 46 insertions, 29 deletions

diff --git a/lib/ssl/doc/src/ssl.xml b/lib/ssl/doc/src/ssl.xml
index d5b7253ef3..cd5c9281cd 100644
--- a/lib/ssl/doc/src/ssl.xml
+++ b/lib/ssl/doc/src/ssl.xml
@@ -4,7 +4,7 @@
 <erlref>
   <header>
     <copyright>
-      <year>1999</year><year>2010</year>
+      <year>1999</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -72,10 +72,10 @@
       {verify_fun, {fun(), term()}} |
       {fail_if_no_peer_cert, boolean()}
       {depth, integer()} |
-      {cert, der_bin()}| {certfile, path()} |
-      {key, der_bin()} | {keyfile, path()} | {password, string()} |
-      {cacerts, [der_bin()]} | {cacertfile, path()} |
-      |{dh, der_bin()} | {dhfile, path()} | {ciphers, ciphers()} |
+      {cert, der_encoded()}| {certfile, path()} |
+      {key, der_encoded()} | {keyfile, path()} | {password, string()} |
+      {cacerts, [der_encoded()]} | {cacertfile, path()} |
+      |{dh, der_encoded()} | {dhfile, path()} | {ciphers, ciphers()} |
       {ssl_imp, ssl_imp()} | {reuse_sessions, boolean()} | {reuse_session, fun()} 
     </c></p>
 
@@ -95,7 +95,7 @@
     
     <p><c>path() = string() - representing a file path.</c></p>
 
-    <p><c>der_bin() = binary() -Asn1 DER encoded entity as an erlang binary.</c></p>
+    <p><c>der_encoded() = binary() -Asn1 DER encoded entity as an erlang binary.</c></p>
     
     <p><c>host() = hostname() | ipaddress()</c></p>
         
@@ -114,7 +114,7 @@
     <p><c>ciphersuite() =
       {key_exchange(), cipher(), hash()}</c></p>
     
-    <p><c>key_exchange() =  rsa | dhe_dss | dhe_rsa
+    <p><c>key_exchange() =  rsa | dhe_dss | dhe_rsa | dh_anon
     </c></p>
 
    <p><c>cipher() = rc4_128 | des_cbc | '3des_ede_cbc'
@@ -136,14 +136,14 @@
     
     <taglist>
 
-      <tag>{cert, der_bin()}</tag>
+      <tag>{cert, der_encoded()}</tag>
       <item> The DER encoded users certificate. If this option
       is supplied it will override the certfile option.</item>
       
       <tag>{certfile, path()}</tag>
       <item>Path to a file containing the user's certificate.</item>
       
-      <tag>{key, der_bin()}</tag>
+      <tag>{key, der_encoded()}</tag>
       <item> The DER encoded users private key. If this option
       is supplied it will override the keyfile option.</item>
       
@@ -158,7 +158,7 @@
 	Only used if the private keyfile is password protected.
       </item>
 
-      <tag>{cacerts, [der_bin()]}</tag>
+      <tag>{cacerts, [der_encoded()]}</tag>
       <item> The DER encoded trusted certificates. If this option
       is supplied it will override the cacertfile option.</item>
 
@@ -170,8 +170,13 @@
 
       <tag>{ciphers, ciphers()}</tag>
       <item>The cipher suites that should be supported. The function
-      <c>ciphers_suites/0</c> can be used to find all available
-      ciphers.
+      <c>cipher_suites/0</c> can be used to find all available
+      ciphers. Additionally some anonymous cipher suites ({dh_anon,
+      rc4_128, md5}, {dh_anon, des_cbc, sha}, {dh_anon,
+      '3des_ede_cbc', sha}, {dh_anon, aes_128_cbc, sha}, {dh_anon,
+      aes_256_cbc, sha}) are supported for testing purposes and will
+      only work if explicitly enabled by this option and they are supported/enabled
+      by the peer also.
       </item>
 
       <tag>{ssl_imp, ssl_imp()}</tag>
@@ -202,10 +207,10 @@
 	<p>The verification fun should be defined as:</p>
 
 	<code>
-fun(OtpCert :: #'OtpCertificate'{}, Event :: {bad_cert, Reason :: atom()} |
+fun(OtpCert :: #'OTPCertificate'{}, Event :: {bad_cert, Reason :: atom()} |
 	     {extension, #'Extension'{}}, InitialUserState :: term()) ->
-	{valid, UserState :: term()} | {fail, Reason :: term()} |
-	{unknown, UserState :: term()}.
+	{valid, UserState :: term()} | {valid_peer, UserState :: term()} |
+	{fail, Reason :: term()} | {unknown, UserState :: term()}.
 	</code>
 
 	<p>The verify fun will be called during the X509-path
@@ -213,10 +218,12 @@ fun(OtpCert :: #'OtpCertificate'{}, Event :: {bad_cert, Reason :: atom()} |
 	application is encountered. Additionally it will be called
 	when a certificate is considered valid by the path validation
 	to allow access to each certificate in the path to the user
-	application.
-	See
-	<seealso marker="public_key:application">public_key(3)</seealso>
-	for definition of #'OtpCertificate'{} and #'Extension'{}.</p>
+	application. Note that the it will differentiate between the
+	peer certificate and CA certificates by using valid_peer or
+	valid as the second argument to the verify fun.  See <seealso
+	marker="public_key:cert_records">the public_key User's
+	Guide</seealso> for definition of #'OTPCertificate'{} and
+	#'Extension'{}.</p>
 
 	<p>If the verify callback fun returns {fail, Reason}, the
 	verification process is immediately stopped and an alert is
@@ -237,21 +244,23 @@ fun(OtpCert :: #'OtpCertificate'{}, Event :: {bad_cert, Reason :: atom()} |
     (_,{extension, _}, UserState) ->
 	 {unknown, UserState};
     (_, valid, UserState) ->
-	 {valid, UserState}
+	 {valid, UserState};
+    (_, valid_peer, UserState) ->
+         {valid, UserState}
  end, []}
       </code>
 
       <p>The default verify_fun option in verify_none mode:</p>
 
        <code>
-{fun(_,{bad_cert, unknown_ca}, UserState) ->
+{fun(_,{bad_cert, _}, UserState) ->
 	 {valid, UserState};
-    (_,{bad_cert, _} = Reason, _) ->
-	 {fail, Reason};
     (_,{extension, _}, UserState) ->
 	 {unknown, UserState};
     (_, valid, UserState) ->
-	 {valid, UserState}
+	 {valid, UserState};
+    (_, valid_peer, UserState) ->
+         {valid, UserState}
  end, []}
       </code>
 
@@ -260,6 +269,13 @@ fun(OtpCert :: #'OtpCertificate'{}, Event :: {bad_cert, Reason :: atom()} |
 <p> {bad_cert, cert_expired}, {bad_cert, invalid_issuer}, {bad_cert, invalid_signature}, {bad_cert, unknown_ca}, {bad_cert, name_not_permitted}, {bad_cert, missing_basic_constraint}, {bad_cert, invalid_key_usage}</p>
       </item>
 
+      <tag>{hibernate_after, integer()|undefined}</tag>
+      <item>When an integer-value is specified, the <code>ssl_connection</code>
+            will go into hibernation after the specified number of milliseconds
+            of inactivity, thus reducing its memory footprint. When
+            <code>undefined</code> is specified (this is the default), the process
+            will never go into hibernation.
+      </item>
     </taglist>
 
   </section>
@@ -267,13 +283,14 @@ fun(OtpCert :: #'OtpCertificate'{}, Event :: {bad_cert, Reason :: atom()} |
    <section>
     <title>SSL OPTION DESCRIPTIONS - CLIENT SIDE</title>
 
-    <p>Option described here are client specific or has a slightly different
+    <p>Options described here are client specific or has a slightly different
     meaning in the client than in the server.</p>
 
     <taglist>
       <tag>{verify, verify_type()}</tag>
-      <item> In verify_none mode the x509-path validation error {bad_cert, unknown_ca}
-      will automatically be accepted. See also the verify_fun option.
+      <item> In verify_none mode the default behavior will be to
+      allow all x509-path validation errors. See also the verify_fun
+      option.
       </item>
       <tag>{reuse_sessions, boolean()}</tag>
       <item>Specifies if client should try to reuse sessions
@@ -286,12 +303,12 @@ fun(OtpCert :: #'OtpCertificate'{}, Event :: {bad_cert, Reason :: atom()} |
   <section>
     <title>SSL OPTION DESCRIPTIONS - SERVER SIDE</title>
 
-    <p>Option described here are server specific or has a slightly different
+    <p>Options described here are server specific or has a slightly different
     meaning in the server than in the client.</p>
 
     <taglist>
 
-      <tag>{dh, der_bin()}</tag>
+      <tag>{dh, der_encoded()}</tag>
       <item>The DER encoded Diffie Hellman parameters. If this option
       is supplied it will override the dhfile option.
       </item>