aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/doc/src/ssl.xml
diff options
context:
space:
mode:
Diffstat (limited to 'lib/ssl/doc/src/ssl.xml')
-rw-r--r--lib/ssl/doc/src/ssl.xml87
1 files changed, 46 insertions, 41 deletions
diff --git a/lib/ssl/doc/src/ssl.xml b/lib/ssl/doc/src/ssl.xml
index 21ea1be4b4..90a9181ede 100644
--- a/lib/ssl/doc/src/ssl.xml
+++ b/lib/ssl/doc/src/ssl.xml
@@ -55,7 +55,7 @@
<datatype>
<name name="sslsocket"/>
<desc>
- <p>An opaque reference to the TLS/DTLS connection.</p>
+ <p>An opaque reference to the TLS/DTLS connection, may be used for equality matching.</p>
</desc>
</datatype>
@@ -87,19 +87,14 @@
</datatype>
<datatype>
- <name name="socket_connect_option"/>
- </datatype>
-
- <datatype>
- <name name="socket_listen_option"/>
- </datatype>
-
- <datatype>
<name name="active_msgs"/>
<desc>
- <p>When an TLS/DTLS socket is in active mode (the default), data from the
+ <p>When a TLS/DTLS socket is in active mode (the default), data from the
socket is delivered to the owner of the socket in the form of
messages as described above.</p>
+ <p>The <c>ssl_passive</c> message is sent only when the socket is in
+ <c>{active, N}</c> mode and the counter dropped to 0. It indicates
+ that the socket has transitioned to passive (<c>{active, false}</c>) mode.</p>
</desc>
</datatype>
@@ -119,11 +114,7 @@
</p>
</desc>
</datatype>
-
- <datatype>
- <name name="path"/>
- </datatype>
-
+
<datatype>
<name name="host"/>
</datatype>
@@ -147,12 +138,14 @@
<datatype>
<name name="dtls_version"/>
</datatype>
-
-
- <datatype>
+
+ <datatype>
<name name="legacy_version"/>
</datatype>
+ <datatype>
+ <name name="prf_random"/>
+ </datatype>
<datatype>
<name name="verify_type"/>
@@ -190,7 +183,10 @@
<name name="legacy_hash"/>
</datatype>
-
+ <datatype>
+ <name name="old_cipher_suite"/>
+ </datatype>
+
<datatype>
<name name="signature_algs"/>
</datatype>
@@ -200,7 +196,7 @@
</datatype>
<datatype>
- <name name="key_algo"/>
+ <name name="kex_algo"/>
</datatype>
<datatype>
@@ -232,6 +228,10 @@
</datatype>
<datatype>
+ <name name="protocol_extensions"/>
+ </datatype>
+
+ <datatype>
<name name="error_alert"/>
</datatype>
@@ -366,8 +366,8 @@
<p>The verification fun is to be defined as follows:</p>
<code>
-fun(OtpCert :: #'OTPCertificate'{}, Event :: {bad_cert, Reason :: atom() | {revoked,
-atom()}} |
+fun(OtpCert :: #'OTPCertificate'{}, Event :: {bad_cert, Reason :: atom() |
+ {revoked, atom()}} |
{extension, #'Extension'{}}, InitialUserState :: term()) ->
{valid, UserState :: term()} | {valid_peer, UserState :: term()} |
{fail, Reason :: term()} | {unknown, UserState :: term()}.
@@ -580,7 +580,8 @@ fun(Chain::[public_key:der_encoded()]) ->
fun(psk, PSKIdentity ::string(), UserState :: term()) ->
{ok, SharedSecret :: binary()} | error;
fun(srp, Username :: string(), UserState :: term()) ->
- {ok, {SRPParams :: srp_param_type(), Salt :: binary(), DerivedKey :: binary()}} | error.
+ {ok, {SRPParams :: srp_param_type(), Salt :: binary(),
+ DerivedKey :: binary()}} | error.
</code>
<p>For Pre-Shared Key (PSK) cipher suites, the lookup fun is
@@ -658,7 +659,11 @@ fun(srp, Username :: string(), UserState :: term()) ->
</desc>
</datatype>
-
+ <datatype>
+ <name name="ssl_imp"/>
+ <desc><p>Deprecated since OTP-17, has no affect.</p></desc>
+ </datatype>
+
<datatype_title>TLS/DTLS OPTION DESCRIPTIONS - CLIENT</datatype_title>
<datatype>
@@ -1079,7 +1084,7 @@ fun(srp, Username :: string(), UserState :: term()) ->
<func>
<name since="OTP R14B">cipher_suites() -></name>
- <name since="OTP R14B">cipher_suites(Type) -> old_ciphers()</name>
+ <name since="OTP R14B">cipher_suites(Type) -> [old_cipher_suite()]</name>
<fsummary>Returns a list of supported cipher suites.</fsummary>
<type>
<v>Type = erlang | openssl | all</v>
@@ -1140,10 +1145,10 @@ fun(srp, Username :: string(), UserState :: term()) ->
equivalent, connected socket to an TLS socket.</fsummary>
<type>
<v>Socket = <seealso marker="#type-socket"> socket() </seealso></v>
- <v>Options = <seealso marker="#type-client_option"> [client_option()] </seealso></v>
+ <v>Options = <seealso marker="#type-tls_client_option"> [tls_client_option()] </seealso></v>
<v>Timeout = timeout()</v>
<v>SslSocket = <seealso marker="#type-sslsocket"> sslsocket() </seealso></v>
- <v>Ext = hello_extensions()</v>
+ <v>Ext = <seealso marker="#type-protocol_extensions">protocol_extensions()</seealso></v>
<v>Reason = closed | timeout | <seealso marker="#type-error_alert"> error_alert() </seealso></v>
</type>
<desc><p>Upgrades a <c>gen_tcp</c>, or equivalent,
@@ -1169,8 +1174,8 @@ fun(srp, Username :: string(), UserState :: term()) ->
marker="#handshake_cancel-1"><c>handshake_cancel/1</c></seealso>.
</p>
- <p> If the option <c>active</c> is set to <c>once</c> or <c>true</c> the
- process owning the sslsocket will receive messages of type
+ <p> If the option <c>active</c> is set to <c>once</c>, <c>true</c> or an integer value,
+ the process owning the sslsocket will receive messages of type
<seealso marker="#type-active_msgs"> active_msgs() </seealso>
</p>
</desc>
@@ -1184,7 +1189,7 @@ fun(srp, Username :: string(), UserState :: term()) ->
<type>
<v>Host =<seealso marker="#type-host"> host() </seealso> </v>
<v>Port = <seealso marker="kernel:inet#type-port_number">inet:port_number()</seealso></v>
- <v>Options = <seealso marker="#type-client_option"> [client_option()]</seealso></v>
+ <v>Options = <seealso marker="#type-tls_client_option"> [tls_client_option()]</seealso></v>
<v>Timeout = timeout()</v>
<v>SslSocket = <seealso marker="#type-sslsocket"> sslsocket() </seealso></v>
<v>Reason = closed | timeout | <seealso marker="#type-error_alert"> error_alert() </seealso></v>
@@ -1217,8 +1222,8 @@ fun(srp, Username :: string(), UserState :: term()) ->
marker="#handshake_cancel-1"><c>handshake_cancel/1</c></seealso>.
</p>
- <p> If the option <c>active</c> is set to <c>once</c> or <c>true</c> the
- process owning the sslsocket will receive messages of type
+ <p> If the option <c>active</c> is set to <c>once</c>, <c>true</c> or an integer value,
+ the process owning the sslsocket will receive messages of type
<seealso marker="#type-active_msgs"> active_msgs() </seealso>
</p>
</desc>
@@ -1379,8 +1384,8 @@ fun(srp, Username :: string(), UserState :: term()) ->
<p>Performs the SSL/TLS/DTLS server-side handshake.</p>
<p>Returns a new TLS/DTLS socket if the handshake is successful.</p>
- <p> If the option <c>active</c> is set to <c>once</c> or <c>true</c> the
- process owning the sslsocket will receive messages of type
+ <p> If the option <c>active</c> is set to <c>once</c>, <c>true</c> or an integer value,
+ the process owning the sslsocket will receive messages of type
<seealso marker="#type-active_msgs"> active_msgs() </seealso>
</p>
</desc>
@@ -1393,8 +1398,8 @@ fun(srp, Username :: string(), UserState :: term()) ->
<type>
<v>Socket = socket() | <seealso marker="#type-sslsocket"> socket() </seealso> </v>
<v>SslSocket = <seealso marker="#type-sslsocket"> sslsocket() </seealso> </v>
- <v>Ext = hello_extensions()</v>
- <v>Options = <seealso marker="#type-server_option"> [server_option()] </seealso> </v>
+ <v>Ext = <seealso marker="#type-protocol_extensions">protocol_extensions()</seealso></v>
+ <v>Options = <seealso marker="#type-tls_server_option"> [server_option()] </seealso> </v>
<v>Timeout = timeout()</v>
<v>Reason = closed | timeout | <seealso marker="#type-error_alert"> error_alert() </seealso></v>
</type>
@@ -1424,8 +1429,8 @@ fun(srp, Username :: string(), UserState :: term()) ->
marker="#handshake_cancel-1"><c>handshake_cancel/1</c></seealso>.
</p>
- <p> If the option <c>active</c> is set to <c>once</c> or <c>true</c> the
- process owning the sslsocket will receive messages of type
+ <p> If the option <c>active</c> is set to <c>once</c>, <c>true</c> or an integer value,
+ the process owning the sslsocket will receive messages of type
<seealso marker="#type-active_msgs"> active_msgs() </seealso>
</p>
@@ -1464,7 +1469,7 @@ fun(srp, Username :: string(), UserState :: term()) ->
<fsummary>Creates an SSL listen socket.</fsummary>
<type>
<v>Port = <seealso marker="kernel:inet#type-port_number">inet:port_number()</seealso></v>
- <v>Options = <seealso marker="#type-server_option"> [server_option()] </seealso></v>
+ <v>Options = <seealso marker="#type-tls_server_option"> [server_option()] </seealso></v>
<v>ListenSocket = <seealso marker="#type-sslsocket"> sslsocket() </seealso></v>
</type>
<desc>
@@ -1539,7 +1544,7 @@ fun(srp, Username :: string(), UserState :: term()) ->
<v>Socket = <seealso marker="#type-sslsocket"> sslsocket() </seealso></v>
<v>Secret = binary() | master_secret</v>
<v>Label = binary()</v>
- <v>Seed = [binary() | prf_random()]</v>
+ <v>Seed = [binary() | <seealso marker="#type-prf_random"> prf_random()</seealso>]</v>
<v>WantedLength = non_neg_integer()</v>
</type>
<desc>
@@ -1658,7 +1663,7 @@ fun(srp, Username :: string(), UserState :: term()) ->
<fsummary>Performs server-side SSL/TLS/DTLS handshake.</fsummary>
<type>
<v>Socket = socket() | <seealso marker="#type-sslsocket"> sslsocket() </seealso> </v>
- <v>Options = <seealso marker="#type-server_option"> [server_option()] </seealso> </v>
+ <v>Options = <seealso marker="#type-tls_server_option"> [server_option()] </seealso> </v>
<v>Timeout = timeout()</v>
<v>Reason = closed | timeout | <seealso marker="#type-error_alert"> error_alert() </seealso></v>
</type>