1 files changed, 101 insertions, 81 deletions
diff --git a/lib/ssl/doc/src/ssl.xml b/lib/ssl/doc/src/ssl.xml
index f23b71e28b..e831f73530 100644
--- a/lib/ssl/doc/src/ssl.xml
+++ b/lib/ssl/doc/src/ssl.xml
@@ -31,37 +31,13 @@
   <module>ssl</module>
   <modulesummary>Interface Functions for Secure Socket Layer</modulesummary>
   <description>
-    <p>This module contains interface functions for the SSL.</p>
+    <p>
+      This module contains interface functions for the SSL/TLS protocol.
+      For detailed information about the supported standards see 
+      <seealso marker="ssl_app">ssl(6)</seealso>.
+    </p>
   </description>
-  
-  <section>
-    <title>SSL</title>
-
-    <list type="bulleted">
-      <item>For application dependencies see <seealso marker="ssl_app"> ssl(6)</seealso> </item>
-      <item>Supported SSL/TLS-versions are SSL-3.0, TLS-1.0,
-      TLS-1.1, and TLS-1.2.</item>
-      <item>For security reasons SSL-2.0 is not supported.</item>
-      <item>For security reasons SSL-3.0 is no longer supported by default,
-      but can be configured.</item>
-      <item>Ephemeral Diffie-Hellman cipher suites are supported,
-      but not Diffie Hellman Certificates cipher suites.</item>
-      <item>Elliptic Curve cipher suites are supported if the Crypto 
-      application supports it and named curves are used.
-      </item>
-      <item>Export cipher suites are not supported as the
-      U.S. lifted its export restrictions in early 2000.</item>
-      <item>IDEA cipher suites are not supported as they have
-      become deprecated by the latest TLS specification so it is not 
-      motivated to implement them.</item>
-      <item>CRL validation is supported.</item>
-      <item>Policy certificate extensions are not supported.</item>
-      <item>'Server Name Indication' extension client side
-      (RFC 6066, Section 3) is supported.</item>
-    </list>
- 
-  </section>
-  
+    
   <section>
     <title>DATA TYPES</title>
     <p>The following data types are used in the functions for SSL:</p>
@@ -84,11 +60,12 @@
       <seealso marker="kernel:gen_tcp">gen_tcp(3)</seealso> manual pages
       in Kernel.</p></item>
 
-      <tag><marker id="type-ssloption"></marker><c>ssloption() =</c></tag>
+      <tag><marker id="type-ssloption"/><c>ssloption() =</c></tag>
       <item>
 	<p><c>{verify, verify_type()}</c></p>
 	<p><c>| {verify_fun, {fun(), term()}}</c></p>
-	<p><c>| {fail_if_no_peer_cert, boolean()} {depth, integer()}</c></p>
+	<p><c>| {fail_if_no_peer_cert, boolean()}</c></p>
+	<p><c>| {depth, integer()}</c></p>
 	<p><c>| {cert, public_key:der_encoded()}</c></p>
 	<p><c>| {certfile, path()}</c></p>
 	<p><c>| {key, {'RSAPrivateKey'| 'DSAPrivateKey' | 'ECPrivateKey' 
@@ -159,7 +136,7 @@
       <tag><c>sslsocket() =</c></tag>
       <item><p>opaque()</p></item>
 
-      <tag><c>protocol() =</c></tag>
+      <tag><marker id="type-protocol"/><c>protocol() =</c></tag>
       <item><p><c>sslv3 | tlsv1 | 'tlsv1.1' | 'tlsv1.2'</c></p></item>
 
       <tag><c>ciphers() =</c></tag>
@@ -167,7 +144,9 @@
       <p>According to old API.</p></item>
 
       <tag><c>ciphersuite() =</c></tag>
-      <item><p><c>{key_exchange(), cipher(), hash()}</c></p></item>
+
+      <item><p><c>{key_exchange(), cipher(), MAC::hash()} |
+      {key_exchange(), cipher(), MAC::hash(), PRF::hash()}</c></p></item>
 
       <tag><c>key_exchange()=</c></tag>
       <item><p><c>rsa | dhe_dss | dhe_rsa | dh_anon | psk | dhe_psk
@@ -179,7 +158,7 @@
       | aes_128_cbc | aes_256_cbc | aes_128_gcm | aes_256_gcm</c></p></item>
 
       <tag><c>hash() =</c></tag>
-      <item><p><c>md5 | sha</c></p></item>
+      <item><p><c>md5 | sha | sha224 | sha256 | sha348 | sha512</c></p></item>
 
       <tag><c>prf_random() =</c></tag>
       <item><p><c>client_random | server_random</c></p></item>
@@ -244,7 +223,7 @@
       <url href="http://www.ietf.org/rfc/rfc5746.txt">RFC 5746</url>. 
       By default <c>secure_renegotiate</c> is set to <c>false</c>, 
       that is, secure renegotiation is used if possible,
-      but it fallback to unsecure renegotiation if the peer
+      but it falls back to insecure renegotiation if the peer
       does not support 
       <url href="http://www.ietf.org/rfc/rfc5746.txt">RFC 5746</url>.</p>
       </item>
@@ -292,7 +271,11 @@ atom()}} |
 	  terminate regarding verification failures and the connection is
 	  established.</p></item>
 	  <item><p>If called with an extension unknown to the user application,
-	  return value <c>{unknown, UserState}</c> is to be used.</p></item>
+	  return value <c>{unknown, UserState}</c> is to be used.</p>
+
+	  <p>Note that if the fun returns <c>unknown</c> for an extension marked
+	  as critical, validation will fail.</p>
+	  </item>
 	</list>
 
 	<p>Default option <c>verify_fun</c> in <c>verify_peer mode</c>:</p>
@@ -314,6 +297,8 @@ atom()}} |
        <code>
 {fun(_,{bad_cert, _}, UserState) ->
 	 {valid, UserState};
+    (_,{extension, #'Extension'{critical = true}}, UserState) ->
+	 {valid, UserState};
     (_,{extension, _}, UserState) ->
 	 {unknown, UserState};
     (_, valid, UserState) ->
@@ -330,7 +315,7 @@ atom()}} |
 	<tag><c>unknown_ca</c></tag>
 	<item><p>No trusted CA was found in the trusted store. The trusted CA is
 	normally a so called ROOT CA, which is a self-signed certificate. Trust can
-	be claimed for an intermediat CA (trusted anchor does not have to be
+	be claimed for an intermediate CA (trusted anchor does not have to be
 	self-signed according to X-509) by using option <c>partial_chain</c>.</p>
 	</item>
 
@@ -375,7 +360,7 @@ marker="public_key:public_key#pkix_path_validation-3">public_key:pkix_path_valid
 	  <tag><c>{http, timeout()}</c></tag>
 	  <item><p>
 	    Enables fetching of CRLs specified as http URIs in<seealso 
-	    marker="public_key:public_key_records"> X509 cerificate extensions.</seealso>
+	    marker="public_key:public_key_records"> X509 certificate extensions.</seealso>
 	    Requires the OTP inets application.</p>
 	  </item>	    
 	</taglist>    
@@ -436,7 +421,6 @@ fun(srp, Username :: string(), UserState :: term()) ->
 
         <warning><p>Using <c>{padding_check, boolean()}</c> makes TLS
 	vulnerable to the Poodle attack.</p></warning>
-
   </section>
   
   <section>
@@ -479,8 +463,8 @@ fun(srp, Username :: string(), UserState :: term()) ->
       <p>The negotiated protocol can be retrieved using the <c>negotiated_protocol/1</c> function.</p>
       </item>
 
-      <tag><c>{client_preferred_next_protocols, {Precedence :: server | client, ClientPrefs :: [binary()]}}</c></tag>
-      <tag><c>{client_preferred_next_protocols, {Precedence :: server | client, ClientPrefs :: [binary()], Default :: binary()}}</c></tag>
+      <tag><c>{client_preferred_next_protocols, {Precedence :: server | client, ClientPrefs :: [binary()]}}</c><br/>
+      <c>{client_preferred_next_protocols, {Precedence :: server | client, ClientPrefs :: [binary()], Default :: binary()}}</c></tag>
 	   <item>
 	   <p>Indicates that the client is to try to perform Next Protocol
 	   Negotiation.</p>
@@ -537,10 +521,45 @@ fun(srp, Username :: string(), UserState :: term()) ->
 	 be supported by the server for the prevention to work.
 	</p></warning>
       </item>
-      
-    </taglist>
+      <tag><marker id="client_signature_algs"/><c>{signature_algs, [{hash(), ecdsa | rsa | dsa}]}</c></tag>
+	<item>
+	<p>In addition to the algorithms negotiated by the cipher
+	suite used for key exchange, payload encryption, message
+	authentication and pseudo random calculation, the TLS signature
+	algorithm extension <url
+	href="http://www.ietf.org/rfc/rfc5246.txt">Section 7.4.1.4.1 in RFC 5246</url> may be
+	used, from TLS 1.2, to negotiate which signature algorithm to use during the
+	TLS handshake. If no lower TLS versions than 1.2 are supported,
+	the client will send a TLS signature algorithm extension
+	with the algorithms specified by this option.
+	Defaults to
+	
+	<code>[
+%% SHA2
+{sha512, ecdsa},
+{sha512, rsa},
+{sha384, ecdsa},
+{sha384, rsa},
+{sha256, ecdsa},
+{sha256, rsa},
+{sha224, ecdsa},
+{sha224, rsa},
+%% SHA
+{sha, ecdsa},
+{sha, rsa},
+{sha, dsa},
+%% MD5
+{md5, rsa}
+]</code>
+	
+	The algorithms should be in the preferred order.
+	Selected signature algorithm can restrict which hash functions
+	that may be selected.
+	</p>
+	</item>
+      </taglist>
    </section>
-
+   
   <section>
     <title>SSL OPTION DESCRIPTIONS - SERVER SIDE</title>
 
@@ -635,14 +654,14 @@ fun(srp, Username :: string(), UserState :: term()) ->
 
       <tag><c>{sni_hosts, [{hostname(), ssloptions()}]}</c></tag>
       <item><p>If the server receives a SNI (Server Name Indication) from the client
-      matching a host listed in the <c>sni_hosts</c> option, the speicific options for
+      matching a host listed in the <c>sni_hosts</c> option, the specific options for
       that host will override previously specified options.
 
       The option <c>sni_fun</c>, and <c>sni_hosts</c> are mutually exclusive.</p></item>
 
       <tag><c>{sni_fun, SNIfun::fun()}</c></tag>
       <item><p>If the server receives a SNI (Server Name Indication) from the client,
-      the given function will be called to retrive <c>ssloptions()</c> for indicated server.
+      the given function will be called to retrieve <c>ssloptions()</c> for the indicated server.
       These options will be merged into predefined <c>ssloptions()</c>.
 
       The function should be defined as:
@@ -656,22 +675,25 @@ fun(srp, Username :: string(), UserState :: term()) ->
       of resources of such an operation is higher for the server than the
       client. This can act as a vector for denial of service attacks. The SSL
       application already takes measures to counter-act such attempts,
-      but client-initiated renegotiation can be stricly disabled by setting
+      but client-initiated renegotiation can be strictly disabled by setting
       this option to <c>false</c>. The default value is <c>true</c>.
       Note that disabling renegotiation can result in long-lived connections
       becoming unusable due to limits on the number of messages the underlying
       cipher suite can encipher.
       </item>
 
-      <tag><c>{psk_identity, string()}</c></tag>
-      <item>Specifies the server identity hint the server presents to the client.
-      </item>
-      <tag><c>{log_alert, boolean()}</c></tag>
-      <item>If false, error reports will not be displayed.</item>
       <tag><c>{honor_cipher_order, boolean()}</c></tag>
       <item>If true, use the server's preference for cipher selection. If false
       (the default), use the client's preference.
       </item>
+      
+      <tag><c>{signature_algs, [{hash(), ecdsa | rsa | dsa}]}</c></tag>
+      <item><p> The algorithms specified by
+      this option will be the ones accepted by the server in a signature algorithm
+      negotiation, introduced in TLS-1.2. The algorithms will also be offered to the client if a
+      client certificate is requested. For more details see the <seealso marker="#client_signature_algs">corresponding client option</seealso>.
+      </p> </item>
+
     </taglist>
   </section>
   
@@ -770,18 +792,20 @@ fun(srp, Username :: string(), UserState :: term()) ->
     </func>
 
     <func>
-	<name>connection_info(SslSocket) ->
-	  {ok, {ProtocolVersion, CipherSuite}} | {error, Reason}</name>
-      <fsummary>Returns the Negotiated Protocol version and cipher suite.
-      </fsummary>
+      <name>close(SslSocket, How) -> ok | {ok, port()} | {error, Reason}</name>
+      <fsummary>Closes an SSL connection.</fsummary>
       <type>
-        <v>CipherSuite = ciphersuite()</v>
-        <v>ProtocolVersion = protocol()</v>
+	  <v>SslSocket = sslsocket()</v>
+	  <v>How =  timeout() | {NewController::pid(), timeout()} </v>
+	  <v>Reason = term()</v>
       </type>
-      <desc><p>Returns the Negotiated Protocol version and cipher suite.</p> 
+      <desc><p>Closes or downgrades an SSL connection. In the latter case the transport
+      connection will be handed over to the <c>NewController</c> process after receiving
+      the TLS close alert from the peer. The returned transport socket will have
+      the following options set: <c>[{active, false}, {packet, 0}, {mode, binary}]</c></p>
       </desc>
     </func>
-
+    
     <func>
       <name>controlling_process(SslSocket, NewOwner) ->
 	ok | {error, Reason}</name>
@@ -800,40 +824,36 @@ fun(srp, Username :: string(), UserState :: term()) ->
 
     <func>
       <name>connection_information(SslSocket) ->
-        {ok, Info} |  {error, Reason} </name>
+        {ok, Result} |  {error, Reason} </name>
       <fsummary>Returns all the connection information.
       </fsummary>
       <type>
-        <v>Info = [InfoTuple]</v>
-        <v>InfoTuple = {protocol, Protocol} | {cipher_suite, CipherSuite} | {sni_hostname, SNIHostname}</v>
-        <v>CipherSuite = ciphersuite()</v>
-        <v>ProtocolVersion = protocol()</v>
-        <v>SNIHostname = string()</v>
+        <v>Item = protocol | cipher_suite | sni_hostname | atom()</v>
+	<d>Meaningful atoms, not specified above, are the ssl option names.</d>
+	<v>Result = [{Item::atom(), Value::term()}]</v>
         <v>Reason = term()</v>
       </type>
-      <desc><p>Return all the connection information containing negotiated protocol version, cipher suite, and the hostname of SNI extension.
-      Info will be a proplists containing all the connection information on success, otherwise <c>{error, Reason}</c> will be returned.</p> 
+      <desc><p>Returns all relevant information about the connection, ssl options that
+      are undefined will be filtered out.</p>
       </desc>
     </func>
 
     <func>
       <name>connection_information(SslSocket, Items) ->
-        {ok, Info} |  {error, Reason} </name>
+        {ok, Result} |  {error, Reason} </name>
       <fsummary>Returns the requested connection information.
       </fsummary>
       <type>
-        <v>Items = [Item]</v>
-        <v>Item = protocol | cipher_suite | sni_hostname</v>
-        <v>Info = [InfoTuple]</v>
-        <v>InfoTuple = {protocol, Protocol} | {cipher_suite, CipherSuite} | {sni_hostname, SNIHostname}</v>
-        <v>CipherSuite = ciphersuite()</v>
-        <v>ProtocolVersion = protocol()</v>
-        <v>SNIHostname = string()</v>
+	<v>Items = [Item]</v>
+	<v>Item = protocol | cipher_suite | sni_hostname | atom()</v>
+	<d>Meaningful atoms, not specified above, are the ssl option names.</d>
+	<v>Result = [{Item::atom(), Value::term()}]</v>
         <v>Reason = term()</v>
       </type>
-      <desc><p>Returns the connection information you requested. The connection information you can request contains protocol, cipher_suite, and sni_hostname.
-      <c>{ok, Info}</c> will be returned if it executes sucessfully. The Info is a proplists containing the information you requested.
-      Otherwise, <c>{error, Reason}</c> will be returned.</p>
+      <desc><p>Returns the requested information items about the connection,
+      if they are defined.</p>
+      <note><p>If only undefined options are requested the
+      resulting list can be empty.</p></note>
       </desc>
     </func>
 
@@ -1160,7 +1180,7 @@ fun(srp, Username :: string(), UserState :: term()) ->
 	  <seealso marker="#listen-2"> listen/2</seealso>, and <seealso
 	  marker="#ssl_accept-2">ssl_accept/[1,2,3]</seealso>.
 	  For the negotiated TLS/SSL version, see <seealso
-	  marker="#connection_info-1">ssl:connection_info/1
+	  marker="#connection_information-1">ssl:connection_information/1
 	  </seealso>.</item>
   
 	  <tag><c>available</c></tag>