diff options
Diffstat (limited to 'lib/ssl/doc/src')
| -rw-r--r-- | lib/ssl/doc/src/notes.xml | 64 | ||||
| -rw-r--r-- | lib/ssl/doc/src/ssl.xml | 15 |
2 files changed, 76 insertions, 3 deletions
diff --git a/lib/ssl/doc/src/notes.xml b/lib/ssl/doc/src/notes.xml index 692d7fd0e1..fb32ccec7b 100644 --- a/lib/ssl/doc/src/notes.xml +++ b/lib/ssl/doc/src/notes.xml @@ -25,7 +25,69 @@ <file>notes.xml</file> </header> <p>This document describes the changes made to the SSL application.</p> - <section><title>SSL 5.3.1</title> + <section><title>SSL 5.3.2</title> + + <section><title>Fixed Bugs and Malfunctions</title> + <list> + <item> + <p> + Honors the clients advertised support of elliptic curves + and no longer sends incorrect elliptic curve extension in + server hello.</p> + <p> + Own Id: OTP-11370</p> + </item> + <item> + <p> + Fix initialization of DTLS fragment reassembler, in + previously contributed code, for future support of DTLS . + Thanks to Andreas Schultz.</p> + <p> + Own Id: OTP-11376</p> + </item> + <item> + <p> + Corrected type error in client_preferred_next_protocols + documentation. Thanks to Julien Barbot.</p> + <p> + Own Id: OTP-11457</p> + </item> + </list> + </section> + + + <section><title>Improvements and New Features</title> + <list> + <item> + <p> + TLS code has been refactored to prepare for future DTLS + support. Also some DTLS code is in place but not yet + runnable, some of it contributed by Andreas Schultz and + some of it written by the OTP team. Thanks to to Andreas + for his participation.</p> + <p> + Own Id: OTP-11292</p> + </item> + <item> + <p> + Remove extraneous dev debug code left in the close + function. Thanks to Ken Key.</p> + <p> + Own Id: OTP-11447</p> + </item> + <item> + <p> + Add SSL Server Name Indication (SNI) client support. + Thanks to Julien Barbot.</p> + <p> + Own Id: OTP-11460</p> + </item> + </list> + </section> + +</section> + +<section><title>SSL 5.3.1</title> <section><title>Fixed Bugs and Malfunctions</title> <list> diff --git a/lib/ssl/doc/src/ssl.xml b/lib/ssl/doc/src/ssl.xml index 28970f9aa8..80ef419fb7 100644 --- a/lib/ssl/doc/src/ssl.xml +++ b/lib/ssl/doc/src/ssl.xml @@ -52,6 +52,8 @@ <item>CRL and policy certificate extensions are not supported yet. However CRL verification is supported by public_key, only not integrated in ssl yet. </item> + <item>Support for 'Server Name Indication' extension client side + (RFC 6066 section 3).</item> </list> </section> @@ -74,7 +76,7 @@ <seealso marker="kernel:gen_tcp">gen_tcp(3)</seealso>. </p> - <p> <c>ssloption() = {verify, verify_type()} | + <p><marker id="type-ssloption"></marker><c>ssloption() = {verify, verify_type()} | {verify_fun, {fun(), term()}} | {fail_if_no_peer_cert, boolean()} {depth, integer()} | @@ -87,7 +89,7 @@ {ssl_imp, ssl_imp()} | {reuse_sessions, boolean()} | {reuse_session, fun()} {next_protocols_advertised, [binary()]} | {client_preferred_next_protocols, {client | server, [binary()]} | {client | server, [binary()], binary()}} | - {log_alert, boolean()} + {log_alert, boolean()} | {server_name_indication, hostname() | disable} </c></p> <p><c>transportoption() = {cb_info, {CallbackModule::atom(), DataTag::atom(), ClosedTag::atom(), ErrTag:atom()}} @@ -382,6 +384,15 @@ fun(srp, Username :: string(), UserState :: term()) -> <tag>{srp_identity, {Username :: string(), Password :: string()}</tag> <item>Specifies the Username and Password to use to authenticate to the server. </item> + <tag>{server_name_indication, hostname()}</tag> + <tag>{server_name_indication, disable}</tag> + <item> + <p>This option can be specified when upgrading a TCP socket to a TLS + socket to use the TLS Server Name Indication extension.</p> + <p>When starting a TLS connection without upgrade the Server Name + Indication extension will be sent if possible, this option may also be + used to disable that behavior.</p> + </item> </taglist> </section> |