2 files changed, 80 insertions, 11 deletions

diff --git a/lib/ssl/doc/src/notes.xml b/lib/ssl/doc/src/notes.xml
index 1e1fe0d119..a4da939d3e 100644
--- a/lib/ssl/doc/src/notes.xml
+++ b/lib/ssl/doc/src/notes.xml
@@ -30,7 +30,53 @@
   </header>
   <p>This document describes the changes made to the SSL application.</p>
   
-  <section><title>SSL 5.0</title>
+  <section><title>SSL 5.0.1</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+          <p>
+	    Robustness and improvement to distribution over SSL</p>
+          <p>
+	    Fix a bug where ssl_tls_dist_proxy would crash at caller
+	    timeout. Fix a bug where a timeout from the SSL layer
+	    would block the distribution indefinately. Run the proxy
+	    exclusively on the loopback interface. (Thanks to Paul
+	    Guyot)</p>
+          <p>
+	    Own Id: OTP-9915</p>
+        </item>
+        <item>
+          <p>
+	    Fix setup loop of SSL TLS dist proxy</p>
+          <p>
+	    Fix potential leak of processes waiting indefinately for
+	    data from closed sockets during socket setup phase.
+	    (Thanks to Paul Guyot)</p>
+          <p>
+	    Own Id: OTP-9916</p>
+        </item>
+        <item>
+          <p>
+	    Correct spelling of registered (Thanks to Richard
+	    Carlsson)</p>
+          <p>
+	    Own Id: OTP-9925</p>
+        </item>
+        <item>
+          <p>
+	    Added TLS PRF function to the SSL API for generation of
+	    additional key material from a TLS session. (Thanks to
+	    Andreas Schultz)</p>
+          <p>
+	    Own Id: OTP-10024</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
+<section><title>SSL 5.0</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
       <list>
diff --git a/lib/ssl/doc/src/ssl.xml b/lib/ssl/doc/src/ssl.xml
index 50268ae206..28bf82b406 100644
--- a/lib/ssl/doc/src/ssl.xml
+++ b/lib/ssl/doc/src/ssl.xml
@@ -4,7 +4,7 @@
 <erlref>
   <header>
     <copyright>
-      <year>1999</year><year>2011</year>
+      <year>1999</year><year>2012</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -62,8 +62,8 @@
     </c></p>
 
     <p>For valid options
-      see <seealso marker="kernel:inet">inet(3) </seealso> and
-      <seealso marker="kernel:gen_tcp">gen_tcp(3) </seealso>.
+      see <seealso marker="kernel:inet">inet(3)</seealso> and
+      <seealso marker="kernel:gen_tcp">gen_tcp(3)</seealso>.
     </p>
     
     <p> <c>ssloption() = {verify, verify_type()} |
@@ -122,6 +122,9 @@
    <p> <c>hash() = md5 | sha
     </c></p>
 
+    <p><c>prf_random() =  client_random | server_random
+    </c></p>
+
   </section>
 
   <section>
@@ -190,13 +193,13 @@
       </item>
 
       <tag>{depth, integer()}</tag>
-      <item>Specifies the maximum
-      verification depth, i.e. how far in a chain of certificates the
-      verification process can proceed before the verification is
-      considered to fail. Peer certificate = 0, CA certificate = 1,
-      higher level CA certificate = 2, etc.  The value 2 thus means
-      that a chain can at most contain peer cert, CA cert, next CA
-      cert, and an additional CA cert. The default value is 1.
+      <item>
+	The depth is the maximum number of non-self-issued
+	intermediate certificates that may follow the peer certificate
+	in a valid certification path.  So if depth is 0 the PEER must
+	be signed by the trusted ROOT-CA directly, if 1 the path can
+	be PEER, CA, ROOT-CA, if it is 2 PEER, CA, CA, ROOT-CA and so
+	on.  The default value is 1.
       </item>
 
       <tag>{verify_fun, {Verifyfun :: fun(), InitialUserState :: term()}}</tag>
@@ -561,6 +564,26 @@ fun(OtpCert :: #'OTPCertificate'{}, Event :: {bad_cert, Reason :: atom()} |
     </func>
     
     <func>
+      <name>prf(Socket, Secret, Label, Seed, WantedLength) -> {ok, binary()} | {error, reason()}</name>
+      <fsummary>Use a sessions pseudo random function to generate key material.</fsummary>
+      <type>
+	<v>Socket = sslsocket()</v>
+	<v>Secret = binary() | master_secret</v>
+	<v>Label = binary()</v>
+	<v>Seed = [binary() | prf_random()]</v>
+	<v>WantedLength = non_neg_integer()</v>
+      </type>
+      <desc>
+        <p>Use the pseudo random function (PRF) of a TLS session to generate
+	  additional key material. It either takes user generated values for
+	  <c>Secret</c> and <c>Seed</c> or atoms directing it use a specific
+	  value from the session security parameters.</p>
+        <p>This function can only be used with TLS connections, <c>{error, undefined}</c>
+	  is returned for SSLv3 connections.</p>
+      </desc>
+    </func>
+
+    <func>
       <name>renegotiate(Socket) -> ok | {error, Reason}</name>
       <fsummary> Initiates a new handshake.</fsummary>
       <type>