4 files changed, 114 insertions, 12 deletions

diff --git a/lib/ssl/doc/src/notes.xml b/lib/ssl/doc/src/notes.xml
index 6c01954010..49bbd5d27d 100644
--- a/lib/ssl/doc/src/notes.xml
+++ b/lib/ssl/doc/src/notes.xml
@@ -30,7 +30,54 @@
   </header>
   <p>This document describes the changes made to the SSL application.</p>
   
-  <section><title>SSL 5.1</title>
+  <section><title>SSL 5.1.2</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+          <p>
+	    ssl:ssl_accept/2 timeout is no longer ignored</p>
+          <p>
+	    Own Id: OTP-10600</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
+<section><title>SSL 5.1.1</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+          <p>
+	    ssl:recv/3 could "loose" data when the timeout occurs. If
+	    the timout in ssl:connect or ssl:ssl_accept expired the
+	    ssl connection process was not terminated as it should,
+	    this due to gen_fsm:send_all_state_event timout is a
+	    client side time out. These timouts are now handled by
+	    the gen_fsm-procss instead.</p>
+          <p>
+	    Own Id: OTP-10569</p>
+        </item>
+      </list>
+    </section>
+
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    Better termination handling that avoids hanging.</p>
+          <p>
+	    Own Id: OTP-10574</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
+<section><title>SSL 5.1</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
       <list>
diff --git a/lib/ssl/doc/src/ssl.xml b/lib/ssl/doc/src/ssl.xml
index 5098d26a3a..e45a4c774f 100644
--- a/lib/ssl/doc/src/ssl.xml
+++ b/lib/ssl/doc/src/ssl.xml
@@ -36,8 +36,8 @@
 
     <list type="bulleted">
       <item>ssl requires the crypto and public_key applications.</item>
-      <item>Supported SSL/TLS-versions are SSL-3.0 and TLS-1.0, experimental
-      support for TLS-1.1 and TLS-1.2 is also available (no support for elliptic curve cipher suites yet).</item>
+      <item>Supported SSL/TLS-versions are SSL-3.0, TLS-1.0,
+      TLS-1.1 and TLS-1.2 (no support for elliptic curve cipher suites yet).</item>
       <item>For security reasons sslv2 is not supported.</item>
       <item>Ephemeral Diffie-Hellman cipher suites are supported
       but not Diffie Hellman Certificates cipher suites.</item>
@@ -79,7 +79,9 @@
       {keyfile, path()} | {password, string()} |
       {cacerts, [der_encoded()]} | {cacertfile, path()} |
       |{dh, der_encoded()} | {dhfile, path()} | {ciphers, ciphers()} |
-      {ssl_imp, ssl_imp()}| {reuse_sessions, boolean()} | {reuse_session, fun()}
+      {ssl_imp, ssl_imp()} | {reuse_sessions, boolean()} | {reuse_session, fun()}
+      {next_protocols_advertised, list(binary()} |
+      {client_preferred_next_protocols, binary(), client | server, list(binary())}
     </c></p>
 
     <p><c>transportoption() = {CallbackModule, DataTag, ClosedTag}
@@ -301,8 +303,29 @@ fun(OtpCert :: #'OTPCertificate'{}, Event :: {bad_cert, Reason :: atom()} |
       when possible.
       </item>
 
+      <tag>{client_preferred_next_protocols,  Precedence:: server | client, ClientPrefs::[binary()]}
+           {client_preferred_next_protocols,  Precedence:: server | client, ClientPrefs::[binary()] , Default :: binary()}}</tag>
+
+	   <item> <p>Indicates the client will try to perform Next Protocol
+	   Negotiation.</p>
+
+	    <p>If precedence is server the negaotiated protocol will be the
+	   first protocol that appears on the server advertised list that is
+	   also on the clients preference list.</p>
+
+	   <p>If the precedence is client the negaotiated protocol will be the
+	   first protocol that appears on the clients preference list that is
+	   also on the server advertised list.</p>
+
+	  <p> If the client does not support any of the servers advertised
+	   protocols or the server does not advertise any protocols the
+	   client will fallback to the first protocol in its list or if a
+	   default is supplied it will fallback to that instead. If the
+	   server does not support next protocol renegotiation the
+	   connection will be aborted if no default protocol is supplied.</p>
+	   </item>
     </taglist>
-  </section>
+   </section>
 
   <section>
     <title>SSL OPTION DESCRIPTIONS - SERVER SIDE</title>
@@ -353,6 +376,14 @@ fun(OtpCert :: #'OTPCertificate'{}, Event :: {bad_cert, Reason :: atom()} |
       SuggestedSessionId is a binary(),  PeerCert is a DER encoded
       certificate, Compression is an enumeration integer
       and CipherSuite is of type ciphersuite().
+    </item>
+
+      <tag>{next_protocols_advertised, Protocols :: list(binary())}</tag>
+      <item>The list of protocols to send to the client if the client indicates
+      it supports the Next Protocol extension. The client may select a protocol
+      that is not on this list. The list of protocols must not contain an empty
+      binary. If the server negotiates a Next Protocol it can be accessed
+      using <c>negotiated_next_protocol/1</c> method.
       </item>
 
     </taglist>
@@ -766,8 +797,23 @@ fun(OtpCert :: #'OTPCertificate'{}, Event :: {bad_cert, Reason :: atom()} |
 	  ssl application.</p>
       </desc>
     </func>
+    <func>
+      <name>negotiated_next_protocol(Socket) -> {ok, Protocol} | {error, next_protocol_not_negotiated}</name>
+      <fsummary>Returns the Next Protocol negotiated.</fsummary>
+      <type>
+        <v>Socket = sslsocket()</v>
+        <v>Protocol = binary()</v>
+      </type>
+      <desc>
+        <p>
+          Returns the Next Protocol negotiated.
+        </p>
+      </desc>
+    </func>
+
+
   </funcs> 
-      
+
   <section>
     <title>SEE ALSO</title>
     <p><seealso marker="kernel:inet">inet(3) </seealso> and 
diff --git a/lib/ssl/doc/src/ssl_app.xml b/lib/ssl/doc/src/ssl_app.xml
index 2ba6f48611..178bbcaebb 100644
--- a/lib/ssl/doc/src/ssl_app.xml
+++ b/lib/ssl/doc/src/ssl_app.xml
@@ -1,4 +1,4 @@
-<?xml version="1.0" encoding="latin1" ?>
+<?xml version="1.0" encoding="iso-8859-1" ?>
 <!DOCTYPE appref SYSTEM "appref.dtd">
 
 <appref>
@@ -29,7 +29,17 @@
   sockets.</appsummary>
 
   <section>
-    <title>Environment</title>
+    <title>DEPENDENCIES</title>
+    <p>The ssl application uses the Erlang applications public_key and
+    crypto to handle public keys and encryption, hence these
+    applications needs to be loaded for the ssl application to work. In
+    an embedded environment that means they need to be started with
+    application:start/[1,2] before the ssl application is started.
+    </p>
+  </section>
+
+  <section>
+    <title>ENVIRONMENT</title>
     <p>The following application environment configuration parameters
       are defined for the SSL application. Refer to application(3) for
       more information about configuration parameters.
diff --git a/lib/ssl/doc/src/ssl_protocol.xml b/lib/ssl/doc/src/ssl_protocol.xml
index 17268a634d..f540dc999b 100644
--- a/lib/ssl/doc/src/ssl_protocol.xml
+++ b/lib/ssl/doc/src/ssl_protocol.xml
@@ -4,7 +4,7 @@
 <chapter>
   <header>
     <copyright>
-      <year>2003</year><year>2011</year>
+      <year>2003</year><year>2012</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -25,9 +25,8 @@
     <file>ssl_protocol.xml</file>
   </header>
   
-  <p>The erlang SSL application currently supports SSL 3.0 and TLS 1.0
-  RFC 2246, and will in the future also support later versions of TLS.
-  SSL 2.0 is not supported.
+  <p>The erlang SSL application currently implements the protocol SSL/TLS
+  for currently supported versions see <seealso marker="ssl">ssl(3)</seealso>
   </p>
 
   <p>By default erlang SSL is run over the TCP/IP protocol even