3 files changed, 63 insertions, 24 deletions

diff --git a/lib/ssl/doc/src/notes.xml b/lib/ssl/doc/src/notes.xml
index 299850333d..a61f52b809 100644
--- a/lib/ssl/doc/src/notes.xml
+++ b/lib/ssl/doc/src/notes.xml
@@ -26,7 +26,35 @@
   </header>
   <p>This document describes the changes made to the SSL application.</p>
   
-  <section><title>SSL 5.2</title>
+  <section><title>SSL 5.2.1</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    Transport callback handling is changed so that gen_tcp is
+	    treated as a special case where inet will be called
+	    directly for functions such as setopts, as gen_tcp does
+	    not have its own setopts. This will enable users to use
+	    the transport callback for other customizations such as
+	    websockets.</p>
+          <p>
+	    Own Id: OTP-10847</p>
+        </item>
+        <item>
+          <p>
+	    Follow up to OTP-10451 solved in ssl-5.2 R16A. Make sure
+	    format_error return good strings. Replace confusing
+	    legacy atoms with more descriptive atoms.</p>
+          <p>
+	    Own Id: OTP-10864</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
+<section><title>SSL 5.2</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
       <list>
diff --git a/lib/ssl/doc/src/ssl.xml b/lib/ssl/doc/src/ssl.xml
index e45a4c774f..e9858a3220 100644
--- a/lib/ssl/doc/src/ssl.xml
+++ b/lib/ssl/doc/src/ssl.xml
@@ -4,7 +4,7 @@
 <erlref>
   <header>
     <copyright>
-      <year>1999</year><year>2012</year>
+      <year>1999</year><year>2013</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -80,14 +80,17 @@
       {cacerts, [der_encoded()]} | {cacertfile, path()} |
       |{dh, der_encoded()} | {dhfile, path()} | {ciphers, ciphers()} |
       {ssl_imp, ssl_imp()} | {reuse_sessions, boolean()} | {reuse_session, fun()}
-      {next_protocols_advertised, list(binary()} |
-      {client_preferred_next_protocols, binary(), client | server, list(binary())}
+      {next_protocols_advertised, [binary()]} |
+      {client_preferred_next_protocols, client | server, [binary()]}
     </c></p>
 
-    <p><c>transportoption() = {CallbackModule, DataTag, ClosedTag}
-	- defaults to {gen_tcp, tcp, tcp_closed}. Ssl may be
-	run over any reliable transport protocol that has
-	an equivalent API to gen_tcp's.</c></p>
+    <p><c>transportoption() = {cb_info, {CallbackModule::atom(), DataTag::atom(), ClosedTag::atom(), ErrTag:atom()}}
+	- defaults to {gen_tcp, tcp, tcp_closed, tcp_error}. Can be used to customize
+	the transport layer. The callback module must implement a reliable transport
+	protocol and behave as gen_tcp and in addition have functions corresponding to
+	inet:setopts/2, inet:getopts/2, inet:peername/1, inet:sockname/1 and inet:port/1.
+	The callback gen_tcp is treated specially and will call inet directly.
+    </c></p>
     
     <p><c>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; CallbackModule =
 	atom()</c>
@@ -275,11 +278,18 @@ fun(OtpCert :: #'OTPCertificate'{}, Event :: {bad_cert, Reason :: atom()} |
 <p> {bad_cert, cert_expired}, {bad_cert, invalid_issuer}, {bad_cert, invalid_signature}, {bad_cert, unknown_ca},{bad_cert, selfsigned_peer}, {bad_cert, name_not_permitted}, {bad_cert, missing_basic_constraint}, {bad_cert, invalid_key_usage}</p>
       </item>
 
+      <tag>{versions, [protocol()]}</tag>
+      <item>TLS protocol versions that will be supported by started clients and servers.
+      This option overrides the application environment option <c>protocol_version</c>. If the
+      environment option is not set it defaults to all versions supported by the SSL application. See also
+      <seealso marker="ssl:ssl_app">ssl(6)</seealso>
+      </item>
+
       <tag>{hibernate_after, integer()|undefined}</tag>
-      <item>When an integer-value is specified, the <code>ssl_connection</code>
+      <item>When an integer-value is specified, the <c>ssl_connection</c>
             will go into hibernation after the specified number of milliseconds
             of inactivity, thus reducing its memory footprint. When
-            <code>undefined</code> is specified (this is the default), the process
+            <c>undefined</c> is specified (this is the default), the process
             will never go into hibernation.
       </item>
     </taglist>
@@ -303,25 +313,25 @@ fun(OtpCert :: #'OTPCertificate'{}, Event :: {bad_cert, Reason :: atom()} |
       when possible.
       </item>
 
-      <tag>{client_preferred_next_protocols,  Precedence:: server | client, ClientPrefs::[binary()]}
-           {client_preferred_next_protocols,  Precedence:: server | client, ClientPrefs::[binary()] , Default :: binary()}}</tag>
-
-	   <item> <p>Indicates the client will try to perform Next Protocol
+      <tag>{client_preferred_next_protocols, Precedence :: server | client, ClientPrefs :: [binary()]}</tag>
+      <tag>{client_preferred_next_protocols, Precedence :: server | client, ClientPrefs :: [binary()], Default :: binary()}</tag>
+	   <item>
+	   <p>Indicates the client will try to perform Next Protocol
 	   Negotiation.</p>
 
-	    <p>If precedence is server the negaotiated protocol will be the
+	   <p>If precedence is server the negotiated protocol will be the
 	   first protocol that appears on the server advertised list that is
-	   also on the clients preference list.</p>
+	   also on the client preference list.</p>
 
-	   <p>If the precedence is client the negaotiated protocol will be the
-	   first protocol that appears on the clients preference list that is
+	   <p>If precedence is client the negotiated protocol will be the
+	   first protocol that appears on the client preference list that is
 	   also on the server advertised list.</p>
 
-	  <p> If the client does not support any of the servers advertised
+	   <p>If the client does not support any of the server advertised
 	   protocols or the server does not advertise any protocols the
 	   client will fallback to the first protocol in its list or if a
 	   default is supplied it will fallback to that instead. If the
-	   server does not support next protocol renegotiation the
+	   server does not support Next Protocol Negotiation the
 	   connection will be aborted if no default protocol is supplied.</p>
 	   </item>
     </taglist>
@@ -378,7 +388,7 @@ fun(OtpCert :: #'OTPCertificate'{}, Event :: {bad_cert, Reason :: atom()} |
       and CipherSuite is of type ciphersuite().
     </item>
 
-      <tag>{next_protocols_advertised, Protocols :: list(binary())}</tag>
+      <tag>{next_protocols_advertised, Protocols :: [binary()]}</tag>
       <item>The list of protocols to send to the client if the client indicates
       it supports the Next Protocol extension. The client may select a protocol
       that is not on this list. The list of protocols must not contain an empty
diff --git a/lib/ssl/doc/src/ssl_app.xml b/lib/ssl/doc/src/ssl_app.xml
index 84ad483617..0ee5b23e47 100644
--- a/lib/ssl/doc/src/ssl_app.xml
+++ b/lib/ssl/doc/src/ssl_app.xml
@@ -41,8 +41,9 @@
   <section>
     <title>ENVIRONMENT</title>
     <p>The following application environment configuration parameters
-      are defined for the SSL application. Refer to application(3) for
-      more information about configuration parameters.
+    are defined for the SSL application. See <seealso
+    marker="kernel:application">application(3)</seealso>for more
+    information about configuration parameters.
       </p>
     <p>Note that the environment parameters can be set on the command line,
       for instance,</p>
@@ -87,7 +88,7 @@
 
   <section>
     <title>SEE ALSO</title>
-    <p>application(3)</p>
+	<p><seealso marker="kernel:application">application(3)</seealso></p>
   </section>
   
 </appref>