3 files changed, 59 insertions, 7 deletions

diff --git a/lib/ssl/doc/src/notes.xml b/lib/ssl/doc/src/notes.xml
index e090b4e1ef..5df2632149 100644
--- a/lib/ssl/doc/src/notes.xml
+++ b/lib/ssl/doc/src/notes.xml
@@ -30,7 +30,59 @@
   </header>
   <p>This document describes the changes made to the SSL application.</p>
   
-  <section>
+  <section><title>SSL 4.1.6</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+          <p>
+	    replace "a ssl" with "an ssl" reindent
+	    pkix_path_validation/3 Trivial documentation fixes
+	    (Thanks to Christian von Roques )</p>
+          <p>
+	    Own Id: OTP-9464</p>
+        </item>
+      </list>
+    </section>
+
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    Adds function clause to avoid denial of service attack.
+	    Thanks to Vinod for reporting this vulnerability.</p>
+          <p>
+	    Own Id: OTP-9364</p>
+        </item>
+        <item>
+          <p>
+	    Error handling code now takes care of inet:getopts/2 and
+	    inets:setopts/2 crashes. Thanks to Richard Jones for
+	    reporting this.</p>
+          <p>
+	    Own Id: OTP-9382</p>
+        </item>
+        <item>
+          <p>
+	    Support explicit use of packet option httph and httph_bin</p>
+          <p>
+	    Own Id: OTP-9461</p>
+        </item>
+        <item>
+          <p>
+	    Decoding of hello extensions could fail to come to the
+	    correct conclusion due to an error in a binary match
+	    pattern. Thanks to Ben Murphy.</p>
+          <p>
+	    Own Id: OTP-9589</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
+<section>
     <title>SSL 4.1.5</title>
     
     <section><title>Improvements and New Features</title>
diff --git a/lib/ssl/doc/src/ssl.xml b/lib/ssl/doc/src/ssl.xml
index 66d2644b76..70122e4393 100644
--- a/lib/ssl/doc/src/ssl.xml
+++ b/lib/ssl/doc/src/ssl.xml
@@ -647,10 +647,10 @@ fun(OtpCert :: #'OTPCertificate'{}, Event :: {bad_cert, Reason :: atom()} |
         <p> Upgrades a gen_tcp, or
 	  equivalent, socket to an ssl socket i.e. performs the
 	ssl server-side handshake.</p>
-	<p><warning>Note that the listen socket should be in {active, false} mode
+	<warning><p>Note that the listen socket should be in {active, false} mode
 	before telling the client that the server is ready to upgrade
 	and calling this function, otherwise the upgrade may
-	or may not succeed depending on timing.</warning></p>
+	or may not succeed depending on timing.</p></warning>
       </desc>
     </func>
     
diff --git a/lib/ssl/doc/src/ssl_distribution.xml b/lib/ssl/doc/src/ssl_distribution.xml
index a2c7370ddc..4ae4ead3ee 100644
--- a/lib/ssl/doc/src/ssl_distribution.xml
+++ b/lib/ssl/doc/src/ssl_distribution.xml
@@ -175,7 +175,7 @@ Eshell V5.0  (abort with ^G)
 
     <p>One can specify the simpler SSL options certfile, keyfile,
     password, cacertfile, verify, reuse_sessions,
-    secure_renegotiation, depth, hibernate_after and ciphers (use old
+    secure_renegotiate, depth, hibernate_after and ciphers (use old
     string format) by adding the prefix server_ or client_ to the
     option name. The server can also take the options dhfile and
     fail_if_no_peer_cert (also prefixed).
@@ -201,7 +201,7 @@ Eshell V5.0  (abort with ^G)
     <code type="none">
 $ erl -boot /home/me/ssl/start_ssl -proto_dist inet_tls
   -ssl_dist_opt server_certfile "/home/me/ssl/erlserver.pem" 
-  -ssl_dist_opt server_secure_renegotiation true client_secure_renegotiate true
+  -ssl_dist_opt server_secure_renegotiate true client_secure_renegotiate true
   -sname ssl_test
 Erlang (BEAM) emulator version 5.0 [source]
  
@@ -224,7 +224,7 @@ Eshell V5.0  (abort with ^G)
     <code type="none">
 $ ERL_FLAGS="-boot /home/me/ssl/start_ssl -proto_dist inet_tls
   -ssl_dist_opt server_certfile /home/me/ssl/erlserver.pem
-  -ssl_dist_opt server_secure_renegotiation true client_secure_renegotiate true"
+  -ssl_dist_opt server_secure_renegotiate true client_secure_renegotiate true"
 $ export ERL_FLAGS
 $ erl -sname ssl_test
 Erlang (BEAM) emulator version 5.0 [source]
@@ -237,7 +237,7 @@ Eshell V5.0  (abort with ^G)
  {boot,["/home/me/ssl/start_ssl"]},
  {proto_dist,["inet_tls"]},
  {ssl_dist_opt,["server_certfile","/home/me/ssl/erlserver.pem"]},
- {ssl_dist_opt,["server_secure_renegotiation","true",
+ {ssl_dist_opt,["server_secure_renegotiate","true",
                 "client_secure_renegotiate","true"]
  {home,["/home/me"]}]    </code>
     <p>The <c>init:get_arguments()</c> call verifies that the correct