1 files changed, 40 insertions, 33 deletions
diff --git a/lib/ssl/src/ssl_internal.hrl b/lib/ssl/src/ssl_internal.hrl
index 9bb1cbaeb0..ddd7a8eb7b 100644
--- a/lib/ssl/src/ssl_internal.hrl
+++ b/lib/ssl/src/ssl_internal.hrl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2007-2017. All Rights Reserved.
+%% Copyright Ericsson AB 2007-2018. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
@@ -27,14 +27,12 @@
 
 -define(SECRET_PRINTOUT, "***").
 
--type reason()            :: term().
--type reply()             :: term().
--type msg()               :: term().
--type from()              :: term().
--type host()		  :: inet:ip_address() | inet:hostname().
--type session_id()        :: 0 | binary().
+-type reason()            :: any().
+-type reply()             :: any().
+-type msg()               :: any().
+-type from()              :: any().
 -type certdb_ref()        :: reference().
--type db_handle()         :: term().
+-type db_handle()         :: any().
 -type der_cert()          :: binary().
 -type issuer()            :: tuple().
 -type serialnumber()      :: integer().
@@ -60,6 +58,7 @@
 
 -define(CDR_MAGIC, "GIOP").
 -define(CDR_HDR_SIZE, 12).
+-define(INTERNAL_ACTIVE_N, 100).
 
 -define(DEFAULT_TIMEOUT, 5000).
 -define(NO_DIST_POINT, "http://dummy/no_distribution_point").
@@ -73,6 +72,7 @@
 %% sslv3 is considered insecure due to lack of padding check (Poodle attack)
 %% Keep as interop with legacy software but do not support as default 
 -define(ALL_AVAILABLE_VERSIONS, ['tlsv1.2', 'tlsv1.1', tlsv1, sslv3]).
+-define(ALL_AVAILABLE_DATAGRAM_VERSIONS, ['dtlsv1.2', dtlsv1]).
 -define(ALL_SUPPORTED_VERSIONS, ['tlsv1.2', 'tlsv1.1', tlsv1]).
 -define(MIN_SUPPORTED_VERSIONS, ['tlsv1.1', tlsv1]).
 -define(ALL_DATAGRAM_SUPPORTED_VERSIONS, ['dtlsv1.2', dtlsv1]).
@@ -82,25 +82,26 @@
 -define('24H_in_sec', 86400).
 
 -record(ssl_options, {
-	  protocol    :: tls | dtls,
-	  versions    :: [ssl_record:ssl_version()], %% ssl_record:atom_version() in API
-	  verify      :: verify_none | verify_peer,
+	  protocol    :: tls | dtls | 'undefined',
+	  versions    :: [ssl_record:ssl_version()] | 'undefined', %% ssl_record:atom_version() in API
+	  verify      :: verify_none | verify_peer | 'undefined',
 	  verify_fun,  %%:: fun(CertVerifyErrors::term()) -> boolean(),
-	  partial_chain       :: fun(),
-	  fail_if_no_peer_cert ::  boolean(),
-	  verify_client_once   ::  boolean(),
+	  partial_chain       :: fun() | 'undefined',
+	  fail_if_no_peer_cert ::  boolean() | 'undefined',
+	  verify_client_once   ::  boolean() | 'undefined',
 	  %% fun(Extensions, State, Verify, AccError) ->  {Extensions, State, AccError}
 	  validate_extensions_fun, 
-	  depth                :: integer(),
-	  certfile             :: binary(),
+	  depth                :: integer() | 'undefined',
+	  certfile             :: binary() | 'undefined',
 	  cert                 :: public_key:der_encoded() | secret_printout() | 'undefined',
-	  keyfile              :: binary(),
-	  key	               :: {'RSAPrivateKey' | 'DSAPrivateKey' | 'ECPrivateKey' | 'PrivateKeyInfo', 
-                                   public_key:der_encoded()} | key_map() | secret_printout() | 'undefined',
+	  keyfile              :: binary() | 'undefined',
+	  key	               :: {'RSAPrivateKey' | 'DSAPrivateKey' | 'ECPrivateKey' | 'PrivateKeyInfo' | 'undefined',
+                                   public_key:der_encoded()} | map()  %%map() -> ssl:key() how to handle dialyzer?
+                                | secret_printout() | 'undefined',
 	  password	       :: string() | secret_printout() | 'undefined',
 	  cacerts              :: [public_key:der_encoded()] | secret_printout() | 'undefined',
-	  cacertfile           :: binary(),
-	  dh                   :: public_key:der_encoded() | secret_printout(),
+	  cacertfile           :: binary() | 'undefined',
+	  dh                   :: public_key:der_encoded() | secret_printout() | 'undefined',
 	  dhfile               :: binary() | secret_printout() | 'undefined',
 	  user_lookup_fun,  % server option, fun to lookup the user
 	  psk_identity         :: binary() | secret_printout() | 'undefined',
@@ -109,26 +110,26 @@
 	  %% Local policy for the server if it want's to reuse the session
 	  %% or not. Defaluts to allways returning true.
 	  %% fun(SessionId, PeerCert, Compression, CipherSuite) -> boolean()
-	  reuse_session,  
+	  reuse_session        :: fun() | binary() | undefined, %% Server side is a fun()
 	  %% If false sessions will never be reused, if true they
 	  %% will be reused if possible.
-	  reuse_sessions       :: boolean(),
+	  reuse_sessions       :: boolean() | save | 'undefined',  %% Only client side can use value save
 	  renegotiate_at,
 	  secure_renegotiate,
 	  client_renegotiation,
 	  %% undefined if not hibernating, or number of ms of
 	  %% inactivity after which ssl_connection will go into
 	  %% hibernation
-	  hibernate_after      :: timeout(),
+	  hibernate_after      :: timeout() | 'undefined',
 	  %% This option should only be set to true by inet_tls_dist
 	  erl_dist = false     :: boolean(),
-          alpn_advertised_protocols = undefined :: [binary()] | undefined ,
+          alpn_advertised_protocols = undefined :: [binary()] | undefined,
           alpn_preferred_protocols = undefined  :: [binary()] | undefined,
 	  next_protocols_advertised = undefined :: [binary()] | undefined,
 	  next_protocol_selector = undefined,  %% fun([binary()]) -> binary())
 	  log_alert             :: boolean(),
 	  server_name_indication = undefined,
-	  sni_hosts  :: [{inet:hostname(), [tuple()]}],
+	  sni_hosts  :: [{inet:hostname(), [tuple()]}] | 'undefined',
 	  sni_fun :: function() | undefined,
 	  %% Should the server prefer its own cipher order over the one provided by
 	  %% the client?
@@ -138,13 +139,16 @@
 	  %%mitigation entirely?
 	  beast_mitigation = one_n_minus_one :: one_n_minus_one | zero_n | disabled,
 	  fallback = false           :: boolean(),
-	  crl_check                  :: boolean() | peer | best_effort, 
+	  crl_check                  :: boolean() | peer | best_effort | 'undefined',
 	  crl_cache,
 	  signature_algs,
 	  eccs,
 	  honor_ecc_order            :: boolean(),
-	  v2_hello_compatible        :: boolean(),
-          max_handshake_size         :: integer()
+          max_handshake_size         :: integer(),
+          handshake,
+          customize_hostname_check
+    %%                 ,
+      %%    save_session               :: boolean()            
          }).
 
 -record(socket_options,
@@ -159,7 +163,7 @@
 -record(config, {ssl,               %% SSL parameters
 		 inet_user,         %% User set inet options
 		 emulated,          %% Emulated option list or "inherit_tracker" pid
-		 udp_handler,
+		 dtls_handler,
 		 inet_ssl,          %% inet options for internal ssl socket
 		 transport_info,                 %% Callback info
 		 connection_cb
@@ -175,9 +179,12 @@
                                   password => crypto:password()
                                  }.
 -type state_name()           :: hello | abbreviated | certify | cipher | connection.
--type gen_fsm_state_return() :: {next_state, state_name(), term()} |
-				{next_state, state_name(), term(), timeout()} |
-				{stop, term(), term()}.
+
+-type gen_fsm_state_return() :: {next_state, state_name(), any()} |
+				{next_state, state_name(), any(), timeout()} |
+				{stop, any(), any()}.
+-type ssl_options()          :: #ssl_options{}.
+
 -endif. % -ifdef(ssl_internal).