1 files changed, 10 insertions, 15 deletions
diff --git a/lib/ssl/src/ssl_internal.hrl b/lib/ssl/src/ssl_internal.hrl
index 0d3093c1ae..3d117a655f 100644
--- a/lib/ssl/src/ssl_internal.hrl
+++ b/lib/ssl/src/ssl_internal.hrl
@@ -32,8 +32,6 @@
 -type reply()             :: term().
 -type msg()               :: term().
 -type from()              :: term().
--type host()		  :: inet:ip_address() | inet:hostname().
--type session_id()        :: 0 | binary().
 -type certdb_ref()        :: reference().
 -type db_handle()         :: term().
 -type der_cert()          :: binary().
@@ -61,6 +59,7 @@
 
 -define(CDR_MAGIC, "GIOP").
 -define(CDR_HDR_SIZE, 12).
+-define(INTERNAL_ACTIVE_N, 100).
 
 -define(DEFAULT_TIMEOUT, 5000).
 -define(NO_DIST_POINT, "http://dummy/no_distribution_point").
@@ -123,7 +122,8 @@
 	  cert                 :: public_key:der_encoded() | secret_printout() | 'undefined',
 	  keyfile              :: binary(),
 	  key	               :: {'RSAPrivateKey' | 'DSAPrivateKey' | 'ECPrivateKey' | 'PrivateKeyInfo', 
-                                   public_key:der_encoded()} | key_map() | secret_printout() | 'undefined',
+                                   public_key:der_encoded()} | map()  %%map() -> ssl:key() how to handle dialyzer?
+                                | secret_printout() | 'undefined',
 	  password	       :: string() | secret_printout() | 'undefined',
 	  cacerts              :: [public_key:der_encoded()] | secret_printout() | 'undefined',
 	  cacertfile           :: binary(),
@@ -136,17 +136,17 @@
 	  %% Local policy for the server if it want's to reuse the session
 	  %% or not. Defaluts to allways returning true.
 	  %% fun(SessionId, PeerCert, Compression, CipherSuite) -> boolean()
-	  reuse_session,  
+	  reuse_session        :: fun() | binary() | undefined, %% Server side is a fun()
 	  %% If false sessions will never be reused, if true they
 	  %% will be reused if possible.
-	  reuse_sessions       :: boolean(),
+	  reuse_sessions       :: boolean() | save,  %% Only client side can use value save
 	  renegotiate_at,
 	  secure_renegotiate,
 	  client_renegotiation,
 	  %% undefined if not hibernating, or number of ms of
 	  %% inactivity after which ssl_connection will go into
 	  %% hibernation
-	  hibernate_after      :: timeout(),
+	  hibernate_after      :: timeout(),          
 	  %% This option should only be set to true by inet_tls_dist
 	  erl_dist = false     :: boolean(),
           alpn_advertised_protocols = undefined :: [binary()] | undefined ,
@@ -168,11 +168,15 @@
 	  crl_check                  :: boolean() | peer | best_effort, 
 	  crl_cache,
 	  signature_algs,
+	  signature_algs_cert,
 	  eccs,
+	  supported_groups,  %% RFC 8422, RFC 8446
 	  honor_ecc_order            :: boolean(),
           max_handshake_size         :: integer(),
           handshake,
           customize_hostname_check
+    %%                 ,
+      %%    save_session               :: boolean()            
          }).
 
 -record(socket_options,
@@ -193,15 +197,6 @@
 		 connection_cb
 		}).
 
--type key_map()              :: #{algorithm := rsa | dss | ecdsa,
-                                  %% engine and key_id ought to 
-                                  %% be :=, but putting it in
-                                  %% the spec gives dialyzer warning
-                                  %% of correct code!
-                                  engine => crypto:engine_ref(),
-                                  key_id => crypto:key_id(),
-                                  password => crypto:password()
-                                 }.
 -type state_name()           :: hello | abbreviated | certify | cipher | connection.
 -type gen_fsm_state_return() :: {next_state, state_name(), term()} |
 				{next_state, state_name(), term(), timeout()} |