9 files changed, 143 insertions, 69 deletions
diff --git a/lib/ssl/src/Makefile b/lib/ssl/src/Makefile
index dc69b53b28..f99dd8559e 100644
--- a/lib/ssl/src/Makefile
+++ b/lib/ssl/src/Makefile
@@ -37,6 +37,9 @@ RELSYSDIR = $(RELEASE_PATH)/lib/ssl-$(VSN)
 # Common Macros
 # ----------------------------------------------------
 
+BEHAVIOUR_MODULES= \
+        ssl_session_cache_api
+
 MODULES= \
 	ssl \
 	ssl_alert \
@@ -53,7 +56,6 @@ MODULES= \
 	ssl_handshake \
 	ssl_manager \
 	ssl_session \
-        ssl_session_cache_api \
 	ssl_session_cache \
 	ssl_record \
 	ssl_ssl2 \
@@ -66,10 +68,15 @@ INTERNAL_HRL_FILES = \
 	 ssl_alert.hrl ssl_cipher.hrl ssl_handshake.hrl ssl_internal.hrl \
 	 ssl_record.hrl
 
-ERL_FILES= $(MODULES:%=%.erl)
+ERL_FILES= \
+	$(MODULES:%=%.erl) \
+	$(BEHAVIOUR_MODULES:%=%.erl)
+
 
 TARGET_FILES= $(MODULES:%=$(EBIN)/%.$(EMULATOR))
 
+BEHAVIOUR_TARGET_FILES= $(BEHAVIOUR_MODULES:%=$(EBIN)/%.$(EMULATOR))
+
 APP_FILE= ssl.app
 APPUP_FILE= ssl.appup
 
@@ -83,6 +90,7 @@ APPUP_TARGET= $(EBIN)/$(APPUP_FILE)
 # ----------------------------------------------------
 EXTRA_ERLC_FLAGS = +warn_unused_vars
 ERL_COMPILE_FLAGS += -I$(ERL_TOP)/lib/kernel/src \
+	-pz $(EBIN) \
 	-pz $(ERL_TOP)/lib/public_key/ebin \
 	$(EXTRA_ERLC_FLAGS) -DVSN=\"$(VSN)\"
 
@@ -91,6 +99,8 @@ ERL_COMPILE_FLAGS += -I$(ERL_TOP)/lib/kernel/src \
 # Targets
 # ----------------------------------------------------
 
+$(TARGET_FILES): $(BEHAVIOUR_TARGET_FILES)
+
 debug opt: $(TARGET_FILES) $(APP_TARGET) $(APPUP_TARGET) 
 
 clean:
@@ -105,6 +115,7 @@ $(APPUP_TARGET):	$(APPUP_SRC) ../vsn.mk
 
 docs:
 
+
 # ----------------------------------------------------
 # Release Target
 # ---------------------------------------------------- 
@@ -114,14 +125,8 @@ release_spec: opt
 	$(INSTALL_DIR) $(RELSYSDIR)/src
 	$(INSTALL_DATA) $(ERL_FILES) $(INTERNAL_HRL_FILES) $(RELSYSDIR)/src
 	$(INSTALL_DIR) $(RELSYSDIR)/ebin
-	$(INSTALL_DATA) $(TARGET_FILES) $(APP_TARGET) \
+	$(INSTALL_DATA) $(BEHAVIOUR_TARGET_FILES) $(TARGET_FILES) $(APP_TARGET) \
 	$(APPUP_TARGET) $(RELSYSDIR)/ebin
 
 release_docs_spec:
 
-
-
-
-
-
-
diff --git a/lib/ssl/src/inet_tls_dist.erl b/lib/ssl/src/inet_tls_dist.erl
index 115527aae0..57c859bf24 100644
--- a/lib/ssl/src/inet_tls_dist.erl
+++ b/lib/ssl/src/inet_tls_dist.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2011-2011. All Rights Reserved.
+%% Copyright Ericsson AB 2011-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -57,7 +57,7 @@ accept_connection(AcceptPid, Socket, MyNode, Allowed, SetupTime) ->
 
 setup(Node, Type, MyNode, LongOrShortNames,SetupTime) ->
     Kernel = self(),
-    spawn(fun() -> do_setup(Kernel, Node, Type, MyNode, LongOrShortNames, SetupTime) end).
+    spawn_opt(fun() -> do_setup(Kernel, Node, Type, MyNode, LongOrShortNames, SetupTime) end, [link, {priority, max}]).
 		   
 do_setup(Kernel, Node, Type, MyNode, LongOrShortNames, SetupTime) ->
     [Name, Address] = splitnode(Node, LongOrShortNames),
@@ -229,9 +229,7 @@ connect_hs_data(Kernel, Node, MyNode, Socket, Timer, Version, Ip, TcpPort, Addre
 accept_hs_data(Kernel, MyNode, Socket, Timer, Allowed) ->
     common_hs_data(Kernel, MyNode, Socket, Timer, #hs_data{
 					     allowed = Allowed,
-					     f_address = fun(S, N) -> 
-								 ssl_tls_dist_proxy:get_remote_id(S, N)
-							 end
+					     f_address = fun get_remote_id/2
 					    }).
 
 common_hs_data(Kernel, MyNode, Socket, Timer, HsData) ->
@@ -273,3 +271,11 @@ common_hs_data(Kernel, MyNode, Socket, Timer, HsData) ->
 		  P = proplists:get_value(send_pend, Stats, 0),
 		  {ok, R,W,P}
 	  end}.
+
+get_remote_id(Socket, _Node) ->
+    case ssl_tls_dist_proxy:get_tcp_address(Socket) of
+        {ok, Address} ->
+	    Address;
+	{error, _Reason} ->
+	    ?shutdown(no_node)
+    end.
diff --git a/lib/ssl/src/ssl.appup.src b/lib/ssl/src/ssl.appup.src
index 1b07e76d6a..e346b1e9e6 100644
--- a/lib/ssl/src/ssl.appup.src
+++ b/lib/ssl/src/ssl.appup.src
@@ -1,23 +1,13 @@
 %% -*- erlang -*-
 {"%VSN%",
  [
-  {"4.1.6", [{restart_application, ssl}]},
-  {"4.1.5", [{restart_application, ssl}]},
-  {"4.1.4", [{restart_application, ssl}]},
-  {"4.1.3", [{restart_application, ssl}]},
-  {"4.1.2", [{restart_application, ssl}]},
-  {"4.1.1", [{restart_application, ssl}]},
-  {"4.1",   [{restart_application, ssl}]},
-  {"4.0.1", [{restart_application, ssl}]}
+  {"5.0", [{restart_application, ssl}]},
+  {<<"4\\.*">>, [{restart_application, ssl}]},
+  {<<"3\\.*">>, [{restart_application, ssl}]}
  ], 
  [
-  {"4.1.6", [{restart_application, ssl}]},
-  {"4.1.5", [{restart_application, ssl}]},
-  {"4.1.4", [{restart_application, ssl}]},
-  {"4.1.3", [{restart_application, ssl}]},
-  {"4.1.2", [{restart_application, ssl}]},
-  {"4.1.1", [{restart_application, ssl}]},
-  {"4.1",   [{restart_application, ssl}]},
-  {"4.0.1", [{restart_application, ssl}]}
+  {"5.0", [{restart_application, ssl}]},
+  {<<"4\\.*">>, [{restart_application, ssl}]},
+  {<<"3\\.*">>, [{restart_application, ssl}]}
  ]}.
 
diff --git a/lib/ssl/src/ssl.erl b/lib/ssl/src/ssl.erl
index d0693445e0..0bcdffbeff 100644
--- a/lib/ssl/src/ssl.erl
+++ b/lib/ssl/src/ssl.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1999-2011. All Rights Reserved.
+%% Copyright Ericsson AB 1999-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -30,7 +30,7 @@
 	 controlling_process/2, listen/2, pid/1, peername/1, peercert/1,
 	 recv/2, recv/3, send/2, getopts/2, setopts/2, sockname/1,
 	 versions/0, session_info/1, format_error/1,
-	 renegotiate/1]).
+	 renegotiate/1, prf/5]).
 
 -deprecated({pid, 1, next_major_release}).
 
@@ -40,6 +40,12 @@
 
 -include_lib("public_key/include/public_key.hrl"). 
 
+%% Visible in API
+-export_type([connect_option/0, listen_option/0, ssl_option/0, transport_option/0,
+	      erl_cipher_suite/0, %% From ssl_cipher.hrl 
+	      tls_atom_version/0, %% From ssl_internal.hrl
+	      prf_random/0]).
+
 -record(config, {ssl,               %% SSL parameters
 		 inet_user,         %% User set inet options
 		 emulated,          %% #socket_option{} emulated
@@ -67,7 +73,7 @@
 -type ssl_imp()      :: new | old.
 
 -type transport_option() :: {cb_info, {CallbackModule::atom(), DataTag::atom(), ClosedTag::atom()}}.
-
+-type prf_random() :: client_random | server_random.
 
 %%--------------------------------------------------------------------
 -spec start() -> ok  | {error, reason()}.
@@ -414,6 +420,17 @@ versions() ->
 renegotiate(#sslsocket{pid = Pid, fd = new_ssl}) ->
     ssl_connection:renegotiation(Pid).
 
+%%--------------------------------------------------------------------
+-spec prf(#sslsocket{}, binary() | 'master_secret', binary(),
+	  binary() | prf_random(), non_neg_integer()) ->
+		 {ok, binary()} | {error, reason()}.
+%%
+%% Description: use a ssl sessions TLS PRF to generate key material
+%%--------------------------------------------------------------------
+prf(#sslsocket{pid = Pid, fd = new_ssl},
+    Secret, Label, Seed, WantedLength) ->
+    ssl_connection:prf(Pid, Secret, Label, Seed, WantedLength).
+
 %%---------------------------------------------------------------
 -spec format_error({error, term()}) -> list().
 %%
diff --git a/lib/ssl/src/ssl_certificate.erl b/lib/ssl/src/ssl_certificate.erl
index 61876e1158..0931b86782 100644
--- a/lib/ssl/src/ssl_certificate.erl
+++ b/lib/ssl/src/ssl_certificate.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2007-2011. All Rights Reserved.
+%% Copyright Ericsson AB 2007-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -111,7 +111,7 @@ file_to_certificats(File, DbHandle) ->
     {ok, List} = ssl_manager:cache_pem_file(File, DbHandle),
     [Bin || {'Certificate', Bin, not_encrypted} <- List].
 %%--------------------------------------------------------------------
--spec validate_extension(term(), #'Extension'{} | {bad_cert, atom()} | valid,
+-spec validate_extension(term(), {extension, #'Extension'{}} | {bad_cert, atom()} | valid,
 			 term()) -> {valid, term()} |
 				    {fail, tuple()} |
 				    {unknown, term()}.
diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl
index 28dd0c85d0..6c06baff98 100644
--- a/lib/ssl/src/ssl_connection.erl
+++ b/lib/ssl/src/ssl_connection.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2007-2011. All Rights Reserved.
+%% Copyright Ericsson AB 2007-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -40,7 +40,8 @@
 -export([send/2, recv/3, connect/7, ssl_accept/6, handshake/2,
 	 socket_control/3, close/1, shutdown/2,
 	 new_user/2, get_opts/2, set_opts/2, info/1, session_info/1, 
-	 peer_certificate/1, sockname/1, peername/1, renegotiation/1]).
+	 peer_certificate/1, sockname/1, peername/1, renegotiation/1,
+	 prf/5]).
 
 %% Called by ssl_connection_sup
 -export([start_link/7]). 
@@ -273,6 +274,16 @@ peer_certificate(ConnectionPid) ->
 renegotiation(ConnectionPid) ->
     sync_send_all_state_event(ConnectionPid, renegotiate). 
 
+%%--------------------------------------------------------------------
+-spec prf(pid(), binary() | 'master_secret', binary(),
+	  binary() | ssl:prf_random(), non_neg_integer()) ->
+		 {ok, binary()} | {error, reason()} | {'EXIT', term()}.
+%%
+%% Description: use a ssl sessions TLS PRF to generate key material
+%%--------------------------------------------------------------------
+prf(ConnectionPid, Secret, Label, Seed, WantedLength) ->
+    sync_send_all_state_event(ConnectionPid, {prf, Secret, Label, Seed, WantedLength}).
+
 %%====================================================================
 %% ssl_connection_sup API
 %%====================================================================
@@ -868,6 +879,32 @@ handle_sync_event(renegotiate, From, connection, State) ->
 handle_sync_event(renegotiate, _, StateName, State) ->
     {reply, {error, already_renegotiating}, StateName, State, get_timeout(State)};
 
+handle_sync_event({prf, Secret, Label, Seed, WantedLength}, _, StateName,
+		  #state{connection_states = ConnectionStates,
+			 negotiated_version = Version} = State) ->
+    ConnectionState =
+	ssl_record:current_connection_state(ConnectionStates, read),
+    SecParams = ConnectionState#connection_state.security_parameters,
+    #security_parameters{master_secret = MasterSecret,
+			 client_random = ClientRandom,
+			 server_random = ServerRandom} = SecParams,
+    Reply = try
+		SecretToUse = case Secret of
+				  _ when is_binary(Secret) -> Secret;
+				  master_secret -> MasterSecret
+			      end,
+		SeedToUse = lists:reverse(
+			      lists:foldl(fun(X, Acc) when is_binary(X) -> [X|Acc];
+					     (client_random, Acc) -> [ClientRandom|Acc];
+					     (server_random, Acc) -> [ServerRandom|Acc]
+					  end, [], Seed)),
+		ssl_handshake:prf(Version, SecretToUse, Label, SeedToUse, WantedLength)
+	    catch
+		exit:_ -> {error, badarg};
+		error:Reason -> {error, Reason}
+	    end,
+    {reply, Reply, StateName, State, get_timeout(State)};
+
 handle_sync_event(info, _, StateName, 
 		  #state{negotiated_version = Version,
 			 session = #session{cipher_suite = Suite}} = State) ->
diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl
index 371f475c85..2e0a3de182 100644
--- a/lib/ssl/src/ssl_handshake.erl
+++ b/lib/ssl/src/ssl_handshake.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2007-2011. All Rights Reserved.
+%% Copyright Ericsson AB 2007-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -37,7 +37,7 @@
 	 finished/4, verify_connection/5, get_tls_handshake/2,
 	 decode_client_key/3, server_hello_done/0,
 	 encode_handshake/2, init_hashes/0, update_hashes/2,
-	 decrypt_premaster_secret/2]).
+	 decrypt_premaster_secret/2, prf/5]).
 
 -export([dec_hello_extensions/2]).
 
@@ -188,14 +188,14 @@ certify(#certificate{asn1_certificates = ASN1Certs}, CertDbHandle, CertDbRef,
     ValidationFunAndState =
 	case VerifyFunAndState of
 	    undefined ->
-		{fun(OtpCert, ExtensionOrError, SslState) ->
+		{fun(OtpCert, ExtensionOrVerifyResult, SslState) ->
 			 ssl_certificate:validate_extension(OtpCert,
-							    ExtensionOrError, SslState)
+							    ExtensionOrVerifyResult, SslState)
 		 end, Role};
 	    {Fun, UserState0} ->
-		{fun(OtpCert, ExtensionOrError, {SslState, UserState}) ->
+		{fun(OtpCert, {extension, _} = Extension, {SslState, UserState}) ->
 			 case ssl_certificate:validate_extension(OtpCert,
-								 ExtensionOrError,
+								 Extension,
 								 SslState) of
 			     {valid, NewSslState} ->
 				 {valid, {NewSslState, UserState}};
@@ -204,8 +204,11 @@ certify(#certificate{asn1_certificates = ASN1Certs}, CertDbHandle, CertDbRef,
 						SslState);
 			     {unknown, _} ->
 				 apply_user_fun(Fun, OtpCert,
-						ExtensionOrError, UserState, SslState)
-			 end
+						Extension, UserState, SslState)
+			 end;
+		    (OtpCert, VerifyResult, {SslState, UserState}) ->
+			 apply_user_fun(Fun, OtpCert, VerifyResult, UserState,
+					SslState)
 		 end, {Role, UserState0}}
 	end,
 
@@ -540,6 +543,18 @@ server_key_exchange_hash(dhe_dss, Value) ->
     crypto:sha(Value).
 
 %%--------------------------------------------------------------------
+-spec prf(tls_version(), binary(), binary(), [binary()], non_neg_integer()) ->
+		 {ok, binary()} | {error, undefined}.
+%%
+%% Description: use the TLS PRF to generate key material
+%%--------------------------------------------------------------------
+prf({3,0}, _, _, _, _) ->
+    {error, undefined};
+prf({3,N}, Secret, Label, Seed, WantedLength)
+  when N == 1; N == 2 ->
+    {ok, ssl_tls1:prf(Secret, Label, Seed, WantedLength)}.
+
+%%--------------------------------------------------------------------
 %%% Internal functions
 %%--------------------------------------------------------------------
 get_tls_handshake_aux(<<?BYTE(Type), ?UINT24(Length), 
diff --git a/lib/ssl/src/ssl_tls1.erl b/lib/ssl/src/ssl_tls1.erl
index 5f9850c386..c8aae34892 100644
--- a/lib/ssl/src/ssl_tls1.erl
+++ b/lib/ssl/src/ssl_tls1.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2007-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2007-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -29,7 +29,7 @@
 -include("ssl_record.hrl"). 			
 
 -export([master_secret/3, finished/3, certificate_verify/2, mac_hash/7, 
-	 setup_keys/6, suites/0]).
+	 setup_keys/6, suites/0, prf/4]).
 
 %%====================================================================
 %% Internal application API
diff --git a/lib/ssl/src/ssl_tls_dist_proxy.erl b/lib/ssl/src/ssl_tls_dist_proxy.erl
index d63eada571..a8476b104f 100644
--- a/lib/ssl/src/ssl_tls_dist_proxy.erl
+++ b/lib/ssl/src/ssl_tls_dist_proxy.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2011-2011. All Rights Reserved.
+%% Copyright Ericsson AB 2011-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -19,7 +19,7 @@
 -module(ssl_tls_dist_proxy).
 
 
--export([listen/1, accept/1, connect/2, get_remote_id/2]).
+-export([listen/1, accept/1, connect/2, get_tcp_address/1]).
 -export([init/1, start_link/0, handle_call/3, handle_cast/2, handle_info/2, 
 	 terminate/2, code_change/3, ssl_options/2]).
 
@@ -47,9 +47,6 @@ accept(Listen) ->
 connect(Ip, Port) ->
     gen_server:call(?MODULE, {connect, Ip, Port}, infinity).
 
-get_remote_id(Socket, Node) ->
-    gen_server:call(?MODULE, {get_remote_id, {Socket,Node}}, infinity).
-
 %%====================================================================
 %% gen_server callbacks
 %%====================================================================
@@ -65,8 +62,8 @@ handle_call({listen, Name}, _From, State) ->
     case gen_tcp:listen(0, [{active, false}, {packet,?PPRE}]) of
 	{ok, Socket} ->
 	    {ok, World} = gen_tcp:listen(0, [{active, false}, binary, {packet,?PPRE}]),
-	    TcpAddress = get_tcp_address(Socket),
-	    WorldTcpAddress = get_tcp_address(World),
+	    {ok, TcpAddress} = get_tcp_address(Socket),
+	    {ok, WorldTcpAddress} = get_tcp_address(World),
 	    {_,Port} = WorldTcpAddress#net_address.address,
 	    {ok, Creation} = erl_epmd:register_node(Name, Port),
 	    {reply, {ok, {Socket, TcpAddress, Creation}},
@@ -87,17 +84,16 @@ handle_call({connect, Ip, Port}, {From, _}, State) ->
     receive 
 	{Pid, go_ahead, LPort} -> 
 	    Res = {ok, Socket} = try_connect(LPort),
-	    ok = gen_tcp:controlling_process(Socket, From),
-	    flush_old_controller(From, Socket),
-	    {reply, Res, State};
+	    case gen_tcp:controlling_process(Socket, From) of
+		{error, badarg} = Error -> {reply, Error, State};   % From is dead anyway.
+		ok ->
+		    flush_old_controller(From, Socket),
+		    {reply, Res, State}
+        end;
 	{Pid, Error} ->
 	    {reply, Error, State}
     end;
 
-handle_call({get_remote_id, {Socket,_Node}}, _From, State) ->
-    Address = get_tcp_address(Socket),
-    {reply, Address, State};
-
 handle_call(_What, _From, State) ->
     {reply, ok, State}.
 
@@ -117,14 +113,18 @@ code_change(_OldVsn, St, _Extra) ->
 %%% Internal functions
 %%--------------------------------------------------------------------
 get_tcp_address(Socket) ->
-    {ok, Address} = inet:sockname(Socket),
-    {ok, Host} = inet:gethostname(),
-    #net_address{
+    case inet:sockname(Socket) of
+	{ok, Address} ->
+	{ok, Host} = inet:gethostname(),
+	    NetAddress = #net_address{
 		  address = Address,
 		  host = Host,
 		  protocol = proxy,
 		  family = inet
-		}.
+		},
+	    {ok, NetAddress};
+	{error, _} = Error -> Error
+    end.
 
 accept_loop(Proxy, erts = Type, Listen, Extra) ->
     process_flag(priority, max),
@@ -178,8 +178,8 @@ setup_proxy(Ip, Port, Parent) ->
     Opts = get_ssl_options(client),
     case ssl:connect(Ip, Port, [{active, true}, binary, {packet,?PPRE}] ++ Opts) of
 	{ok, World} ->
-	    {ok, ErtsL} = gen_tcp:listen(0, [{active, true}, binary, {packet,?PPRE}]),
-	    #net_address{address={_,LPort}} = get_tcp_address(ErtsL),
+	    {ok, ErtsL} = gen_tcp:listen(0, [{active, true}, {ip, {127,0,0,1}}, binary, {packet,?PPRE}]),
+	    {ok, #net_address{address={_,LPort}}} = get_tcp_address(ErtsL),
 	    Parent ! {self(), go_ahead, LPort},
 	    case gen_tcp:accept(ErtsL) of
 		{ok, Erts} ->
@@ -194,7 +194,7 @@ setup_proxy(Ip, Port, Parent) ->
 
 setup_connection(World, ErtsListen) ->
     process_flag(trap_exit, true),
-    TcpAddress = get_tcp_address(ErtsListen),
+    {ok, TcpAddress} = get_tcp_address(ErtsListen),
     {_Addr,Port} = TcpAddress#net_address.address,
     {ok, Erts} = gen_tcp:connect({127,0,0,1}, Port, [{active, true}, binary, {packet,?PPRE}]),
     ssl:setopts(World, [{active,true}, {packet,?PPRE}]),
@@ -223,7 +223,11 @@ loop_conn_setup(World, Erts) ->
 	    loop_conn_setup(World, Erts);
 	{tcp, Erts, Data} ->
 	    ssl:send(World, Data),
-	    loop_conn_setup(World, Erts)
+	    loop_conn_setup(World, Erts);
+	{tcp_closed, Erts} ->
+	    ssl:close(World);
+	{ssl_closed,  World} ->
+	    gen_tcp:close(Erts)
     end.
 
 loop_conn(World, Erts) ->