4 files changed, 131 insertions, 13 deletions

diff --git a/lib/ssl/doc/src/notes.xml b/lib/ssl/doc/src/notes.xml
index 61d1c8355a..e5070bc247 100644
--- a/lib/ssl/doc/src/notes.xml
+++ b/lib/ssl/doc/src/notes.xml
@@ -28,6 +28,124 @@
   <p>This document describes the changes made to the SSL application.</p>
 
 
+<section><title>SSL 7.3</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+          <p>
+	    Make sure there is only one poller validator at a time
+	    for validating the session cache.</p>
+          <p>
+	    Own Id: OTP-13185</p>
+        </item>
+        <item>
+          <p>
+	    A timing related issue could cause ssl to hang,
+	    especially happened with newer versions of OpenSSL in
+	    combination with ECC ciphers.</p>
+          <p>
+	    Own Id: OTP-13253</p>
+        </item>
+        <item>
+          <p>
+	    Work around a race condition in the TLS distribution
+	    start.</p>
+          <p>
+	    Own Id: OTP-13268</p>
+        </item>
+        <item>
+          <p>
+	    Big handshake messages are now correctly fragmented in
+	    the TLS record layer.</p>
+          <p>
+	    Own Id: OTP-13306</p>
+        </item>
+        <item>
+          <p>
+	    Improve portability of ECC tests in Crypto and SSL for
+	    "exotic" OpenSSL versions.</p>
+          <p>
+	    Own Id: OTP-13311</p>
+        </item>
+        <item>
+          <p>
+	    Certificate extensions marked as critical are ignored
+	    when using verify_none</p>
+          <p>
+	    Own Id: OTP-13377</p>
+        </item>
+        <item>
+          <p>
+	    If a certificate doesn't contain a CRL Distribution
+	    Points extension, and the relevant CRL is not in the
+	    cache, and the <c>crl_check</c> option is not set to
+	    <c>best_effort</c> , the revocation check should fail.</p>
+          <p>
+	    Own Id: OTP-13378</p>
+        </item>
+        <item>
+          <p>
+	    Enable TLS distribution over IPv6</p>
+          <p>
+	    Own Id: OTP-13391</p>
+        </item>
+      </list>
+    </section>
+
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    Improve error reporting for TLS distribution</p>
+          <p>
+	    Own Id: OTP-13219</p>
+        </item>
+        <item>
+          <p>
+	    Include options from connect, listen and accept in
+	    <c>connection_information/1,2</c></p>
+          <p>
+	    Own Id: OTP-13232</p>
+        </item>
+        <item>
+          <p>
+	    Allow adding extra options for outgoing TLS distribution
+	    connections, as supported for plain TCP connections.</p>
+          <p>
+	    Own Id: OTP-13285</p>
+        </item>
+        <item>
+          <p>
+	    Use loopback as server option in TLS-distribution module</p>
+          <p>
+	    Own Id: OTP-13300</p>
+        </item>
+        <item>
+          <p>
+	    Verify certificate signature against original certificate
+	    binary.</p>
+          <p>
+	    This avoids bugs due to encoding errors when re-encoding
+	    a decode certificate. As there exists several decode step
+	    and using of different ASN.1 specification this is a risk
+	    worth avoiding.</p>
+          <p>
+	    Own Id: OTP-13334</p>
+        </item>
+        <item>
+          <p>
+	    Use <c>application:ensure_all_started/2</c> instead of
+	    hard-coding dependencies</p>
+          <p>
+	    Own Id: OTP-13363</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>SSL 7.2</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/ssl/doc/src/ssl.xml b/lib/ssl/doc/src/ssl.xml
index a76d46ee9b..82bede69d0 100644
--- a/lib/ssl/doc/src/ssl.xml
+++ b/lib/ssl/doc/src/ssl.xml
@@ -48,7 +48,7 @@
       <item><p><c>true | false</c></p></item>
 
       <tag><c>option() =</c></tag>
-      <item><p><c>socketoption() | ssloption() | transportoption()</c></p>
+      <item><p><c>socketoption() | ssl_option() | transport_option()</c></p>
       </item>
 
       <tag><c>socketoption() =</c></tag>
@@ -60,7 +60,7 @@
       <seealso marker="kernel:gen_tcp">gen_tcp(3)</seealso> manual pages
       in Kernel.</p></item>
 
-      <tag><marker id="type-ssloption"/><c>ssloption() =</c></tag>
+      <tag><marker id="type-ssloption"/><c>ssl_option() =</c></tag>
       <item>
 	<p><c>{verify, verify_type()}</c></p>
 	<p><c>| {verify_fun, {fun(), term()}}</c></p>
@@ -85,11 +85,11 @@
 	[binary()]} | {client | server, [binary()], binary()}}</c></p>
 	<p><c>| {log_alert, boolean()}</c></p>
 	<p><c>| {server_name_indication, hostname() | disable}</c></p>
-	<p><c>| {sni_hosts, [{hostname(), ssloptions()}]}</c></p>
+	<p><c>| {sni_hosts, [{hostname(), [ssl_option()]}]}</c></p>
 	<p><c>| {sni_fun, SNIfun::fun()}</c></p>
       </item>
       
-      <tag><c>transportoption() =</c></tag>
+      <tag><c>transport_option() =</c></tag>
       <item><p><c>{cb_info, {CallbackModule::atom(), DataTag::atom(),
 
       ClosedTag::atom(), ErrTag:atom()}}</c></p>
@@ -168,7 +168,7 @@
       | srp_4096 | srp_6144 | srp_8192</c></p></item>
 
       <tag><c>SNIfun::fun()</c></tag>
-      <item><p><c>= fun(ServerName :: string()) -> ssloptions()</c></p></item>
+      <item><p><c>= fun(ServerName :: string()) -> [ssl_option()]</c></p></item>
 
     </taglist>
   </section>
@@ -617,7 +617,7 @@ fun(srp, Username :: string(), UserState :: term()) ->
       selection. If set to <c>false</c> (the default), use the client
       preference.</p></item>
 
-      <tag><c>{sni_hosts, [{hostname(), ssloptions()}]}</c></tag>
+      <tag><c>{sni_hosts, [{hostname(), [ssl_option()]}]}</c></tag>
       <item><p>If the server receives a SNI (Server Name Indication) from the client
       matching a host listed in the <c>sni_hosts</c> option, the specific options for
       that host will override previously specified options.
@@ -626,11 +626,11 @@ fun(srp, Username :: string(), UserState :: term()) ->
 
       <tag><c>{sni_fun, SNIfun::fun()}</c></tag>
       <item><p>If the server receives a SNI (Server Name Indication) from the client,
-      the given function will be called to retrieve <c>ssloptions()</c> for the indicated server.
-      These options will be merged into predefined <c>ssloptions()</c>.
+      the given function will be called to retrieve <c>[ssl_option()]</c> for the indicated server.
+      These options will be merged into predefined <c>[ssl_option()]</c>.
 
       The function should be defined as:
-        <c>fun(ServerName :: string()) -> ssloptions()</c>
+        <c>fun(ServerName :: string()) -> [ssl_option()]</c>
       and can be specified as a fun or as named <c>fun module:function/1</c>
 
       The option <c>sni_fun</c>, and <c>sni_hosts</c> are mutually exclusive.</p></item>
@@ -710,7 +710,7 @@ fun(srp, Username :: string(), UserState :: term()) ->
 	equivalent, connected socket to an SSL socket.</fsummary>
       <type>
 	<v>Socket = socket()</v>
-	<v>SslOptions = [ssloption()]</v>
+	<v>SslOptions = [ssl_option()]</v>
 	<v>Timeout = integer() | infinity</v>
 	<v>SslSocket = sslsocket()</v>
 	<v>Reason = term()</v>
@@ -1023,7 +1023,7 @@ fun(srp, Username :: string(), UserState :: term()) ->
       <fsummary>Performs server-side SSL/TLS handshake.</fsummary>
       <type>
         <v>Socket = socket() | sslsocket() </v>
-	<v>SslOptions = ssloptions()</v>
+	<v>SslOptions = [ssl_option()]</v>
         <v>Timeout = integer()</v>
         <v>Reason = term()</v>
       </type>
diff --git a/lib/ssl/test/ssl_basic_SUITE.erl b/lib/ssl/test/ssl_basic_SUITE.erl
index 847a9f19de..f2cf99e8a8 100644
--- a/lib/ssl/test/ssl_basic_SUITE.erl
+++ b/lib/ssl/test/ssl_basic_SUITE.erl
@@ -4096,7 +4096,7 @@ connection_information_result(Socket) ->
     {ok, Info = [_ | _]} = ssl:connection_information(Socket),
     case  length(Info) > 3 of
 	true -> 
-	    %% Atleast one ssloption() is set
+	    %% Atleast one ssl_option() is set
 	    ct:log("Info ~p", [Info]),
 	    ok;
 	false ->
diff --git a/lib/ssl/vsn.mk b/lib/ssl/vsn.mk
index 9f79a7fb34..47cb2909fb 100644
--- a/lib/ssl/vsn.mk
+++ b/lib/ssl/vsn.mk
@@ -1 +1 @@
-SSL_VSN = 7.2.1
+SSL_VSN = 7.3