aboutsummaryrefslogtreecommitdiffstats
path: root/lib
diff options
context:
space:
mode:
Diffstat (limited to 'lib')
-rw-r--r--lib/ssl/doc/src/new_ssl.xml14
-rw-r--r--lib/ssl/doc/src/notes.xml67
-rw-r--r--lib/ssl/vsn.mk7
3 files changed, 84 insertions, 4 deletions
diff --git a/lib/ssl/doc/src/new_ssl.xml b/lib/ssl/doc/src/new_ssl.xml
index 4ffaa9d96a..69298759bd 100644
--- a/lib/ssl/doc/src/new_ssl.xml
+++ b/lib/ssl/doc/src/new_ssl.xml
@@ -22,7 +22,6 @@
The Initial Developer of the Original Code is Ericsson AB.
</legalnotice>
-
<title>ssl</title>
<prepared>Ingela Anderton Andin</prepared>
<responsible>Ingela Anderton Andin</responsible>
@@ -83,7 +82,7 @@
meaningless pid.</item>
<item>New API functions are
ssl:shutdown/2, ssl:cipher_suites/[0,1] and
- ssl:versions/0</item>
+ ssl:versions/0, ssl:renegotiate/1</item>
<item>CRL and policy certificate
extensions are not supported yet. </item>
<item>Supported SSL/TLS-versions are SSL-3.0 and TLS-1.0 </item>
@@ -408,6 +407,17 @@ end
</desc>
</func>
+ <func>
+ <name>format_error(Reason) -> string()</name>
+ <fsummary>Return an error string.</fsummary>
+ <type>
+ <v>Reason = term()</v>
+ </type>
+ <desc>
+ <p>Presents the error returned by an ssl function as a printable string.</p>
+ </desc>
+ </func>
+
<func>
<name>getopts(Socket) -> </name>
<name>getopts(Socket, OptionNames) ->
diff --git a/lib/ssl/doc/src/notes.xml b/lib/ssl/doc/src/notes.xml
index 9d13427677..8028e94484 100644
--- a/lib/ssl/doc/src/notes.xml
+++ b/lib/ssl/doc/src/notes.xml
@@ -30,6 +30,73 @@
</header>
<p>This document describes the changes made to the SSL application.
</p>
+
+ <section><title>SSL 3.11.1</title>
+
+ <section><title>Fixed Bugs and Malfunctions</title>
+ <list>
+ <item>
+ <p>
+ Fixed handling of several ssl/tls packets arriving at the
+ same time. This was broken during a refactoring of the
+ code.</p>
+ <p>
+ Own Id: OTP-8679</p>
+ </item>
+ </list>
+ </section>
+
+ <section><title>Improvements and New Features</title>
+ <list>
+ <item>
+ <p>
+ Added missing checks for padding and Mac value. Removed
+ code for export ciphers and DH certificates as we decided
+ not to support them.</p>
+ <p>
+ Own Id: OTP-7047</p>
+ </item>
+ <item>
+ <p>
+ New ssl will no longer return esslerrssl to be backwards
+ compatible with old ssl as this hids infomation from the
+ user. format_error/1 has been updated to support new ssl.</p>
+ <p>
+ *** POTENTIAL INCOMPATIBILITY ***</p>
+ <p>
+ Own Id: OTP-7049</p>
+ </item>
+ <item>
+ <p>
+ New ssl now supports secure renegotiation as described by
+ RFC 5746.</p>
+ <p>
+ Own Id: OTP-8568</p>
+ </item>
+ <item>
+ <p>
+ New ssl now support client/server-certificates signed by
+ dsa keys.</p>
+ <p>
+ Own Id: OTP-8587</p>
+ </item>
+ <item>
+ <p>
+ Alert handling has been improved to better handle
+ unexpected but valid messages and the implementation is
+ also changed to avoid timing related issues that could
+ cause different error messages depending on network
+ latency. Packet handling was sort of broken but would
+ mostly work as expected when socket was in binary mode.
+ This has now been fixed.</p>
+ <p>
+ Own Id: OTP-8588</p>
+ </item>
+ </list>
+ </section>
+
+</section>
+
<section><title>SSL 3.11</title>
<section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/ssl/vsn.mk b/lib/ssl/vsn.mk
index e3db7008e3..5d8be1cd0b 100644
--- a/lib/ssl/vsn.mk
+++ b/lib/ssl/vsn.mk
@@ -19,9 +19,12 @@
SSL_VSN = 3.11.1
-TICKETS = OTP-8588 \
+TICKETS = OTP-8679 \
+ OTP-7047 \
+ OTP-7049 \
OTP-8568 \
- OTP-7049
+ OTP-8587 \
+ OTP-8588
#TICKETS_3.11 = OTP-8517 \
# OTP-7046 \