4 files changed, 41 insertions, 11 deletions
diff --git a/lib/compiler/src/compile.erl b/lib/compiler/src/compile.erl
index b88f9792a5..9030dd998b 100644
--- a/lib/compiler/src/compile.erl
+++ b/lib/compiler/src/compile.erl
@@ -246,7 +246,7 @@ format_error_reason({Reason, Stack}) when is_list(Stack) ->
     end,
     FormatFun = fun (Term, _) -> io_lib:format("~tp", [Term]) end,
     [io_lib:format("~tp", [Reason]),"\n\n",
-     lib:format_stacktrace(1, erlang:get_stacktrace(), StackFun, FormatFun)];
+     lib:format_stacktrace(1, Stack, StackFun, FormatFun)];
 format_error_reason(Reason) ->
     io_lib:format("~tp", [Reason]).
 
diff --git a/lib/ssl/doc/src/ssl.xml b/lib/ssl/doc/src/ssl.xml
index 910dca3889..4bc1a9a644 100644
--- a/lib/ssl/doc/src/ssl.xml
+++ b/lib/ssl/doc/src/ssl.xml
@@ -4,7 +4,7 @@
 <erlref>
   <header>
     <copyright>
-      <year>1999</year><year>2013</year>
+      <year>1999</year><year>2014</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -184,12 +184,6 @@
       <item> The DER encoded trusted certificates. If this option
       is supplied it will override the cacertfile option.</item>
 
-      <tag>{cacertfile, path()}</tag>
-      <item>Path to file containing PEM encoded
-      CA certificates (trusted certificates used for verifying a peer
-      certificate). May be omitted if you do not want to verify
-      the peer.</item>
-
       <tag>{ciphers, ciphers()}</tag>
       <item>The cipher suites that should be supported. The function
       <c>cipher_suites/0</c> can be used to find all ciphers that are
@@ -354,7 +348,13 @@ fun(srp, Username :: string(), UserState :: term()) ->
       <item>Specifies if client should try to reuse sessions
       when possible.
       </item>
-
+      
+      <tag>{cacertfile, path()}</tag>
+      <item>The path to a file containing PEM encoded CA certificates. The CA 
+      certificates are used during server authentication and when building the
+      client certificate chain.
+     </item>
+  
       <tag>{client_preferred_next_protocols, {Precedence :: server | client, ClientPrefs :: [binary()]}}</tag>
       <tag>{client_preferred_next_protocols, {Precedence :: server | client, ClientPrefs :: [binary()], Default :: binary()}}</tag>
 	   <item>
@@ -403,7 +403,17 @@ fun(srp, Username :: string(), UserState :: term()) ->
     meaning in the server than in the client.</p>
 
     <taglist>
-
+      
+      <tag>{cacertfile, path()}</tag>
+      <item>The path to a file containing PEM encoded CA
+      certificates. The CA certificates are used to build the server
+      certificate chain, and for client authentication.  Also the CAs
+      are used in the list of acceptable client CAs passed to the
+      client when a certificate is requested. May be omitted if there
+      is no need to verify the client and if there are not any
+      intermediate CAs for the server certificate.
+      </item>
+  
       <tag>{dh, der_encoded()}</tag>
       <item>The DER encoded Diffie Hellman parameters. If this option
       is supplied it will override the dhfile option.
diff --git a/lib/ssl/src/ssl.erl b/lib/ssl/src/ssl.erl
index c3bdeb1a54..d46c05c5f3 100644
--- a/lib/ssl/src/ssl.erl
+++ b/lib/ssl/src/ssl.erl
@@ -557,6 +557,7 @@ do_connect(Address, Port,
 handle_options(Opts0, _Role) ->
     Opts = proplists:expand([{binary, [{mode, binary}]},
 			     {list, [{mode, list}]}], Opts0),
+    assert_proplist(Opts),
     ReuseSessionFun = fun(_, _, _, _) -> true end,
 
     DefaultVerifyNoneFun =
@@ -1042,3 +1043,10 @@ connection_sup(dtls_connection) ->
 binary_filename(FileName) ->
     Enc = file:native_name_encoding(),
     unicode:characters_to_binary(FileName, unicode, Enc).
+
+assert_proplist([]) ->
+    true;
+assert_proplist([{Key,_} | Rest]) when is_atom(Key) ->
+    assert_proplist(Rest);
+assert_proplist([Value | _]) ->
+    throw({option_not_a_key_value_tuple, Value}).
diff --git a/lib/ssl/test/ssl_basic_SUITE.erl b/lib/ssl/test/ssl_basic_SUITE.erl
index 523760aba6..64a93440c7 100644
--- a/lib/ssl/test/ssl_basic_SUITE.erl
+++ b/lib/ssl/test/ssl_basic_SUITE.erl
@@ -96,6 +96,7 @@ basic_tests() ->
 options_tests() ->
     [der_input,
      misc_ssl_options,
+     ssl_options_not_proplist,
      socket_options,
      invalid_inet_get_option,
      invalid_inet_get_option_not_list,
@@ -990,7 +991,7 @@ misc_ssl_options(Config) when is_list(Config) ->
     ServerOpts = ?config(server_opts, Config),
     {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
     
-    %% Chek that ssl options not tested elsewhere are filtered away e.i. not passed to inet.
+    %% Check that ssl options not tested elsewhere are filtered away e.i. not passed to inet.
     TestOpts = [{depth, 1}, 
 		{key, undefined}, 
 		{password, []},
@@ -1018,6 +1019,17 @@ misc_ssl_options(Config) when is_list(Config) ->
     ssl_test_lib:close(Client).
 
 %%--------------------------------------------------------------------
+ssl_options_not_proplist() ->
+    [{doc,"Test what happens if an option is not a key value tuple"}].
+
+ssl_options_not_proplist(Config) when is_list(Config) ->
+    BadOption =  {client_preferred_next_protocols, 
+		  client, [<<"spdy/3">>,<<"http/1.1">>], <<"http/1.1">>},
+    {option_not_a_key_value_tuple, BadOption} =
+	ssl:connect("twitter.com", 443, [binary, {active, false}, 
+					 BadOption]).
+
+%%--------------------------------------------------------------------
 versions() ->
     [{doc,"Test API function versions/0"}].