From 8edbf8309fe6f095d43cc4bbc3eceaa81823c7f4 Mon Sep 17 00:00:00 2001
From: Lars Thorsen The negotiated protocol can be retrieved using the Indicates that the client is to try to perform Next Protocol
Negotiation.
+
Protocol supported by started clients and
servers. If this option is not set, it defaults to all
protocols currently supported by the SSL application.
@@ -78,8 +78,8 @@
List of extra user-defined arguments to the Limits the growth of the clients/servers session cache,
if the maximum number of sessions is reached, the current cache entries will
be invalidated regardless of their remaining lifetime. Defaults to 1000.
diff --git a/lib/ssl/doc/src/ssl_crl_cache_api.xml b/lib/ssl/doc/src/ssl_crl_cache_api.xml
index 71c1c61fe8..03ac010bfe 100644
--- a/lib/ssl/doc/src/ssl_crl_cache_api.xml
+++ b/lib/ssl/doc/src/ssl_crl_cache_api.xml
@@ -84,9 +84,9 @@
Lookup the CRLs belonging to the distribution point Lookup the CRLs belonging to the distribution point
+ Defines the API for the TLS session cache so
+ that the data storage scheme can be replaced by
+ defining a new callback module implementing this API.
+ Sets the text strings that the daemon sends to the client for presentation to the user when using Provides a function for password validation. This could used for calling an external system or if
passwords should be stored as a hash. The fun returns:
- This fun can also be used to make delays in authentication tries for example by calling
A third usage is to block login attempts from a missbehaving peer. The
+
where:
-
PromptTexts = kb_int_tuple() | fun(Peer::{IP::tuple(),Port::integer()}, User::string(), Service::string()) -> kb_int_tuple()
-
kb_int_tuple() = {Name::string(), Instruction::string(), Prompt::string(), Echo::boolean()}
-
+
-
+
-
The following rfc:s are supported:
Except +
Except
Except +
Except
Except +
Except
Except +
Except
+ If the client or the server is not Erlang/OTP, it is the users responsibility to check that + other implementation has the same interpretation of AEAD_AES_*_GCM as the Erlang/OTP SSH before + enabling them. The aes*-gcm@openssh.com variants are always safe to use since they lack the + ambiguity. +
The second paragraph in section 5.1 is resolved as: +
The second paragraph in section 5.1 is resolved as:
The first rule that matches when read in order from the top is applied
Except +
Except
The SSH Connection Protocol is used by clients and servers, - that is, SSH channels, to communicate over the SSH connection. The - API functions in this module send SSH Connection Protocol events, +
The The The This module contains interface functions for the SSL.
+ This module contains interface functions for the SSL/TLS protocol.
+ For detailed information about the supported standards see
+ The following data types are used in the functions for SSL:
+ The ssl application is an implementation of the SSL/TLS protocol in Erlang.
+ The SSL application uses the
-
-
-
+
+
The module
The module If the fragment option is Scheme validation fun is to be defined as follows:
+ Scheme validation fun is to be defined as follows: It is called before scheme string gets converted into scheme atom and
thus possible atom leak could be prevented This module provides the HTTP server start options, some administrative
- functions, and specifies the Erlang web server callback
- API. An implementation of an HTTP 1.1 compliant web server, as defined in
+
+
- It is called before scheme string gets converted into scheme atom and
+
fun(SchemeStr :: string()) ->
valid | {error, Reason :: term()}.
-
+
If this property is defined,
If this property is defined,
Mandatory Properties
The port that the HTTP server listen to. If zero is specified as port, an arbitrary available port @@ -130,22 +128,19 @@ determine which port was picked.
The name of your server, normally a fully qualified domain name.
Defines the home directory of the server, where log files, and so on, can be stored. Relative paths specified in other properties refer to this directory.
Defines the top directory for the documents that are available on the HTTP server.
@@ -155,15 +150,13 @@Communication Properties
Default is
Used together with
For
Default is
Default is
If given, sets a minimum of bytes per second value for connections.
If the value is unreached, the socket closes for that connection.
@@ -206,8 +196,7 @@Erlang Web Server API Modules
Defines which modules the HTTP server uses when handling
requests. Default is Limit properties A callback module to customize the inets HTTP servers behaviour
see Allows you to disable chunked
transfer-encoding when sending a response to an HTTP/1.1
client. Default is Instructs the server whether to use persistent
connections when the client claims to be HTTP/1.1
compliant. Default is The number of seconds the server waits for a
subsequent request from the client before closing the
connection. Default is Limits the size of the message body of an HTTP request.
Default is no limit. Limits the number of simultaneous requests that can be
supported. Default is Limits the size of the message header of an HTTP request.
Default is Maximum content-length in an incoming request, in bytes. Requests
with content larger than this are answered with status 413.
@@ -285,15 +266,13 @@
Limits the size of the HTTP request URI.
Default is no limit. The number of requests that a client can do on one
connection. When the server has responded to the number of
@@ -306,8 +285,7 @@
Administrative Properties Default is [{"html","text/html"},{"htm","text/html"}]. When the server is asked to provide a document type that
cannot be determined by the MIME Type Settings, the server
uses this default type. Defines the email-address of the server
administrator to be included in any error messages returned by
the server. Defines the look of the value of the server header. Example: Assuming the version of By default, the value is as before, that is, Defines if access logs are to be written according to the Default is URL Aliasing Properties - Requires mod_alias Access to http://your.server.org/image/foo.gif would refer to
the file /ftp/pub/image/foo.gif. Access to http://your.server.org/~bob/foo.gif would refer to
the file /home/bob/public/foo.gif.
In an Apache-like configuration file, Beware of trailing space in Access to http://your.server.org/docs/ would return
http://your.server.org/docs/index.html or
http://your.server.org/docs/welcome.html if index.html does not
exist. CGI Properties - Requires mod_cgi Access to http://your.server.org/cgi-bin/foo would cause
the server to run the script /web/cgi-bin/foo. Access to http://your.server.org/cgi-bin/17/foo would cause
the server to run the script /web/17/cgi-bin/foo. If The time in seconds the web server waits between each
chunk of data from the script. If the CGI script does not deliver
@@ -545,8 +511,7 @@ text/plain asc txt
closed. Default is ESI Properties - Requires mod_esi A request to
http://your.server.org/cgi-bin/example/httpd_example:yahoo
would refer to httpd_example:yahoo/3 or, if that does not exist,
httpd_example:yahoo/2 and
@@ -597,8 +560,7 @@ text/plain asc txt
not be allowed to execute. If If Log Properties - Requires mod_log Defines the filename of the error log file to be used to log
server errors. If the filename does not begin with a slash (/),
it is assumed to be relative to the Defines the filename of the access log file to be used to
log security events. If the filename does not begin with a slash
(/), it is assumed to be relative to the Defines the filename of the access log file to be used to
log incoming requests. If the filename does not begin with a
@@ -657,8 +614,7 @@ text/plain asc txt
Disk Log Properties - Requires mod_disk_log Defines the file format of the log files. See Defines the filename of the ( Defines the filename of the ( Defines the filename of the ( The properties for directories are as follows: Defines a set of hosts to be granted access to a
- given directory, for example:
+ given directory, for example: The host Defines a set of hosts
- to be denied access to a given directory, for example:
+ to be denied access to a given directory, for example: The host Sets the type of authentication database that is used for the
directory. The key difference between the different methods is
@@ -770,8 +717,7 @@ text/plain asc txt
configuration files. Sets the name of a file containing the list of users and
passwords for user authentication. The filename can be either
@@ -795,8 +741,7 @@ text/plain asc txt
clients can download it. Sets the name of a file containing the list of user
groups for user authentication. The filename can be either
@@ -818,16 +763,14 @@ text/plain asc txt
can download it. Sets the name of the authorization realm (auth-domain) for
a directory. This string informs the client about which
username and password to use. If set to other than "NoPassword", the password is required
for all API calls. If the password is set to "DummyPassword", the
@@ -837,15 +780,13 @@ text/plain asc txt
text in the configuration file. Defines users to grant access to a given
directory using a secret password. Defines users to grant access to a given
directory using a secret password. Htaccess Authentication Properties - Requires mod_htaccess Specifies the filenames that are used for
access files. When a request comes, every directory in the path
@@ -877,16 +817,14 @@ text/plain asc txt
The properties for the security directories are as follows: Name of the security data file. The filename can either be
absolute or relative to the Specifies the maximum number of attempts to authenticate a
user before the user is blocked out. If a user
@@ -898,16 +836,14 @@ text/plain asc txt
Default is Specifies the number of minutes a user is blocked. After
this timehas passed, the user automatically regains access.
Default is Specifies the number of minutes a failed user authentication
is remembered. If a user authenticates after this
@@ -916,8 +852,7 @@ text/plain asc txt
Default is [httpd] - Issues with ESI erl_script_timeout.
- The When the erl-script-timeout time was exceeded, the server
- incorrectly marked the answer as sent, thereby leaving
- client hanging (with an incomplete answer).
- This has been changed, so that now the socket will be
- closed. The When the erl-script-timeout time was exceeded, the server
+ incorrectly marked the answer as sent, thereby leaving
+ client hanging (with an incomplete answer).
+ This has been changed, so that now the socket will be
+ closed. Own Id: OTP-8509 [httpc] Several more or less critical fixes:
- Initial call between the httpc manager and request
- handler was synchronous. When the manager starts a new request handler,
- this is no longer a synchronous operation. Previously,
- the new request handler made the connection to the
- server and issuing of the first request (the reason
- for starting it) in the gen_server init function.
- If the connection for some reason "took some time",
- the manager hanged, leaving all other activities by
- that manager also hanging. Initial call between the httpc manager and request
+ handler was synchronous. When the manager starts a new request handler,
+ this is no longer a synchronous operation. Previously,
+ the new request handler made the connection to the
+ server and issuing of the first request (the reason
+ for starting it) in the gen_server init function.
+ If the connection for some reason "took some time",
+ the manager hanged, leaving all other activities by
+ that manager also hanging. As a side-effect of these changes, some modules was also
renamed, and a new api module,
{alias, {"/image", "/ftp/pub/image"}}
- Access to http://your.server.org/image/foo.gif would refer to
+ {re_write, {"^/[~]([^/]+)(.*)$", "/home/\\1/public\\2"}}
- Access to http://your.server.org/~bob/foo.gif would refer to
+ ReWrite ^/[~]([^/]+)(.*)$ /home/\1/public\2
- Beware of trailing space in {directory_index, ["index.hml", "welcome.html"]}
- Access to http://your.server.org/docs/ would return
+ {script_alias, {"/cgi-bin/", "/web/cgi-bin/"}}
- Access to http://your.server.org/cgi-bin/foo would cause
+ {script_re_write, {"^/cgi-bin/(\\d+)/", "/web/\\1/cgi-bin/"}}
- Access to http://your.server.org/cgi-bin/17/foo would cause
+ {action, {"text/plain", "/cgi-bin/log_and_deliver_text"}}
{erl_script_alias, {"/cgi-bin/example", [httpd_example]}}
- A request to
+ {allow_from, ["123.34.56.11", "150.100.23"]}
- The host {deny_from, ["123.34.56.11", "150.100.23"]}
- The host
-
-
+
-
+
-
Changes configuration for all TFTP daemon processes.
- -Changes configuration for all TFTP server processes.
- -Changes configuration for a TFTP daemon, server, or client process.
-Returns information about all TFTP daemon processes.
- -Returns information about all TFTP server processes.
- -
-
-- Own Id: OTP-10675 Aux Id: seq12154
+ Own Id: OTP-10675 Aux Id: seq12154 +As of
Almost all server functionality has been implemented using an especially crafted server API, which is described in the Erlang Web @@ -530,7 +528,7 @@ http://your.server.org/eval?httpd_example:print(atom_to_list(apply(erlang,halt,[
This module runs CGI scripts whenever a file of a
certain type or HTTP method (see
-
Uses the following Erlang Web Server API interaction data:
@@ -557,7 +555,7 @@ http://your.server.org/eval?httpd_example:print(atom_to_list(apply(erlang,halt,[