From db509dd5debcd72d7f1d024d289315274f9b788b Mon Sep 17 00:00:00 2001
From: Qijiang Fan <fqj1994@gmail.com>
Date: Thu, 16 Apr 2015 22:25:57 +0800
Subject: ssl: add option sni_fun

The newly added function sni_fun allows dynamic update of SSL options
like keys and certificates depending on different SNI hostname, rather
than a predefined rules of SSL options.
---
 lib/ssl/doc/src/ssl.xml | 21 ++++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

(limited to 'lib/ssl/doc/src/ssl.xml')

diff --git a/lib/ssl/doc/src/ssl.xml b/lib/ssl/doc/src/ssl.xml
index 77f63dcecf..8a0bf69be4 100644
--- a/lib/ssl/doc/src/ssl.xml
+++ b/lib/ssl/doc/src/ssl.xml
@@ -108,10 +108,12 @@
 	<p><c>| {log_alert, boolean()}</c></p>
 	<p><c>| {server_name_indication, hostname() | disable}</c></p>
 	<p><c>| {sni_hosts, [{hostname(), ssloptions()}]}</c></p>
+	<p><c>| {sni_fun, SNIfun::fun()}</c></p>
       </item>
       
       <tag><c>transportoption() =</c></tag>
       <item><p><c>{cb_info, {CallbackModule::atom(), DataTag::atom(),
+
       ClosedTag::atom(), ErrTag:atom()}}</c></p>
       <p>Defaults to <c>{gen_tcp, tcp, tcp_closed, tcp_error}</c>. Can be used
       to customize the transport layer. The callback module must implement a
@@ -185,6 +187,9 @@
       <item><p><c>srp_1024 | srp_1536 | srp_2048 | srp_3072
       | srp_4096 | srp_6144 | srp_8192</c></p></item>
 
+      <tag><c>SNIfun::fun()</c></tag>
+      <item><p><c>= fun(ServerName :: string()) -> ssloptions()</c></p></item>
+
     </taglist>
   </section>
 
@@ -630,7 +635,21 @@ fun(srp, Username :: string(), UserState :: term()) ->
       <tag><c>{sni_hosts, [{hostname(), ssloptions()}]}</c></tag>
       <item><p>If the server receives a SNI (Server Name Indication) from the client
       matching a host listed in the <c>sni_hosts</c> option, the speicific options for
-      that host will override previously specified options.</p></item>
+      that host will override previously specified options.
+
+      The option <c>sni_fun</c>, and <c>sni_hosts</c> are mutually exclusive.</p></item>
+
+      <tag><c>{sni_fun, SNIfun::fun()}</c></tag>
+      <item><p>If the server receives a SNI (Server Name Indication) from the client,
+      the given function will be called to retrive <c>ssloptions()</c> for indicated server.
+      These options will be merged into predefined <c>ssloptions()</c>.
+
+      The function should be defined as:
+        <c>fun(ServerName :: string()) -> ssloptions()</c>
+      and can be specified as a fun or as named <c>fun module:function/1</c>
+
+      The option <c>sni_fun</c>, and <c>sni_hosts</c> are mutually exclusive.</p></item>
+
     </taglist>
   </section>
   
-- 
cgit v1.2.3