From 266ea3592e49cc93e69735eea4572e95fedc6a19 Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Wed, 22 Sep 2010 13:56:31 +0200 Subject: Backwards compatibility Changed implementation to retain backwards compatibility for old option {verify, 0} that shall be equivalent to {verify, verify_none}, also separate the cases unknown CA and selfsigned peer cert, and restored return value of deprecated function public_key:pem_to_der/1. --- lib/ssl/doc/src/ssl.xml | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) (limited to 'lib/ssl/doc/src') diff --git a/lib/ssl/doc/src/ssl.xml b/lib/ssl/doc/src/ssl.xml index d5b7253ef3..8348301aed 100644 --- a/lib/ssl/doc/src/ssl.xml +++ b/lib/ssl/doc/src/ssl.xml @@ -244,10 +244,8 @@ fun(OtpCert :: #'OtpCertificate'{}, Event :: {bad_cert, Reason :: atom()} |

The default verify_fun option in verify_none mode:

-{fun(_,{bad_cert, unknown_ca}, UserState) -> +{fun(_,{bad_cert, _}, UserState) -> {valid, UserState}; - (_,{bad_cert, _} = Reason, _) -> - {fail, Reason}; (_,{extension, _}, UserState) -> {unknown, UserState}; (_, valid, UserState) -> @@ -267,13 +265,14 @@ fun(OtpCert :: #'OtpCertificate'{}, Event :: {bad_cert, Reason :: atom()} |
SSL OPTION DESCRIPTIONS - CLIENT SIDE -

Option described here are client specific or has a slightly different +

Options described here are client specific or has a slightly different meaning in the client than in the server.

{verify, verify_type()} - In verify_none mode the x509-path validation error {bad_cert, unknown_ca} - will automatically be accepted. See also the verify_fun option. + In verify_none mode the default behavior will be to + allow all x509-path validation errors. See also the verify_fun + option. {reuse_sessions, boolean()} Specifies if client should try to reuse sessions @@ -286,7 +285,7 @@ fun(OtpCert :: #'OtpCertificate'{}, Event :: {bad_cert, Reason :: atom()} |
SSL OPTION DESCRIPTIONS - SERVER SIDE -

Option described here are server specific or has a slightly different +

Options described here are server specific or has a slightly different meaning in the server than in the client.

-- cgit v1.2.3