From bc8b6bf58c96f8d5a07146ddea145f71fe8c8956 Mon Sep 17 00:00:00 2001
From: Julien Barbot
Date: Tue, 29 Oct 2013 22:29:01 +0100
Subject: Add SSL Server Name Indication (SNI) client support
See RFC 6066 section 3
---
lib/ssl/doc/src/ssl.xml | 2 ++
1 file changed, 2 insertions(+)
(limited to 'lib/ssl/doc')
diff --git a/lib/ssl/doc/src/ssl.xml b/lib/ssl/doc/src/ssl.xml
index 445a47c07b..aac04095b4 100644
--- a/lib/ssl/doc/src/ssl.xml
+++ b/lib/ssl/doc/src/ssl.xml
@@ -52,6 +52,8 @@
- CRL and policy certificate extensions are not supported
yet. However CRL verification is supported by public_key, only not integrated
in ssl yet.
+ - Support for 'Server Name Indication' extension client side
+ (RFC 6066 section 3).
--
cgit v1.2.3
From d370fe05f5884691a89784aa73bfb4eb2176edab Mon Sep 17 00:00:00 2001
From: Julien Barbot
Date: Sun, 3 Nov 2013 21:30:03 +0100
Subject: Add a new server_name_indication option to ssl:connect
- Set to disable to explicitly disable SNI support.
- Set to a hostname when upgrading from TCP to TLS.
---
lib/ssl/doc/src/ssl.xml | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
(limited to 'lib/ssl/doc')
diff --git a/lib/ssl/doc/src/ssl.xml b/lib/ssl/doc/src/ssl.xml
index aac04095b4..b4182e6d61 100644
--- a/lib/ssl/doc/src/ssl.xml
+++ b/lib/ssl/doc/src/ssl.xml
@@ -89,7 +89,7 @@
{ssl_imp, ssl_imp()} | {reuse_sessions, boolean()} | {reuse_session, fun()}
{next_protocols_advertised, [binary()]} |
{client_preferred_next_protocols, {client | server, [binary()]} | {client | server, [binary()], binary()}} |
- {log_alert, boolean()}
+ {log_alert, boolean()} | {server_name_indication, hostname() | disable}
transportoption() = {cb_info, {CallbackModule::atom(), DataTag::atom(), ClosedTag::atom(), ErrTag:atom()}}
@@ -384,6 +384,14 @@ fun(srp, Username :: string(), UserState :: term()) ->
{srp_identity, {Username :: string(), Password :: string()}
- Specifies the Username and Password to use to authenticate to the server.
+ {server_name_indication, hostname()}
+ {server_name_indication, disable}
+ -
+
This option can be specified when upgrading a tcp socket to a tls
+ socket to use the TLS Server Name Indication extension.
+ This option can also be set to disable to explicitly disable usage of
+ the Server Name Indication extension.
+
--
cgit v1.2.3
From 06d4f009136b853cd8b50a6b5e8ae0ff5bb54041 Mon Sep 17 00:00:00 2001
From: Julien Barbot
Date: Mon, 4 Nov 2013 10:19:04 +0100
Subject: Update documentation
---
lib/ssl/doc/src/ssl.xml | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
(limited to 'lib/ssl/doc')
diff --git a/lib/ssl/doc/src/ssl.xml b/lib/ssl/doc/src/ssl.xml
index b4182e6d61..19c0c8c9ee 100644
--- a/lib/ssl/doc/src/ssl.xml
+++ b/lib/ssl/doc/src/ssl.xml
@@ -387,10 +387,11 @@ fun(srp, Username :: string(), UserState :: term()) ->
{server_name_indication, hostname()}
{server_name_indication, disable}
-
-
This option can be specified when upgrading a tcp socket to a tls
+
This option can be specified when upgrading a TCP socket to a TLS
socket to use the TLS Server Name Indication extension.
- This option can also be set to disable to explicitly disable usage of
- the Server Name Indication extension.
+ When starting a TLS connection without upgrade the Server Name
+ Indication extension will be sent if possible, this option may also be
+ used to disable that behavior.
--
cgit v1.2.3