From 4b3a9cbeaa101603b6eaf6d68976e90780d85fc2 Mon Sep 17 00:00:00 2001
From: Magnus Henoch <magnus@erlang-solutions.com>
Date: Wed, 3 Feb 2016 18:20:39 +0000
Subject: Allow passing verify_fun for TLS distribution

Accept a value of the form {Module, Function, State} from the command
line.  This is different from the {Fun, State} that ssl:connect etc
expect, since there's no clean way to parse a fun from a command line
argument.
---
 lib/ssl/doc/src/ssl_distribution.xml | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

(limited to 'lib/ssl/doc')

diff --git a/lib/ssl/doc/src/ssl_distribution.xml b/lib/ssl/doc/src/ssl_distribution.xml
index dc04d446b0..db867ea74b 100644
--- a/lib/ssl/doc/src/ssl_distribution.xml
+++ b/lib/ssl/doc/src/ssl_distribution.xml
@@ -196,6 +196,7 @@ Eshell V5.0  (abort with ^G)
       <item><c>password</c></item>
       <item><c>cacertfile</c></item>
       <item><c>verify</c></item>
+      <item><c>verify_fun</c> (write as <c>{Module, Function, InitialUserState}</c>)</item>
       <item><c>reuse_sessions</c></item>
       <item><c>secure_renegotiate</c></item>
       <item><c>depth</c></item>
@@ -203,6 +204,10 @@ Eshell V5.0  (abort with ^G)
       <item><c>ciphers</c> (use old string format)</item>
     </list>
 
+    <p>Note that <c>verify_fun</c> needs to be written in a different
+    form than the corresponding SSL option, since funs are not
+    accepted on the command line.</p>
+
     <p>The server can also take the options <c>dhfile</c> and
     <c>fail_if_no_peer_cert</c> (also prefixed).</p>
 
@@ -210,10 +215,6 @@ Eshell V5.0  (abort with ^G)
     initiates a connection to another node. <c>server_</c>-prefixed 
     options are used when accepting a connection from a remote node.</p>
 
-    <p>More complex options, such as <c>verify_fun</c>, are currently not 
-    available, but a mechanism to handle such options may be added in
-    a future release.</p>
-
     <p>Raw socket options, such as <c>packet</c> and <c>size</c> must not 
     be specified on the command line.</p>
 
-- 
cgit v1.2.3


From f464ded0ae4a4c203a5d01755be84c3e81042e19 Mon Sep 17 00:00:00 2001
From: Magnus Henoch <magnus@erlang-solutions.com>
Date: Thu, 4 Feb 2016 14:36:09 +0000
Subject: TLS distribution: crl_check and crl_cache options

Allow specifying the crl_check and crl_cache options for TLS
distribution connections.
---
 lib/ssl/doc/src/ssl_distribution.xml | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'lib/ssl/doc')

diff --git a/lib/ssl/doc/src/ssl_distribution.xml b/lib/ssl/doc/src/ssl_distribution.xml
index db867ea74b..b2e633a814 100644
--- a/lib/ssl/doc/src/ssl_distribution.xml
+++ b/lib/ssl/doc/src/ssl_distribution.xml
@@ -197,6 +197,8 @@ Eshell V5.0  (abort with ^G)
       <item><c>cacertfile</c></item>
       <item><c>verify</c></item>
       <item><c>verify_fun</c> (write as <c>{Module, Function, InitialUserState}</c>)</item>
+      <item><c>crl_check</c></item>
+      <item><c>crl_cache</c> (write as Erlang term)</item>
       <item><c>reuse_sessions</c></item>
       <item><c>secure_renegotiate</c></item>
       <item><c>depth</c></item>
-- 
cgit v1.2.3