From f0dbde23b539999add8754ec84541698419fc8b5 Mon Sep 17 00:00:00 2001
From: Dan Gudmundsson
Date: Tue, 20 Apr 2010 12:00:00 +0200
Subject: public_key, ssl: Patch 1112
OTP-7046 Support for Diffie-Hellman. ssl-3.11 requires public_key-0.6.
OTP-8553 Moved extended key usage test for ssl values to ssl.
OTP-8557 Fixes handling of the option fail_if_no_peer_cert and some
undocumented options. Thanks to Rory Byrne.
OTP-7046 Support for Diffie-Hellman. ssl-3.11 requires public_key-0.6.
OTP-8517 New ssl now properly handles ssl renegotiation, and initiates
a renegotiation if ssl/ltls-sequence numbers comes close
to the max value. However RFC-5746 is not yet supported,
but will be in an upcoming release.
OTP-8545 When gen_tcp is configured with the {packet,http} option,
it automatically switches to expect HTTP Headers after a
HTTP Request/Response line has been received. This update
fixes ssl to behave in the same way. Thanks to Rory Byrne.
OTP-8554 Ssl now correctly verifies the extended_key_usage extension
and also allows the user to verify application specific
extensions by supplying an appropriate fun.
OTP-8560 Fixed ssl:transport_accept/2 to return properly when socket
is closed. Thanks to Rory Byrne.
---
lib/ssl/doc/src/new_ssl.xml | 25 ++++++++++++++++---
lib/ssl/doc/src/notes.xml | 61 +++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 82 insertions(+), 4 deletions(-)
(limited to 'lib/ssl/doc')
diff --git a/lib/ssl/doc/src/new_ssl.xml b/lib/ssl/doc/src/new_ssl.xml
index b642280096..08868a1b3c 100644
--- a/lib/ssl/doc/src/new_ssl.xml
+++ b/lib/ssl/doc/src/new_ssl.xml
@@ -84,8 +84,6 @@
- New API functions are
ssl:shutdown/2, ssl:cipher_suites/[0,1] and
ssl:versions/0
- - Diffie-Hellman keyexchange is
- not supported yet.
- CRL and policy certificate
extensions are not supported yet.
- Supported SSL/TLS-versions are SSL-3.0 and TLS-1.0
@@ -118,8 +116,8 @@
{fail_if_no_peer_cert, boolean()}
{depth, integer()} |
{certfile, path()} | {keyfile, path()} | {password, string()} |
- {cacertfile, path()} | {ciphers, ciphers()} | {ssl_imp, ssl_imp()}
- | {reuse_sessions, boolean()} | {reuse_session, fun()}
+ {cacertfile, path()} | {dhfile, path()} | {ciphers, ciphers()} |
+ {ssl_imp, ssl_imp()} | {reuse_sessions, boolean()} | {reuse_session, fun()}
transportoption() = {CallbackModule, DataTag, ClosedTag}
@@ -262,6 +260,12 @@ end
CA certificates (trusted certificates used for verifying a peer
certificate). May be omitted if you do not want to verify
the peer.
+
+ {dhfile, path()}
+ - Path to file containing PEM encoded Diffie Hellman parameters,
+ for the server to use if a cipher suite using Diffie Hellman key exchange
+ is negotiated. If not specified hardcode parameters will be used.
+
{ciphers, ciphers()}
- The function ciphers_suites/0 can
@@ -490,6 +494,19 @@ end
+
+ renegotiate(Socket) -> ok | {error, Reason}
+ Initiates a new handshake.
+
+ Socket = sslsocket()
+
+
Initiates a new handshake. A notable return value is
+ {error, renegotiation_rejected} indicating that the peer
+ refused to go through with the renegotiation but the connection
+ is still active using the previously negotiated session.
+
+
+
send(Socket, Data) -> ok | {error, Reason}
Write data to a socket.
diff --git a/lib/ssl/doc/src/notes.xml b/lib/ssl/doc/src/notes.xml
index 2dd11bc88e..9d13427677 100644
--- a/lib/ssl/doc/src/notes.xml
+++ b/lib/ssl/doc/src/notes.xml
@@ -30,6 +30,67 @@
This document describes the changes made to the SSL application.
+SSL 3.11
+
+ Fixed Bugs and Malfunctions
+
+ -
+
+ Fixes handling of the option fail_if_no_peer_cert and
+ some undocumented options. Thanks to Rory Byrne.
+
+ Own Id: OTP-8557
+
+
+
+
+ Improvements and New Features
+
+ -
+
+ Support for Diffie-Hellman. ssl-3.11 requires
+ public_key-0.6.
+
+ Own Id: OTP-7046
+
+ -
+
+ New ssl now properly handles ssl renegotiation, and
+ initiates a renegotiation if ssl/ltls-sequence numbers
+ comes close to the max value. However RFC-5746 is not yet
+ supported, but will be in an upcoming release.
+
+ Own Id: OTP-8517
+
+ -
+
+ When gen_tcp is configured with the {packet,http} option,
+ it automatically switches to expect HTTP Headers after a
+ HTTP Request/Response line has been received. This update
+ fixes ssl to behave in the same way. Thanks to Rory
+ Byrne.
+
+ Own Id: OTP-8545
+
+ -
+
+ Ssl now correctly verifies the extended_key_usage
+ extension and also allows the user to verify application
+ specific extensions by supplying an appropriate fun.
+
+ Own Id: OTP-8554 Aux Id: OTP-8553
+
+ -
+
+ Fixed ssl:transport_accept/2 to return properly when
+ socket is closed. Thanks to Rory Byrne.
+
+ Own Id: OTP-8560
+
+
+
+
+
SSL 3.10.9
--
cgit v1.2.3