From 0f2d15c95f98e7b271111c9311210a808c624adb Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Fri, 8 May 2015 15:57:15 +0200 Subject: public_key, ssl: Align public_key and ssl doc Make sure that links from ssl to public_key work. OTP-12670 - Ignoring 1.2 extension in 1.0 or TLS-1.1 solved by 5edda23ee854038c9d4bcddd0d676ee0ffd20da5 is mentioned here to make the release scripts happy, as the branch solving this accidently had a name ending 1267 instead of 12670 --- lib/ssl/doc/src/ssl.xml | 8 ++++---- lib/ssl/doc/src/ssl_crl_cache_api.xml | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) (limited to 'lib/ssl') diff --git a/lib/ssl/doc/src/ssl.xml b/lib/ssl/doc/src/ssl.xml index cdf6870c25..46dc93e343 100644 --- a/lib/ssl/doc/src/ssl.xml +++ b/lib/ssl/doc/src/ssl.xml @@ -268,7 +268,7 @@ atom()}} | application. It differentiates between the peer certificate and the CA certificates by using valid_peer or valid as second argument to the verification fun. See the - public_key User's + public_key User's Guide for definition of #'OTPCertificate'{} and #'Extension'{}.

@@ -364,10 +364,10 @@ marker="public_key:public_key#pkix_path_validation-3">public_key:pkix_path_valid empty argument list. The following arguments may be specified for the internal cache.

{http, timeout()} - +

Enables fetching of CRLs specified as http URIs in X509 cerificate extensions. - Requires the OTP inets application. + marker="public_key:public_key_records"> X509 cerificate extensions. + Requires the OTP inets application.

 diff --git a/lib/ssl/doc/src/ssl_crl_cache_api.xml b/lib/ssl/doc/src/ssl_crl_cache_api.xml index 1d9353a2cc..90aa895aff 100644 --- a/lib/ssl/doc/src/ssl_crl_cache_api.xml +++ b/lib/ssl/doc/src/ssl_crl_cache_api.xml @@ -50,8 +50,8 @@ cache_ref() = opaque() dist_point() - = #'DistributionPoint'{} see X509 certificates records +

= #'DistributionPoint'{} see X509 certificates records

 -- cgit v1.2.3 From be5abeec807ab642881898033a3d23503ec91ce3 Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Mon, 11 May 2015 16:54:05 +0200 Subject: ssl: Align "=" sign in type declarations to decided policy --- lib/ssl/doc/src/ssl.xml | 124 ++++++++++++++++++++++++------------------------ 1 file changed, 63 insertions(+), 61 deletions(-) (limited to 'lib/ssl') diff --git a/lib/ssl/doc/src/ssl.xml b/lib/ssl/doc/src/ssl.xml index 46dc93e343..c4651d051c 100644 --- a/lib/ssl/doc/src/ssl.xml +++ b/lib/ssl/doc/src/ssl.xml @@ -67,15 +67,15 @@ - boolean() -

= true | false

 + boolean() = +

true | false

 - option() -

= socketoption() | ssloption() | transportoption()

+ option() = +

socketoption() | ssloption() | transportoption()

 - socketoption() -

= proplists:property()

+ socketoption() = +

proplists:property()

The default socket options are [{mode,list},{packet, 0},{header, 0},{active, true}].

For valid options, see the @@ -83,32 +83,34 @@ gen_tcp(3) manual pages in Kernel.

 - ssloption() -

= {verify, verify_type()}

-

| {verify_fun, {fun(), term()}}

-

| {fail_if_no_peer_cert, boolean()} {depth, integer()}

-

| {cert, public_key:der_encoded()}

-

| {certfile, path()}

-

| {key, {'RSAPrivateKey'| 'DSAPrivateKey' | 'ECPrivateKey' - | 'PrivateKeyInfo', public_key:der_encoded()}}

-

| {keyfile, path()}

-

| {password, string()}

-

| {cacerts, [public_key:der_encoded()]}

-

| {cacertfile, path()}

-

| {dh, public_key:der_encoded()}

-

| {dhfile, path()}

-

| {ciphers, ciphers()}

-

| {user_lookup_fun, {fun(), term()}}, {psk_identity, string()}, - {srp_identity, {string(), string()}}

-

| {reuse_sessions, boolean()}

-

| {reuse_session, fun()} {next_protocols_advertised, [binary()]}

-

| {client_preferred_next_protocols, {client | server, - [binary()]} | {client | server, [binary()], binary()}}

-

| {log_alert, boolean()}

-

| {server_name_indication, hostname() | disable}

 - - transportoption() -

= {cb_info, {CallbackModule::atom(), DataTag::atom(), + ssloption() = + +

{verify, verify_type()}

+

| {verify_fun, {fun(), term()}}

+

| {fail_if_no_peer_cert, boolean()} {depth, integer()}

+

| {cert, public_key:der_encoded()}

+

| {certfile, path()}

+

| {key, {'RSAPrivateKey'| 'DSAPrivateKey' | 'ECPrivateKey' + | 'PrivateKeyInfo', public_key:der_encoded()}}

+

| {keyfile, path()}

+

| {password, string()}

+

| {cacerts, [public_key:der_encoded()]}

+

| {cacertfile, path()}

+

| {dh, public_key:der_encoded()}

+

| {dhfile, path()}

+

| {ciphers, ciphers()}

+

| {user_lookup_fun, {fun(), term()}}, {psk_identity, string()}, + {srp_identity, {string(), string()}}

+

| {reuse_sessions, boolean()}

+

| {reuse_session, fun()} {next_protocols_advertised, [binary()]}

+

| {client_preferred_next_protocols, {client | server, + [binary()]} | {client | server, [binary()], binary()}}

+

| {log_alert, boolean()}

+

| {server_name_indication, hostname() | disable}

+ + + transportoption() = +

{cb_info, {CallbackModule::atom(), DataTag::atom(), ClosedTag::atom(), ErrTag:atom()}}

Defaults to {gen_tcp, tcp, tcp_closed, tcp_error}. Can be used to customize the transport layer. The callback module must implement a @@ -129,57 +131,57 @@ - verify_type() -

= verify_none | verify_peer

 + verify_type() = +

verify_none | verify_peer

 - path() -

= string()

+ path() = +

string()

Represents a file path.

 - public_key:der_encoded() -

= binary()

+ public_key:der_encoded() = +

binary()

ASN.1 DER-encoded entity as an Erlang binary.

 - host() -

= hostname() | ipaddress()

 + host() = +

hostname() | ipaddress()

 - hostname() -

= string()

 + hostname() = +

string()

 - ip_address() -

= {N1,N2,N3,N4} % IPv4 | {K1,K2,K3,K4,K5,K6,K7,K8} % IPv6 + ip_address() = +

{N1,N2,N3,N4} % IPv4 | {K1,K2,K3,K4,K5,K6,K7,K8} % IPv6

- sslsocket() -

Opaque to the user.

 + sslsocket() = +

opaque()

 - protocol() -

= sslv3 | tlsv1 | 'tlsv1.1' | 'tlsv1.2'

 + protocol() = +

sslv3 | tlsv1 | 'tlsv1.1' | 'tlsv1.2'

 - ciphers() + ciphers() =

= [ciphersuite()] | string()

According to old API.

 - ciphersuite() -

= {key_exchange(), cipher(), hash()}

 + ciphersuite() = +

{key_exchange(), cipher(), hash()}

 - key_exchange() -

= rsa | dhe_dss | dhe_rsa | dh_anon | psk | dhe_psk + key_exchange()= +

rsa | dhe_dss | dhe_rsa | dh_anon | psk | dhe_psk | rsa_psk | srp_anon | srp_dss | srp_rsa | ecdh_anon | ecdh_ecdsa | ecdhe_ecdsa | ecdh_rsa | ecdhe_rsa

 - cipher() -

= rc4_128 | des_cbc | '3des_ede_cbc' + cipher() = +

rc4_128 | des_cbc | '3des_ede_cbc' | aes_128_cbc | aes_256_cbc | aes_128_gcm | aes_256_gcm

 - hash() -

= md5 | sha

 + hash() = +

md5 | sha

 - prf_random() -

= client_random | server_random

 + prf_random() = +

client_random | server_random

 - srp_param_type() -

= srp_1024 | srp_1536 | srp_2048 | srp_3072 + srp_param_type() = +

srp_1024 | srp_1536 | srp_2048 | srp_3072 | srp_4096 | srp_6144 | srp_8192

 -- cgit v1.2.3