From cc371d0ded3c705cdbca904e0b452fdf0a500514 Mon Sep 17 00:00:00 2001
From: Ingela Anderton Andin <ingela@erlang.org>
Date: Mon, 24 Feb 2014 11:22:03 +0100
Subject: ssl: Improved documentation of the cacertfile option

---
 lib/ssl/doc/src/ssl.xml | 28 +++++++++++++++++++---------
 1 file changed, 19 insertions(+), 9 deletions(-)

(limited to 'lib')

diff --git a/lib/ssl/doc/src/ssl.xml b/lib/ssl/doc/src/ssl.xml
index 910dca3889..4bc1a9a644 100644
--- a/lib/ssl/doc/src/ssl.xml
+++ b/lib/ssl/doc/src/ssl.xml
@@ -4,7 +4,7 @@
 <erlref>
   <header>
     <copyright>
-      <year>1999</year><year>2013</year>
+      <year>1999</year><year>2014</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -184,12 +184,6 @@
       <item> The DER encoded trusted certificates. If this option
       is supplied it will override the cacertfile option.</item>
 
-      <tag>{cacertfile, path()}</tag>
-      <item>Path to file containing PEM encoded
-      CA certificates (trusted certificates used for verifying a peer
-      certificate). May be omitted if you do not want to verify
-      the peer.</item>
-
       <tag>{ciphers, ciphers()}</tag>
       <item>The cipher suites that should be supported. The function
       <c>cipher_suites/0</c> can be used to find all ciphers that are
@@ -354,7 +348,13 @@ fun(srp, Username :: string(), UserState :: term()) ->
       <item>Specifies if client should try to reuse sessions
       when possible.
       </item>
-
+      
+      <tag>{cacertfile, path()}</tag>
+      <item>The path to a file containing PEM encoded CA certificates. The CA 
+      certificates are used during server authentication and when building the
+      client certificate chain.
+     </item>
+  
       <tag>{client_preferred_next_protocols, {Precedence :: server | client, ClientPrefs :: [binary()]}}</tag>
       <tag>{client_preferred_next_protocols, {Precedence :: server | client, ClientPrefs :: [binary()], Default :: binary()}}</tag>
 	   <item>
@@ -403,7 +403,17 @@ fun(srp, Username :: string(), UserState :: term()) ->
     meaning in the server than in the client.</p>
 
     <taglist>
-
+      
+      <tag>{cacertfile, path()}</tag>
+      <item>The path to a file containing PEM encoded CA
+      certificates. The CA certificates are used to build the server
+      certificate chain, and for client authentication.  Also the CAs
+      are used in the list of acceptable client CAs passed to the
+      client when a certificate is requested. May be omitted if there
+      is no need to verify the client and if there are not any
+      intermediate CAs for the server certificate.
+      </item>
+  
       <tag>{dh, der_encoded()}</tag>
       <item>The DER encoded Diffie Hellman parameters. If this option
       is supplied it will override the dhfile option.
-- 
cgit v1.2.3