File 2912-ssl-Remove-replace-the-name-SSL-refering-to-the-prot.patch of Package erlang
From 5ef28c78d2c31bd654f5655be877db18321d4915 Mon Sep 17 00:00:00 2001
From: Ingela Anderton Andin <ingela@erlang.org>
Date: Wed, 11 Mar 2020 15:19:01 +0100
Subject: [PATCH 2/2] ssl: Remove/replace the name SSL refering to the protocol
as SSL-3.0 support has been dropped
---
lib/ssl/doc/src/ssl.xml | 44 +++++++++++++++++------------------
lib/ssl/doc/src/ssl_crl_cache_api.xml | 4 ++--
lib/ssl/doc/src/ssl_distribution.xml | 30 ++++++++++++------------
lib/ssl/doc/src/ssl_introduction.xml | 2 +-
lib/ssl/doc/src/ssl_protocol.xml | 6 ++---
lib/ssl/doc/src/usersguide.xml | 4 ++--
lib/ssl/doc/src/using_ssl.xml | 16 ++++++-------
lib/ssl/test/ssl_api_SUITE.erl | 2 +-
8 files changed, 54 insertions(+), 54 deletions(-)
diff --git a/lib/ssl/doc/src/ssl.xml b/lib/ssl/doc/src/ssl.xml
index 994ead6844..67987376c8 100644
--- a/lib/ssl/doc/src/ssl.xml
+++ b/lib/ssl/doc/src/ssl.xml
@@ -32,7 +32,7 @@
<modulesummary>Interface Functions for Secure Socket Layer</modulesummary>
<description>
<p>
- This module contains interface functions for the SSL/TLS/DTLS protocol.
+ This module contains interface functions for the TLS/DTLS protocol.
For detailed information about the supported standards see
<seealso marker="ssl_app">ssl(6)</seealso>.
</p>
@@ -45,7 +45,7 @@
-->
<datatypes>
- <datatype_title>Types used in SSL/TLS/DTLS</datatype_title>
+ <datatype_title>Types used in TLS/DTLS</datatype_title>
<datatype>
@@ -82,7 +82,7 @@
<seealso marker="kernel:gen_tcp">gen_tcp(3)</seealso> and
<seealso marker="kernel:gen_tcp">gen_udp(3)</seealso>
manual pages in Kernel. Note that stream oriented options such as packet
- are only relevant for SSL/TLS and not DTLS</p>
+ are only relevant for TLS and not DTLS</p>
</desc>
</datatype>
@@ -1335,9 +1335,9 @@ fun(srp, Username :: string(), UserState :: term()) ->
<name name="connect" arity="2" since="OTP R14B"/>
<name name="connect" arity="3" clause_i="1" since=""/>
<fsummary>Upgrades a <c>gen_tcp</c>, or
- equivalent, connected socket to an TLS socket.</fsummary>
+ equivalent, connected socket to a TLS socket.</fsummary>
<desc><p>Upgrades a <c>gen_tcp</c>, or equivalent,
- connected socket to an TLS socket, that is, performs the
+ connected socket to a TLS socket, that is, performs the
client-side TLS handshake.</p>
<note><p>If the option <c>verify</c> is set to
@@ -1369,8 +1369,8 @@ fun(srp, Username :: string(), UserState :: term()) ->
<func>
<name since="" name="connect" arity="3" clause_i="2"/>
<name since="" name="connect" arity="4"/>
- <fsummary>Opens an TLS/DTLS connection to <c>Host</c>, <c>Port</c>.</fsummary>
- <desc><p>Opens an TLS/DTLS connection to <c>Host</c>, <c>Port</c>.</p>
+ <fsummary>Opens a TLS/DTLS connection to <c>Host</c>, <c>Port</c>.</fsummary>
+ <desc><p>Opens a TLS/DTLS connection to <c>Host</c>, <c>Port</c>.</p>
<p> When the option <c>verify</c> is set to <c>verify_peer</c> the check
<seealso marker="public_key:public_key#pkix_verify_hostname-2">public_key:pkix_verify_hostname/2</seealso>
@@ -1407,15 +1407,15 @@ fun(srp, Username :: string(), UserState :: term()) ->
<func>
<name since="" name="close" arity="1" />
- <fsummary>Closes an TLS/DTLS connection.</fsummary>
- <desc><p>Closes an TLS/DTLS connection.</p>
+ <fsummary>Closes a TLS/DTLS connection.</fsummary>
+ <desc><p>Closes a TLS/DTLS connection.</p>
</desc>
</func>
<func>
<name since="OTP 18.1" name="close" arity="2"/>
- <fsummary>Closes an TLS connection.</fsummary>
- <desc><p>Closes or downgrades an TLS connection. In the latter case the transport
+ <fsummary>Closes a TLS connection.</fsummary>
+ <desc><p>Closes or downgrades a TLS connection. In the latter case the transport
connection will be handed over to the <c>NewController</c> process after receiving
the TLS close alert from the peer. The returned transport socket will have
the following options set: <c>[{active, false}, {packet, 0}, {mode, binary}]</c></p>
@@ -1508,9 +1508,9 @@ fun(srp, Username :: string(), UserState :: term()) ->
<func>
<name since="OTP 21.0" name="handshake" arity="1" />
<name since="OTP 21.0" name="handshake" arity="2" clause_i="1" />
- <fsummary>Performs server-side SSL/TLS handshake.</fsummary>
+ <fsummary>Performs server-side TLS handshake.</fsummary>
<desc>
- <p>Performs the SSL/TLS/DTLS server-side handshake.</p>
+ <p>Performs the TLS/DTLS server-side handshake.</p>
<p>Returns a new TLS/DTLS socket if the handshake is successful.</p>
<p> If the option <c>active</c> is set to <c>once</c>, <c>true</c> or an integer value,
@@ -1523,11 +1523,11 @@ fun(srp, Username :: string(), UserState :: term()) ->
<func>
<name since="OTP 21.0" name="handshake" arity="2" clause_i="2" />
<name since="OTP 21.0" name="handshake" arity="3" />
- <fsummary>Performs server-side SSL/TLS/DTLS handshake.</fsummary>
+ <fsummary>Performs server-side TLS/DTLS handshake.</fsummary>
<desc>
<p>If <c>Socket</c> is a ordinary <c>socket()</c>: upgrades a <c>gen_tcp</c>,
or equivalent, socket to an SSL socket, that is, performs
- the SSL/TLS server-side handshake and returns a TLS socket.</p>
+ the TLS server-side handshake and returns a TLS socket.</p>
<warning><p>The <c>Socket</c> shall be in passive mode ({active,
false}) before calling this function or else the behavior of this function
@@ -1535,10 +1535,10 @@ fun(srp, Username :: string(), UserState :: term()) ->
</p></warning>
<p>If <c>Socket</c> is an
- <seealso marker="#type-sslsocket"> sslsocket() </seealso>: provides extra SSL/TLS/DTLS
+ <seealso marker="#type-sslsocket"> sslsocket() </seealso>: provides extra TLS/DTLS
options to those specified in
<seealso marker="#listen-2">listen/2 </seealso> and then performs
- the SSL/TLS/DTLS handshake. Returns a new TLS/DTLS socket if the handshake is successful.</p>
+ the TLS/DTLS handshake. Returns a new TLS/DTLS socket if the handshake is successful.</p>
<p>
If option <c>{handshake, hello}</c> is specified the handshake is
@@ -1569,9 +1569,9 @@ fun(srp, Username :: string(), UserState :: term()) ->
<func>
<name since="OTP 21.0" name="handshake_continue" arity="2" />
<name since="OTP 21.0" name="handshake_continue" arity="3" />
- <fsummary>Continue the SSL/TLS handshake.</fsummary>
+ <fsummary>Continue the TLS handshake.</fsummary>
<desc>
- <p>Continue the SSL/TLS handshake, possiby with new, additional or changed options.</p>
+ <p>Continue the TLS handshake, possiby with new, additional or changed options.</p>
</desc>
</func>
@@ -1719,7 +1719,7 @@ fun(srp, Username :: string(), UserState :: term()) ->
<func>
<name since="" name="ssl_accept" arity="1" />
<name since="" name="ssl_accept" arity="2" />
- <fsummary>Performs server-side SSL/TLS handshake.</fsummary>
+ <fsummary>Performs server-side TLS handshake.</fsummary>
<desc>
<p>Deprecated in OTP 21, use <seealso marker="#handshake-1">handshake/[1,2]</seealso> instead.</p>
<note><p>handshake/[1,2] always returns a new socket.</p></note>
@@ -1728,7 +1728,7 @@ fun(srp, Username :: string(), UserState :: term()) ->
<func>
<name since="OTP R14B" name="ssl_accept" arity="3" />
- <fsummary>Performs server-side SSL/TLS/DTLS handshake.</fsummary>
+ <fsummary>Performs server-side TLS/DTLS handshake.</fsummary>
<desc>
<p>Deprecated in OTP 21, use <seealso marker="#handshake-3">handshake/[2,3]</seealso> instead.</p>
<note><p>handshake/[2,3] always returns a new socket.</p></note>
@@ -1806,7 +1806,7 @@ fun(srp, Username :: string(), UserState :: term()) ->
The socket returned is to be passed to
<seealso marker="#handshake-2"> handshake/[2,3]</seealso>
to complete handshaking, that is,
- establishing the SSL/TLS/DTLS connection.</p>
+ establishing the TLS/DTLS connection.</p>
<warning>
<p>Most API functions require that the TLS/DTLS
connection is established to work as expected.
diff --git a/lib/ssl/doc/src/ssl_crl_cache_api.xml b/lib/ssl/doc/src/ssl_crl_cache_api.xml
index 9922cfb0e9..07309b7782 100644
--- a/lib/ssl/doc/src/ssl_crl_cache_api.xml
+++ b/lib/ssl/doc/src/ssl_crl_cache_api.xml
@@ -25,10 +25,10 @@
</header>
<module since="OTP 18.0">ssl_crl_cache_api</module>
- <modulesummary>API for a SSL/TLS CRL (Certificate Revocation List) cache.</modulesummary>
+ <modulesummary>API for a TLS CRL (Certificate Revocation List) cache.</modulesummary>
<description>
<p>
- When SSL/TLS performs certificate path validation according to
+ When TLS performs certificate path validation according to
<url href="http://www.ietf.org/rfc/rfc5280.txt">RFC 5280 </url>
it should also perform CRL validation checks. To enable the CRL
checks the application needs access to CRLs. A database of CRLs
diff --git a/lib/ssl/doc/src/ssl_distribution.xml b/lib/ssl/doc/src/ssl_distribution.xml
index 1774bd8f77..66f2855ea6 100644
--- a/lib/ssl/doc/src/ssl_distribution.xml
+++ b/lib/ssl/doc/src/ssl_distribution.xml
@@ -154,7 +154,7 @@ Eshell V5.0 (abort with ^G)
<section>
<title>Specifying Distribution Module for net_kernel</title>
- <p>The distribution module for SSL/TLS is named <c>inet_tls_dist</c>
+ <p>The distribution module for TLS is named <c>inet_tls_dist</c>
and is specified on the command line with option <c>-proto_dist</c>.
The argument to <c>-proto_dist</c> is to be the module
name without suffix <c>_dist</c>. So, this distribution
@@ -179,16 +179,16 @@ Eshell V5.0 (abort with ^G)
</section>
<section>
- <title>Specifying SSL/TLS Options</title>
+ <title>Specifying TLS Options</title>
<p>
- The SSL/TLS distribution options can be written into a file
+ The TLS distribution options can be written into a file
that is consulted when the node is started. This file name
is then specified with the command line argument
<c>-ssl_dist_optfile</c>.
</p>
<p>
- Any available SSL/TLS option can be specified in an options file,
+ Any available TLS option can be specified in an options file,
but note that options that take a <c>fun()</c> has to use
the syntax <c>fun Mod:Func/Arity</c> since a function
body cannot be compiled when consulting a file.
@@ -202,7 +202,7 @@ Eshell V5.0 (abort with ^G)
interfere severely, so beware!
</p>
<p>
- For SSL/TLS to work, at least a public key and a certificate
+ For TLS to work, at least a public key and a certificate
must be specified for the server side.
In the following example, the PEM file
<c>"/home/me/ssl/erlserver.pem"</c> contains both
@@ -263,7 +263,7 @@ $ erl -boot /home/me/ssl/start_ssl -proto_dist inet_tls
</section>
<section>
- <title>Specifying SSL/TLS Options (Legacy)</title>
+ <title>Specifying TLS Options (Legacy)</title>
<p>
As in the previous section the PEM file
@@ -272,9 +272,9 @@ $ erl -boot /home/me/ssl/start_ssl -proto_dist inet_tls
</p>
<p>On the <c>erl</c> command line you can specify options that the
- SSL/TLS distribution adds when creating a socket.</p>
+ TLS distribution adds when creating a socket.</p>
- <p>The simplest SSL/TLS options in the following list can be specified
+ <p>The simplest TLS options in the following list can be specified
by adding the
prefix <c>server_</c> or <c>client_</c> to the option name:</p>
<list type="bulleted">
@@ -294,7 +294,7 @@ $ erl -boot /home/me/ssl/start_ssl -proto_dist inet_tls
</list>
<p>Note that <c>verify_fun</c> needs to be written in a different
- form than the corresponding SSL/TLS option, since funs are not
+ form than the corresponding TLS option, since funs are not
accepted on the command line.</p>
<p>The server can also take the options <c>dhfile</c> and
@@ -307,7 +307,7 @@ $ erl -boot /home/me/ssl/start_ssl -proto_dist inet_tls
<p>Raw socket options, such as <c>packet</c> and <c>size</c> must not
be specified on the command line.</p>
- <p>The command-line argument for specifying the SSL/TLS options is named
+ <p>The command-line argument for specifying the TLS options is named
<c>-ssl_dist_opt</c> and is to be followed by pairs of
SSL options and their values. Argument <c>-ssl_dist_opt</c> can
be repeated any number of times.</p>
@@ -331,10 +331,10 @@ Eshell V5.0 (abort with ^G)
</section>
<section>
- <title>Setting up Environment to Always Use SSL/TLS (Legacy)</title>
+ <title>Setting up Environment to Always Use TLS (Legacy)</title>
<p>A convenient way to specify arguments to Erlang is to use environment
variable <c>ERL_FLAGS</c>. All the flags needed to
- use the SSL/TLS distribution can be specified in that variable and are
+ use the TLS distribution can be specified in that variable and are
then interpreted as command-line arguments for all
subsequent invocations of Erlang.</p>
@@ -365,8 +365,8 @@ Eshell V5.0 (abort with ^G)
</section>
<section>
- <title>Using SSL/TLS distribution over IPv6</title>
- <p>It is possible to use SSL/TLS distribution over IPv6 instead of
+ <title>Using TLS distribution over IPv6</title>
+ <p>It is possible to use TLS distribution over IPv6 instead of
IPv4. To do this, pass the option <c>-proto_dist inet6_tls</c>
instead of <c>-proto_dist inet_tls</c> when starting Erlang,
either on the command line or in the <c>ERL_FLAGS</c> environment
@@ -380,6 +380,6 @@ $ erl -boot /home/me/ssl/start_ssl -proto_dist inet6_tls
</code>
<p>A node started in this way will only be able to communicate with
- other nodes using SSL/TLS distribution over IPv6.</p>
+ other nodes using TLS distribution over IPv6.</p>
</section>
</chapter>
diff --git a/lib/ssl/doc/src/ssl_introduction.xml b/lib/ssl/doc/src/ssl_introduction.xml
index adcfb091b7..d37cd9bbf9 100644
--- a/lib/ssl/doc/src/ssl_introduction.xml
+++ b/lib/ssl/doc/src/ssl_introduction.xml
@@ -49,7 +49,7 @@
<title>Prerequisites</title>
<p>It is assumed that the reader is familiar with the Erlang
programming language, the concepts of OTP, and has a basic
- understanding of SSL/TLS/DTLS.</p>
+ understanding of TLS/DTLS.</p>
</section>
</chapter>
diff --git a/lib/ssl/doc/src/ssl_protocol.xml b/lib/ssl/doc/src/ssl_protocol.xml
index 3ab836443f..faad8b0702 100644
--- a/lib/ssl/doc/src/ssl_protocol.xml
+++ b/lib/ssl/doc/src/ssl_protocol.xml
@@ -33,12 +33,12 @@
<file>ssl_protocol.xml</file>
</header>
- <p>The Erlang SSL application implements the SSL/TLS/DTLS protocol
+ <p>The Erlang SSL application implements the TLS/DTLS protocol
for the currently supported versions, see the
<seealso marker="ssl">ssl(3)</seealso> manual page.
</p>
- <p>By default SSL/TLS is run over the TCP/IP protocol even
+ <p>By default TLS is run over the TCP/IP protocol even
though you can plug in any other reliable transport protocol
with the same Application Programming Interface (API) as the
<c>gen_tcp</c> module in Kernel. DTLS is by default run over UDP/IP,
@@ -46,7 +46,7 @@
transports, such as SCTP, may be supported in future releases.</p>
<p>If a client and a server wants to use an upgrade mechanism, such as
- defined by RFC 2817, to upgrade a regular TCP/IP connection to an TLS
+ defined by RFC 2817, to upgrade a regular TCP/IP connection to a TLS
connection, this is supported by the Erlang SSL application API. This can be
useful for, for example, supporting HTTP and HTTPS on the same port and
implementing virtual hosting. Note this is a TLS feature only.
diff --git a/lib/ssl/doc/src/usersguide.xml b/lib/ssl/doc/src/usersguide.xml
index b22b2456e4..f60425a041 100644
--- a/lib/ssl/doc/src/usersguide.xml
+++ b/lib/ssl/doc/src/usersguide.xml
@@ -30,8 +30,8 @@
<file>usersguide.sgml</file>
</header>
<description>
- <p>The Secure Socket Layer (SSL) application provides secure communication over
- sockets.
+ <p>The SSL application implements Transport Layer Security (TLS), formerly known as the Secure Socket Layer (SSL), that is
+ it provides secure communication over sockets.
</p>
</description>
<xi:include href="ssl_introduction.xml"/>
diff --git a/lib/ssl/doc/src/using_ssl.xml b/lib/ssl/doc/src/using_ssl.xml
index 411f3461f9..3b42dcda70 100644
--- a/lib/ssl/doc/src/using_ssl.xml
+++ b/lib/ssl/doc/src/using_ssl.xml
@@ -51,7 +51,7 @@
<section>
<title>Minimal Example</title>
- <note><p> The minimal setup is not the most secure setup of SSL/TLS/DTLS.</p>
+ <note><p> The minimal setup is not the most secure setup of TLS/DTLS.</p>
</note>
<p>To set up client/server connections:</p>
@@ -60,7 +60,7 @@
<code type="erl">1 server> ssl:start().
ok</code>
- <p><em>Step 2:</em> Create an TLS listen socket: (To run DTLS add the option {protocol, dtls})</p>
+ <p><em>Step 2:</em> Create a TLS listen socket: (To run DTLS add the option {protocol, dtls})</p>
<code type="erl">2 server> {ok, ListenSocket} =
ssl:listen(9999, [{certfile, "cert.pem"}, {keyfile, "key.pem"},{reuseaddr, true}]).
{ok,{sslsocket, [...]}}</code>
@@ -94,12 +94,12 @@ ok</code>
<section>
<title>Upgrade Example - TLS only </title>
- <note><p>To upgrade a TCP/IP connection to an SSL connection, the
+ <note><p>To upgrade a TCP/IP connection to a TLS connection, the
client and server must agree to do so. The agreement
can be accomplished by using a protocol, for example, the one used by HTTP
specified in RFC 2817.</p></note>
- <p>To upgrade to an SSL connection:</p>
+ <p>To upgrade to a TLS connection:</p>
<p><em>Step 1:</em> Start the server side:</p>
<code type="erl">1 server> ssl:start().
@@ -120,8 +120,8 @@ ok</code>
<code type="erl">2 client> {ok, Socket} = gen_tcp:connect("localhost", 9999, [], infinity).</code>
<p><em>Step 5:</em> Ensure <c>active</c> is set to <c>false</c> before trying
- to upgrade a connection to an SSL connection, otherwise
- SSL handshake messages can be delivered to the wrong process:</p>
+ to upgrade a connection to a TLS connection, otherwise
+ TLS handshake messages can be delivered to the wrong process:</p>
<code type="erl">4 server> inet:setopts(Socket, [{active, false}]).
ok</code>
@@ -130,7 +130,7 @@ ok</code>
{certfile, "cert.pem"}, {keyfile, "key.pem"}]).
{ok,{sslsocket,[...]}}</code>
- <p><em>Step 7:</em> Upgrade to an TLS connection. The client and server
+ <p><em>Step 7:</em> Upgrade to a TLS connection. The client and server
must agree upon the upgrade. The server must call
<c>ssl:handshake/2</c> before the client calls <c>ssl:connect/3.</c></p>
<code type="erl">3 client>{ok, TLSSocket} = ssl:connect(Socket, [{cacertfile, "cacerts.pem"},
@@ -156,7 +156,7 @@ ok</code>
<section>
<title>Customizing cipher suites</title>
- <p>Fetch default cipher suite list for an TLS/DTLS version. Change default
+ <p>Fetch default cipher suite list for a TLS/DTLS version. Change default
to all to get all possible cipher suites.</p>
<code type="erl">1> Default = ssl:cipher_suites(default, 'tlsv1.2').
[#{cipher => aes_256_gcm,key_exchange => ecdhe_ecdsa,
diff --git a/lib/ssl/test/ssl_api_SUITE.erl b/lib/ssl/test/ssl_api_SUITE.erl
index f39d7d02a0..b656f38644 100644
--- a/lib/ssl/test/ssl_api_SUITE.erl
+++ b/lib/ssl/test/ssl_api_SUITE.erl
@@ -1832,7 +1832,7 @@ honor_server_cipher_order_tls13(Config) when is_list(Config) ->
prf => sha256}).
%%--------------------------------------------------------------------
getstat() ->
- [{doc, "Test that you use ssl:getstat on an TLS socket"}].
+ [{doc, "Test that you use ssl:getstat on a TLS socket"}].
getstat(Config) when is_list(Config) ->
ServerOpts = ssl_test_lib:ssl_options(server_rsa_opts, Config),
--
2.16.4
