More interdependencies with respect to shutdown behaviour.
This commit is contained in:
		| @@ -83,9 +83,18 @@ bytes actually read from the TLS/SSL connection. | |||||||
|  |  | ||||||
| =item 0 | =item 0 | ||||||
|  |  | ||||||
| The read operation was not successful, probably because no data was | The read operation was not successful, the SSL connection was closed by the | ||||||
| available. Call SSL_get_error() with the return value B<ret> to find out, | peer by sending a "close notify" alert. The SSL_RECEIVED_SHUTDOWN flag in | ||||||
| whether an error occurred. | the ssl shutdown state is set (see L<SSL_shutdown(3)|SSL_shutdown(3)>, | ||||||
|  | L<SSL_set_shutdown(3)|SSL_set_shutdown(3)>). | ||||||
|  | Call SSL_get_error() with the return value B<ret> to find out, | ||||||
|  | whether an error occurred or the connection was shut down cleanly | ||||||
|  | (SSL_ERROR_ZERO_RETURN). | ||||||
|  |  | ||||||
|  | SSLv2 (deprecated) does not support a shutdown alert protocol, so it can | ||||||
|  | only be detected, whether the underlying connection was closed. It cannot | ||||||
|  | be checked, whether the closure was initiated by the peer or by something | ||||||
|  | else. | ||||||
|  |  | ||||||
| =item E<lt>0 | =item E<lt>0 | ||||||
|  |  | ||||||
| @@ -101,6 +110,7 @@ L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_write(3)|SSL_write(3)>, | |||||||
| L<SSL_CTX_set_mode(3)|SSL_CTX_set_mode(3)>, L<SSL_CTX_new(3)|SSL_CTX_new(3)>, | L<SSL_CTX_set_mode(3)|SSL_CTX_set_mode(3)>, L<SSL_CTX_new(3)|SSL_CTX_new(3)>, | ||||||
| L<SSL_connect(3)|SSL_connect(3)>, L<SSL_accept(3)|SSL_accept(3)> | L<SSL_connect(3)|SSL_connect(3)>, L<SSL_accept(3)|SSL_accept(3)> | ||||||
| L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>, | L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>, | ||||||
|  | L<SSL_shutdown(3)|SSL_shutdown(3)>, L<SSL_set_shutdown(3)|SSL_set_shutdown(3)>, | ||||||
| L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)> | L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)> | ||||||
|  |  | ||||||
| =cut | =cut | ||||||
|   | |||||||
| @@ -46,7 +46,10 @@ The shutdown state of the connection is used to determine the state of | |||||||
| the ssl session. If the session is still open, when | the ssl session. If the session is still open, when | ||||||
| L<SSL_clear(3)|SSL_clear(3)> or L<SSL_free(3)|SSL_free(3)> is called, | L<SSL_clear(3)|SSL_clear(3)> or L<SSL_free(3)|SSL_free(3)> is called, | ||||||
| it is considered bad and removed according to RFC2246. | it is considered bad and removed according to RFC2246. | ||||||
| The actual condition for a correctly closed session is SSL_SENT_SHUTDOWN. | The actual condition for a correctly closed session is SSL_SENT_SHUTDOWN | ||||||
|  | (according to the TLS RFC, it is acceptable to only send the "close notify" | ||||||
|  | alert but to not wait for the peer's answer, when the underlying connection | ||||||
|  | is closed). | ||||||
| SSL_set_shutdown() can be used to set this state without sending a | SSL_set_shutdown() can be used to set this state without sending a | ||||||
| close alert to the peer (see L<SSL_shutdown(3)|SSL_shutdown(3)>). | close alert to the peer (see L<SSL_shutdown(3)|SSL_shutdown(3)>). | ||||||
|  |  | ||||||
|   | |||||||
| @@ -49,9 +49,12 @@ shutdown alert. On success, the second call to SSL_shutdown() will return | |||||||
| with 1. | with 1. | ||||||
|  |  | ||||||
| =item If the peer already sent the "close notify" alert B<and> it was | =item If the peer already sent the "close notify" alert B<and> it was | ||||||
| already processed implicitly inside another call of e.g. | already processed implicitly inside another function | ||||||
| B<SSL_read(3)|SSL_read(3)>, SSL_shutdown() will send the "close notify" | (L<SSL_read(3)|SSL_read(3)>), the SSL_RECEIVED_SHUTDOWN flag is set. | ||||||
| alert, set the SSL_SENT_SHUTDOWN flag and will immediately return with 1. | SSL_shutdown() will send the "close notify" alert, set the SSL_SENT_SHUTDOWN | ||||||
|  | flag and will immediately return with 1. | ||||||
|  | Whether SSL_RECEIVED_SHUTDOWN is already set can be checked using the | ||||||
|  | SSL_get_shutdown() (see also L<SSL_set_shutdown(3)|SSL_set_shutdown(3)> call. | ||||||
|  |  | ||||||
| =back | =back | ||||||
|  |  | ||||||
|   | |||||||
| @@ -78,8 +78,18 @@ bytes actually written to the TLS/SSL connection. | |||||||
|  |  | ||||||
| =item 0 | =item 0 | ||||||
|  |  | ||||||
| The write operation was not successful. Call SSL_get_error() with the return | The write operation was not successful, because the write side of the | ||||||
| value B<ret> to find out, whether an error occurred. | SSL connection was shut down (the SSL_SENT_SHUTDOWN flag in the shutdown | ||||||
|  | state is set) by calling L<SSL_shutdown(3)|SSL_shutdown(3)> or | ||||||
|  | L<SSL_set_shutdown(3)|SSL_set_shutdown(3)>. It is also possible, that the | ||||||
|  | underlying connection was closed. | ||||||
|  | Call SSL_get_error() with the return value B<ret> to find out, | ||||||
|  | whether an error occurred or the connection was shut down cleanly | ||||||
|  | (SSL_ERROR_ZERO_RETURN). | ||||||
|  |  | ||||||
|  | SSLv2 (deprecated) does not support a shutdown alert protocol, so it can | ||||||
|  | only be detected, whether the underlying connection was closed. It cannot | ||||||
|  | be checked, why the closure happened. | ||||||
|  |  | ||||||
| =item E<lt>0 | =item E<lt>0 | ||||||
|  |  | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user
	 Lutz Jänicke
					Lutz Jänicke