144 lines
4.8 KiB
Groff
144 lines
4.8 KiB
Groff
.\" $OpenBSD: SSL_clear.3,v 1.5 2021/06/11 19:41:39 jmc Exp $
|
|
.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
|
|
.\"
|
|
.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
|
|
.\" Copyright (c) 2000, 2001, 2002, 2011, 2015 The OpenSSL Project.
|
|
.\" All rights reserved.
|
|
.\"
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
.\" modification, are permitted provided that the following conditions
|
|
.\" are met:
|
|
.\"
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer.
|
|
.\"
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer in
|
|
.\" the documentation and/or other materials provided with the
|
|
.\" distribution.
|
|
.\"
|
|
.\" 3. All advertising materials mentioning features or use of this
|
|
.\" software must display the following acknowledgment:
|
|
.\" "This product includes software developed by the OpenSSL Project
|
|
.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
|
|
.\"
|
|
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
|
.\" endorse or promote products derived from this software without
|
|
.\" prior written permission. For written permission, please contact
|
|
.\" openssl-core@openssl.org.
|
|
.\"
|
|
.\" 5. Products derived from this software may not be called "OpenSSL"
|
|
.\" nor may "OpenSSL" appear in their names without prior written
|
|
.\" permission of the OpenSSL Project.
|
|
.\"
|
|
.\" 6. Redistributions of any form whatsoever must retain the following
|
|
.\" acknowledgment:
|
|
.\" "This product includes software developed by the OpenSSL Project
|
|
.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)"
|
|
.\"
|
|
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
|
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
|
.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
|
|
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
|
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
|
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
|
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
|
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
|
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
.\"
|
|
.Dd $Mdocdate: June 11 2021 $
|
|
.Dt SSL_CLEAR 3
|
|
.Os
|
|
.Sh NAME
|
|
.Nm SSL_clear
|
|
.Nd reset SSL object to allow another connection
|
|
.Sh SYNOPSIS
|
|
.In openssl/ssl.h
|
|
.Ft int
|
|
.Fn SSL_clear "SSL *ssl"
|
|
.Sh DESCRIPTION
|
|
Reset
|
|
.Fa ssl
|
|
to allow another connection.
|
|
All settings (method, ciphers, BIOs) are kept.
|
|
.Pp
|
|
.Fn SSL_clear
|
|
is used to prepare an
|
|
.Vt SSL
|
|
object for a new connection.
|
|
While all settings are kept,
|
|
a side effect is the handling of the current SSL session.
|
|
If a session is still
|
|
.Em open ,
|
|
it is considered bad and will be removed from the session cache,
|
|
as required by RFC 2246.
|
|
A session is considered open if
|
|
.Xr SSL_shutdown 3
|
|
was not called for the connection or at least
|
|
.Xr SSL_set_shutdown 3
|
|
was used to
|
|
set the
|
|
.Dv SSL_SENT_SHUTDOWN
|
|
state.
|
|
.Pp
|
|
If a session was closed cleanly,
|
|
the session object will be kept and all settings corresponding.
|
|
This explicitly means that for example the special method used during the
|
|
session will be kept for the next handshake.
|
|
So if the session was a TLSv1 session, a
|
|
.Vt SSL
|
|
client object will use a TLSv1 client method for the next handshake and a
|
|
.Vt SSL
|
|
server object will use a TLSv1 server method, even if
|
|
.Fn TLS_*_method Ns s
|
|
were chosen on startup.
|
|
This might lead to connection failures (see
|
|
.Xr SSL_new 3 )
|
|
for a description of the method's properties.
|
|
.Sh RETURN VALUES
|
|
The following return values can occur:
|
|
.Bl -tag -width Ds
|
|
.It 0
|
|
The
|
|
.Fn SSL_clear
|
|
operation could not be performed.
|
|
Check the error stack to find out the reason.
|
|
.It 1
|
|
The
|
|
.Fn SSL_clear
|
|
operation was successful.
|
|
.El
|
|
.Sh SEE ALSO
|
|
.Xr ssl 3 ,
|
|
.Xr SSL_CTX_set_client_cert_cb 3 ,
|
|
.Xr SSL_CTX_set_options 3 ,
|
|
.Xr SSL_free 3 ,
|
|
.Xr SSL_new 3 ,
|
|
.Xr SSL_set_shutdown 3 ,
|
|
.Xr SSL_shutdown 3
|
|
.Sh HISTORY
|
|
.Fn SSL_clear
|
|
first appeared in SSLeay 0.4.5b and has been available since
|
|
.Ox 2.4 .
|
|
.Sh CAVEATS
|
|
.Fn SSL_clear
|
|
resets the
|
|
.Vt SSL
|
|
object to allow for another connection.
|
|
The reset operation however keeps several settings of the last sessions
|
|
(some of these settings were made automatically during the last handshake).
|
|
It only makes sense for a new connection with the exact same peer that shares
|
|
these settings,
|
|
and may fail if that peer changes its settings between connections.
|
|
Use the sequence
|
|
.Xr SSL_get_session 3 ;
|
|
.Xr SSL_new 3 ;
|
|
.Xr SSL_set_session 3 ;
|
|
.Xr SSL_free 3
|
|
instead to avoid such failures (or simply
|
|
.Xr SSL_free 3 ;
|
|
.Xr SSL_new 3
|
|
if session reuse is not desired).
|