| xf.li | bfc6e71 | 2025-02-07 01:54:34 -0800 | [diff] [blame^] | 1 | =pod |
| 2 | |
| 3 | =head1 NAME |
| 4 | |
| 5 | SSL_clear - reset SSL object to allow another connection |
| 6 | |
| 7 | =head1 SYNOPSIS |
| 8 | |
| 9 | #include <openssl/ssl.h> |
| 10 | |
| 11 | int SSL_clear(SSL *ssl); |
| 12 | |
| 13 | =head1 DESCRIPTION |
| 14 | |
| 15 | Reset B<ssl> to allow another connection. All settings (method, ciphers, |
| 16 | BIOs) are kept. |
| 17 | |
| 18 | =head1 NOTES |
| 19 | |
| 20 | SSL_clear is used to prepare an SSL object for a new connection. While all |
| 21 | settings are kept, a side effect is the handling of the current SSL session. |
| 22 | If a session is still B<open>, it is considered bad and will be removed |
| 23 | from the session cache, as required by RFC2246. A session is considered open, |
| 24 | if L<SSL_shutdown(3)> was not called for the connection |
| 25 | or at least L<SSL_set_shutdown(3)> was used to |
| 26 | set the SSL_SENT_SHUTDOWN state. |
| 27 | |
| 28 | If a session was closed cleanly, the session object will be kept and all |
| 29 | settings corresponding. This explicitly means, that e.g. the special method |
| 30 | used during the session will be kept for the next handshake. So if the |
| 31 | session was a TLSv1 session, a SSL client object will use a TLSv1 client |
| 32 | method for the next handshake and a SSL server object will use a TLSv1 |
| 33 | server method, even if TLS_*_methods were chosen on startup. This |
| 34 | will might lead to connection failures (see L<SSL_new(3)>) |
| 35 | for a description of the method's properties. |
| 36 | |
| 37 | =head1 WARNINGS |
| 38 | |
| 39 | SSL_clear() resets the SSL object to allow for another connection. The |
| 40 | reset operation however keeps several settings of the last sessions |
| 41 | (some of these settings were made automatically during the last |
| 42 | handshake). It only makes sense for a new connection with the exact |
| 43 | same peer that shares these settings, and may fail if that peer |
| 44 | changes its settings between connections. Use the sequence |
| 45 | L<SSL_get_session(3)>; |
| 46 | L<SSL_new(3)>; |
| 47 | L<SSL_set_session(3)>; |
| 48 | L<SSL_free(3)> |
| 49 | instead to avoid such failures |
| 50 | (or simply L<SSL_free(3)>; L<SSL_new(3)> |
| 51 | if session reuse is not desired). |
| 52 | |
| 53 | =head1 RETURN VALUES |
| 54 | |
| 55 | The following return values can occur: |
| 56 | |
| 57 | =over 4 |
| 58 | |
| 59 | =item Z<>0 |
| 60 | |
| 61 | The SSL_clear() operation could not be performed. Check the error stack to |
| 62 | find out the reason. |
| 63 | |
| 64 | =item Z<>1 |
| 65 | |
| 66 | The SSL_clear() operation was successful. |
| 67 | |
| 68 | =back |
| 69 | |
| 70 | L<SSL_new(3)>, L<SSL_free(3)>, |
| 71 | L<SSL_shutdown(3)>, L<SSL_set_shutdown(3)>, |
| 72 | L<SSL_CTX_set_options(3)>, L<ssl(7)>, |
| 73 | L<SSL_CTX_set_client_cert_cb(3)> |
| 74 | |
| 75 | =head1 COPYRIGHT |
| 76 | |
| 77 | Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. |
| 78 | |
| 79 | Licensed under the OpenSSL license (the "License"). You may not use |
| 80 | this file except in compliance with the License. You can obtain a copy |
| 81 | in the file LICENSE in the source distribution or at |
| 82 | L<https://www.openssl.org/source/license.html>. |
| 83 | |
| 84 | =cut |