Fix wrong information about SSL_set_connect_state().
This commit is contained in:
Lutz Jänicke
parent
c6719ffb77
commit
b1a810571c
6 changed files with 20 additions and 30 deletions
|
|
@ -59,10 +59,6 @@ choice when compatibility is a concern.
|
|||
|
||||
=back
|
||||
|
||||
If a generic method is used, it is necessary to explicitly set client or
|
||||
server mode with L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>
|
||||
or SSL_set_accept_state().
|
||||
|
||||
The list of protocols available can later be limited using the SSL_OP_NO_SSLv2,
|
||||
SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1 options of the B<SSL_CTX_set_options()> or
|
||||
B<SSL_set_options()> functions. Using these options it is possible to choose
|
||||
|
|
|
|||
|
|
@ -37,11 +37,6 @@ nothing is to be done, but select() can be used to check for the required
|
|||
condition. When using a buffering BIO, like a BIO pair, data must be written
|
||||
into or retrieved out of the BIO before being able to continue.
|
||||
|
||||
When using a generic method (see L<SSL_CTX_new(3)|SSL_CTX_new(3)>), it
|
||||
is necessary to call SSL_set_accept_state()
|
||||
before calling SSL_accept() to explicitly switch the B<ssl> to server
|
||||
mode.
|
||||
|
||||
=head1 RETURN VALUES
|
||||
|
||||
The following return values can occur:
|
||||
|
|
|
|||
|
|
@ -34,11 +34,6 @@ nothing is to be done, but select() can be used to check for the required
|
|||
condition. When using a buffering BIO, like a BIO pair, data must be written
|
||||
into or retrieved out of the BIO before being able to continue.
|
||||
|
||||
When using a generic method (see L<SSL_CTX_new(3)|SSL_CTX_new(3)>), it
|
||||
is necessary to call L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>
|
||||
before calling SSL_connect() to explicitly switch the B<ssl> to client
|
||||
mode.
|
||||
|
||||
=head1 RETURN VALUES
|
||||
|
||||
The following return values can occur:
|
||||
|
|
|
|||
|
|
@ -25,11 +25,10 @@ the SSL_read() operation. The behaviour of SSL_read() depends on the
|
|||
underlying BIO.
|
||||
|
||||
For the transparent negotiation to succeed, the B<ssl> must have been
|
||||
initialized to client or server mode. This is not the case if a generic
|
||||
method is being used (see L<SSL_CTX_new(3)|SSL_CTX_new(3)>, so that
|
||||
initialized to client or server mode. This is being done by calling
|
||||
L<SSL_set_connect_state(3)|SSL_set_connect_state(3)> or SSL_set_accept_state()
|
||||
must be used before the first call to an SSL_read() or
|
||||
L<SSL_write(3)|SSL_write(3)> function).
|
||||
before the first call to an SSL_read() or L<SSL_write(3)|SSL_write(3)>
|
||||
function.
|
||||
|
||||
SSL_read() works based on the SSL/TLS records. The data are received in
|
||||
records (with a maximum record size of 16kB for SSLv3/TLSv1). Only when a
|
||||
|
|
|
|||
|
|
@ -14,9 +14,9 @@ SSL_set_connect_state, SSL_get_accept_state - prepare SSL object to work in clie
|
|||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
SSL_set_connect_state() B<ssl> to work in client mode.
|
||||
SSL_set_connect_state() sets B<ssl> to work in client mode.
|
||||
|
||||
SSL_set_accept_state() B<ssl> to work in server mode.
|
||||
SSL_set_accept_state() sets B<ssl> to work in server mode.
|
||||
|
||||
=head1 NOTES
|
||||
|
||||
|
|
@ -27,12 +27,17 @@ server connections. (The method might have been changed with
|
|||
L<SSL_CTX_set_ssl_version(3)|SSL_CTX_set_ssl_version(3)> or
|
||||
SSL_set_ssl_method().)
|
||||
|
||||
In order to successfully accomplish the handshake, the SSL routines need
|
||||
to know whether they should act in server or client mode. If the generic
|
||||
method was used, this is not clear from the method itself and must be set
|
||||
with either SSL_set_connect_state() or SSL_set_accept_state(). If these
|
||||
routines are not called, the default value set when L<SSL_new(3)|SSL_new(3)>
|
||||
is called is server mode.
|
||||
When beginning a new handshake, the SSL engine must know whether it must
|
||||
call the connect (client) or accept (server) routines. Even though it may
|
||||
be clear from the method chosen, whether client or server mode was
|
||||
requested, the handshake routines must be explicitly set.
|
||||
|
||||
When using the L<SSL_connect(3)|SSL_connect(3)> or
|
||||
L<SSL_accept(3)|SSL_accept(3)> routines, the correct handshake
|
||||
routines are automatically set. When performing a transparent negotiation
|
||||
using L<SSL_write(3)|SSL_write(3)> or L<SSL_read(3)|SSL_read(3)>, the
|
||||
handshake routines must be explicitely set in advance using either
|
||||
SSL_set_connect_state() or SSL_set_accept_state().
|
||||
|
||||
=head1 RETURN VALUES
|
||||
|
||||
|
|
@ -42,6 +47,8 @@ information.
|
|||
=head1 SEE ALSO
|
||||
|
||||
L<ssl(3)|ssl(3)>, L<SSL_new(3)|SSL_new(3)>, L<SSL_CTX_new(3)|SSL_CTX_new(3)>,
|
||||
L<SSL_connect(3)|SSL_connect(3)>, L<SSL_accept(3)|SSL_accept(3)>,
|
||||
L<SSL_write(3)|SSL_write(3)>, L<SSL_read(3)|SSL_read(3)>,
|
||||
L<SSL_CTX_set_ssl_version(3)|SSL_CTX_set_ssl_version(3)>
|
||||
|
||||
=cut
|
||||
|
|
|
|||
|
|
@ -25,11 +25,9 @@ the SSL_write() operation. The behaviour of SSL_write() depends on the
|
|||
underlying BIO.
|
||||
|
||||
For the transparent negotiation to succeed, the B<ssl> must have been
|
||||
initialized to client or server mode. This is not the case if a generic
|
||||
method is being used (see L<SSL_CTX_new(3)|SSL_CTX_new(3)>, so that
|
||||
initialized to client or server mode. This is being done by calling
|
||||
L<SSL_set_connect_state(3)|SSL_set_connect_state(3)> or SSL_set_accept_state()
|
||||
must be used before the first call to an L<SSL_read(3)|SSL_read(3)>
|
||||
or SSL_write() function.
|
||||
before the first call to an L<SSL_read(3)|SSL_read(3)> or SSL_write() function.
|
||||
|
||||
If the underlying BIO is B<blocking>, SSL_write() will only return, once the
|
||||
write operation has been finished or an error occurred, except when a
|
||||
|
|
|
|||
Loading…
Reference in a new issue