|
Packit |
c4476c |
=pod
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=head1 NAME
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
SSL_do_handshake - perform a TLS/SSL handshake
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=head1 SYNOPSIS
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
#include <openssl/ssl.h>
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
int SSL_do_handshake(SSL *ssl);
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=head1 DESCRIPTION
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
SSL_do_handshake() will wait for a SSL/TLS handshake to take place. If the
|
|
Packit |
c4476c |
connection is in client mode, the handshake will be started. The handshake
|
|
Packit |
c4476c |
routines may have to be explicitly set in advance using either
|
|
Packit |
c4476c |
L<SSL_set_connect_state(3)> or
|
|
Packit |
c4476c |
L<SSL_set_accept_state(3)>.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=head1 NOTES
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
The behaviour of SSL_do_handshake() depends on the underlying BIO.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
If the underlying BIO is B<blocking>, SSL_do_handshake() will only return
|
|
Packit |
c4476c |
once the handshake has been finished or an error occurred.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
If the underlying BIO is B<non-blocking>, SSL_do_handshake() will also return
|
|
Packit |
c4476c |
when the underlying BIO could not satisfy the needs of SSL_do_handshake()
|
|
Packit |
c4476c |
to continue the handshake. In this case a call to SSL_get_error() with the
|
|
Packit |
c4476c |
return value of SSL_do_handshake() will yield B<SSL_ERROR_WANT_READ> or
|
|
Packit |
c4476c |
B<SSL_ERROR_WANT_WRITE>. The calling process then must repeat the call after
|
|
Packit |
c4476c |
taking appropriate action to satisfy the needs of SSL_do_handshake().
|
|
Packit |
c4476c |
The action depends on the underlying BIO. When using a non-blocking socket,
|
|
Packit |
c4476c |
nothing is to be done, but select() can be used to check for the required
|
|
Packit |
c4476c |
condition. When using a buffering BIO, like a BIO pair, data must be written
|
|
Packit |
c4476c |
into or retrieved out of the BIO before being able to continue.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=head1 RETURN VALUES
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
The following return values can occur:
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=over 4
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=item Z<>0
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
The TLS/SSL handshake was not successful but was shut down controlled and
|
|
Packit |
c4476c |
by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
|
|
Packit |
c4476c |
return value B<ret> to find out the reason.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=item Z<>1
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
|
|
Packit |
c4476c |
established.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=item E<lt>0
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
The TLS/SSL handshake was not successful because a fatal error occurred either
|
|
Packit |
c4476c |
at the protocol level or a connection failure occurred. The shutdown was
|
|
Packit |
c4476c |
not clean. It can also occur if action is needed to continue the operation
|
|
Packit |
c4476c |
for non-blocking BIOs. Call SSL_get_error() with the return value B<ret>
|
|
Packit |
c4476c |
to find out the reason.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=back
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=head1 SEE ALSO
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
L<SSL_get_error(3)>, L<SSL_connect(3)>,
|
|
Packit |
c4476c |
L<SSL_accept(3)>, L<ssl(7)>, L<bio(7)>,
|
|
Packit |
c4476c |
L<SSL_set_connect_state(3)>
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=head1 COPYRIGHT
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
Licensed under the OpenSSL license (the "License"). You may not use
|
|
Packit |
c4476c |
this file except in compliance with the License. You can obtain a copy
|
|
Packit |
c4476c |
in the file LICENSE in the source distribution or at
|
|
Packit |
c4476c |
L<https://www.openssl.org/source/license.html>.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=cut
|