X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=doc%2Fssl%2FSSL_clear.pod;h=ba192bd518aebed9e3a4089be7b5cab49ef6371d;hb=646e8c1d6b30a2ed080ce5b968b49d234b42644f;hp=8b735d81dcbc8e245e9da6bf038ba9b374fc49da;hpb=8e495e4ac7caa585fe28d3e7c2fe32dd1d3e94a8;p=oweals%2Fopenssl.git diff --git a/doc/ssl/SSL_clear.pod b/doc/ssl/SSL_clear.pod index 8b735d81dc..ba192bd518 100644 --- a/doc/ssl/SSL_clear.pod +++ b/doc/ssl/SSL_clear.pod @@ -25,18 +25,43 @@ if L was not called for the connection or at least L was used to set the SSL_SENT_SHUTDOWN state. +If a session was closed cleanly, the session object will be kept and all +settings corresponding. This explicitly means, that e.g. the special method +used during the session will be kept for the next handshake. So if the +session was a TLSv1 session, a SSL client object will use a TLSv1 client +method for the next handshake and a SSL server object will use a TLSv1 +server method, even if SSLv23_*_methods were chosen on startup. This +will might lead to connection failures (see L) +for a description of the method's properties. + +=head1 WARNINGS + +SSL_clear() resets the SSL object to allow for another connection. The +reset operation however keeps several settings of the last sessions +(some of these settings were made automatically during the last +handshake). It only makes sense for a new connection with the exact +same peer that shares these settings, and may fail if that peer +changes its settings between connections. Use the sequence +L; +L; +L; +L +instead to avoid such failures +(or simply L; L +if session reuse is not desired). + =head1 RETURN VALUES The following return values can occur: =over 4 -=item 0 +=item Z<>0 The SSL_clear() operation could not be performed. Check the error stack to find out the reason. -=item 1 +=item Z<>1 The SSL_clear() operation was successful. @@ -44,6 +69,7 @@ The SSL_clear() operation was successful. L, L, L, L, -L, L +L, L, +L =cut