X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=doc%2Fssl%2FSSL_shutdown.pod;h=85d4a64b03f9edce603f593106af6abdac92dfc1;hb=6c0a1e2f8c5efc3dd4a8d4722465721034b55d92;hp=3dcd0ddf457b59875467eb73258c91ef8118c6be;hpb=b2ed462934b5d5062ddb56a4ddec922f56e468f2;p=oweals%2Fopenssl.git diff --git a/doc/ssl/SSL_shutdown.pod b/doc/ssl/SSL_shutdown.pod index 3dcd0ddf45..85d4a64b03 100644 --- a/doc/ssl/SSL_shutdown.pod +++ b/doc/ssl/SSL_shutdown.pod @@ -38,7 +38,7 @@ behaviour. =over 4 =item When the application is the first party to send the "close notify" -alert, SSL_shutdown() will only send the alert and the set the +alert, SSL_shutdown() will only send the alert and then set the SSL_SENT_SHUTDOWN flag (so that the session is considered good and will be kept in cache). SSL_shutdown() will then return with 0. If a unidirectional shutdown is enough (the underlying connection shall be closed anyway), this @@ -49,9 +49,12 @@ shutdown alert. On success, the second call to SSL_shutdown() will return with 1. =item If the peer already sent the "close notify" alert B it was -already processed implicitly inside another call of e.g. -B, SSL_shutdown() will send the "close notify" -alert, set the SSL_SENT_SHUTDOWN flag and will immediately return with 1. +already processed implicitly inside another function +(L), the SSL_RECEIVED_SHUTDOWN flag is set. +SSL_shutdown() will send the "close notify" alert, set the SSL_SENT_SHUTDOWN +flag and will immediately return with 1. +Whether SSL_RECEIVED_SHUTDOWN is already set can be checked using the +SSL_get_shutdown() (see also L call. =back @@ -77,24 +80,30 @@ nothing is to be done, but select() can be used to check for the required condition. When using a buffering BIO, like a BIO pair, data must be written into or retrieved out of the BIO before being able to continue. +SSL_shutdown() can be modified to only set the connection to "shutdown" +state but not actually send the "close notify" alert messages, +see L. +When "quiet shutdown" is enabled, SSL_shutdown() will always succeed +and return 1. + =head1 RETURN VALUES The following return values can occur: =over 4 -=item 1 - -The shutdown was successfully completed. The "close notify" alert was sent -and the peer's "close notify" alert was received. - -=item 0 +=item Z<>0 The shutdown is not yet finished. Call SSL_shutdown() for a second time, if a bidirectional shutdown shall be performed. The output of L may be misleading, as an erroneous SSL_ERROR_SYSCALL may be flagged even though no error occurred. +=item Z<>1 + +The shutdown was successfully completed. The "close notify" alert was sent +and the peer's "close notify" alert was received. + =item -1 The shutdown was not successful because a fatal error occurred either @@ -109,6 +118,7 @@ to find out the reason. L, L, L, L, +L, L, L, L, L