From f51fee66ad46838f6549c624bd4c2d4952cad801 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Lutz=20J=C3=A4nicke?= Date: Thu, 8 Mar 2001 17:25:49 +0000 Subject: [PATCH] Add newly learned knowledge from yesterday's discussion. --- doc/ssl/SSL_CTX_new.pod | 6 +++++- doc/ssl/SSL_CTX_set_ssl_version.pod | 13 +++++++------ doc/ssl/SSL_accept.pod | 9 ++++++++- doc/ssl/SSL_connect.pod | 9 ++++++++- doc/ssl/SSL_read.pod | 17 ++++++++++++++--- doc/ssl/SSL_write.pod | 17 ++++++++++++++--- doc/ssl/ssl.pod | 1 + 7 files changed, 57 insertions(+), 15 deletions(-) diff --git a/doc/ssl/SSL_CTX_new.pod b/doc/ssl/SSL_CTX_new.pod index 8b16ea3c90..1dae8b0bdd 100644 --- a/doc/ssl/SSL_CTX_new.pod +++ b/doc/ssl/SSL_CTX_new.pod @@ -59,6 +59,10 @@ choice when compatibility is a concern. =back +If a generic method is used, it is necessary to explicitly set client or +server mode with L +or SSL_set_accept_state(). + The list of protocols available can later be limited using the SSL_OP_NO_SSLv2, SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1 options of the B or B functions. Using these options it is possible to choose @@ -89,6 +93,6 @@ The return value points to an allocated SSL_CTX object. =head1 SEE ALSO L, L, -L +L, L =cut diff --git a/doc/ssl/SSL_CTX_set_ssl_version.pod b/doc/ssl/SSL_CTX_set_ssl_version.pod index 3091bd6895..0020180965 100644 --- a/doc/ssl/SSL_CTX_set_ssl_version.pod +++ b/doc/ssl/SSL_CTX_set_ssl_version.pod @@ -17,8 +17,8 @@ SSL_CTX_set_ssl_version, SSL_set_ssl_method, SSL_get_ssl_method SSL_CTX_set_ssl_version() sets a new default TLS/SSL B for SSL objects newly created from this B. SSL objects already created with -L are not affected, except when SSL_clear() is -being called. +L are not affected, except when +L is being called. SSL_set_ssl_method() sets a new TLS/SSL B for a particular B object. It may be reset, when SSL_clear() is called. @@ -31,9 +31,9 @@ set in B. The available B choices are described in L. -When SSL_clear() is called and no session is connected to an SSL object, -the method of the SSL object is reset to the method currently set in -the corresponding SSL_CTX object. +When L is called and no session is connected to +an SSL object, the method of the SSL object is reset to the method currently +set in the corresponding SSL_CTX object. =head1 RETURN VALUES @@ -55,6 +55,7 @@ The operation succeeded. =head1 SEE ALSO L, L, -L, L +L, L, +L =cut diff --git a/doc/ssl/SSL_accept.pod b/doc/ssl/SSL_accept.pod index 46f95abb2f..86f980de41 100644 --- a/doc/ssl/SSL_accept.pod +++ b/doc/ssl/SSL_accept.pod @@ -37,6 +37,11 @@ nothing is to be done, but select() can be used to check for the required condition. When using a buffering BIO, like a BIO pair, data must be written into or retrieved out of the BIO before being able to continue. +When using a generic method (see L), it +is necessary to call SSL_set_accept_state() +before calling SSL_accept() to explicitly switch the B to server +mode. + =head1 RETURN VALUES The following return values can occur: @@ -67,6 +72,8 @@ to find out the reason. =head1 SEE ALSO L, L, -L, L, L +L, L, L, +L, +L =cut diff --git a/doc/ssl/SSL_connect.pod b/doc/ssl/SSL_connect.pod index 00813ecfff..bcc167745b 100644 --- a/doc/ssl/SSL_connect.pod +++ b/doc/ssl/SSL_connect.pod @@ -34,6 +34,11 @@ nothing is to be done, but select() can be used to check for the required condition. When using a buffering BIO, like a BIO pair, data must be written into or retrieved out of the BIO before being able to continue. +When using a generic method (see L), it +is necessary to call L +before calling SSL_connect() to explicitly switch the B to client +mode. + =head1 RETURN VALUES The following return values can occur: @@ -64,6 +69,8 @@ to find out the reason. =head1 SEE ALSO L, L, -L, L, L +L, L, L, +L, +L =cut diff --git a/doc/ssl/SSL_read.pod b/doc/ssl/SSL_read.pod index ed86d269dc..91f068a119 100644 --- a/doc/ssl/SSL_read.pod +++ b/doc/ssl/SSL_read.pod @@ -18,11 +18,19 @@ buffer B. =head1 NOTES If necessary, SSL_read() will negotiate a TLS/SSL session, if -not already explicitly performed by SSL_connect() or SSL_accept(). If the +not already explicitly performed by L or +L. If the peer requests a re-negotiation, it will be performed transparently during the SSL_read() operation. The behaviour of SSL_read() depends on the underlying BIO. +For the transparent negotiation to succeed, the B must have been +initialized to client or server mode. This is not the case if a generic +method is being used (see L, so that +L or SSL_set_accept_state() +must be used before the first call to an SSL_read() or +L function. + If the underlying BIO is B, SSL_read() will only return, once the read operation has been finished or an error occurred, except when a renegotiation take place, in which case a SSL_ERROR_WANT_READ may occur. @@ -31,7 +39,8 @@ L call. If the underlying BIO is B, SSL_read() will also return when the underlying BIO could not satisfy the needs of SSL_read() -to continue the operation. In this case a call to SSL_get_error() with the +to continue the operation. In this case a call to +L with the return value of SSL_read() will yield B or B. As at any time a re-negotiation is possible, a call to SSL_read() can also cause write operations! The calling process @@ -75,7 +84,9 @@ return value B to find out the reason. =head1 SEE ALSO L, L, -L, +L, L, +L, L +L, L, L =cut diff --git a/doc/ssl/SSL_write.pod b/doc/ssl/SSL_write.pod index f95907981d..6e3ecffa1a 100644 --- a/doc/ssl/SSL_write.pod +++ b/doc/ssl/SSL_write.pod @@ -18,11 +18,19 @@ B connection. =head1 NOTES If necessary, SSL_write() will negotiate a TLS/SSL session, if -not already explicitly performed by SSL_connect() or SSL_accept(). If the +not already explicitly performed by L or +L. If the peer requests a re-negotiation, it will be performed transparently during the SSL_write() operation. The behaviour of SSL_write() depends on the underlying BIO. +For the transparent negotiation to succeed, the B must have been +initialized to client or server mode. This is not the case if a generic +method is being used (see L, so that +L or SSL_set_accept_state() +must be used before the first call to an L +or SSL_write() function. + If the underlying BIO is B, SSL_write() will only return, once the write operation has been finished or an error occurred, except when a renegotiation take place, in which case a SSL_ERROR_WANT_READ may occur. @@ -31,7 +39,8 @@ L call. If the underlying BIO is B, SSL_write() will also return, when the underlying BIO could not satisfy the needs of SSL_write() -to continue the operation. In this case a call to SSL_get_error() with the +to continue the operation. In this case a call to +L with the return value of SSL_write() will yield B or B. As at any time a re-negotiation is possible, a call to SSL_write() can also cause read operations! The calling process @@ -74,7 +83,9 @@ return value B to find out the reason. =head1 SEE ALSO L, L, -L, +L, L, +L, L +L, L, L =cut diff --git a/doc/ssl/ssl.pod b/doc/ssl/ssl.pod index f27551902b..08e964db0a 100644 --- a/doc/ssl/ssl.pod +++ b/doc/ssl/ssl.pod @@ -686,6 +686,7 @@ L, L, L, L, L, +L, L, L, L, L, -- 2.25.1