2
0

SSL_get_error.pod 4.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114
  1. =pod
  2. =head1 NAME
  3. SSL_get_error - obtain result code for TLS/SSL I/O operation
  4. =head1 SYNOPSIS
  5. #include <openssl/ssl.h>
  6. int SSL_get_error(SSL *ssl, int ret);
  7. =head1 DESCRIPTION
  8. SSL_get_error() returns a result code (suitable for the C "switch"
  9. statement) for a preceding call to SSL_connect(), SSL_accept(), SSL_do_handshake(),
  10. SSL_read(), SSL_peek(), or SSL_write() on B<ssl>. The value returned by
  11. that TLS/SSL I/O function must be passed to SSL_get_error() in parameter
  12. B<ret>.
  13. In addition to B<ssl> and B<ret>, SSL_get_error() inspects the
  14. current thread's OpenSSL error queue. Thus, SSL_get_error() must be
  15. used in the same thread that performed the TLS/SSL I/O operation, and no
  16. other OpenSSL function calls should appear in between. The current
  17. thread's error queue must be empty before the TLS/SSL I/O operation is
  18. attempted, or SSL_get_error() will not work reliably.
  19. =head1 RETURN VALUES
  20. The following return values can currently occur:
  21. =over 4
  22. =item SSL_ERROR_NONE
  23. The TLS/SSL I/O operation completed. This result code is returned
  24. if and only if B<ret E<gt> 0>.
  25. =item SSL_ERROR_ZERO_RETURN
  26. The TLS/SSL connection has been closed. If the protocol version is SSL 3.0
  27. or TLS 1.0, this result code is returned only if a closure
  28. alert has occurred in the protocol, i.e. if the connection has been
  29. closed cleanly. Note that in this case B<SSL_ERROR_ZERO_RETURN>
  30. does not necessarily indicate that the underlying transport
  31. has been closed.
  32. =item SSL_ERROR_WANT_READ, SSL_ERROR_WANT_WRITE
  33. The operation did not complete; the same TLS/SSL I/O function should be
  34. called again later. If, by then, the underlying B<BIO> has data
  35. available for reading (if the result code is B<SSL_ERROR_WANT_READ>)
  36. or allows writing data (B<SSL_ERROR_WANT_WRITE>), then some TLS/SSL
  37. protocol progress will take place, i.e. at least part of an TLS/SSL
  38. record will be read or written. Note that the retry may again lead to
  39. a B<SSL_ERROR_WANT_READ> or B<SSL_ERROR_WANT_WRITE> condition.
  40. There is no fixed upper limit for the number of iterations that
  41. may be necessary until progress becomes visible at application
  42. protocol level.
  43. For socket B<BIO>s (e.g. when SSL_set_fd() was used), select() or
  44. poll() on the underlying socket can be used to find out when the
  45. TLS/SSL I/O function should be retried.
  46. Caveat: Any TLS/SSL I/O function can lead to either of
  47. B<SSL_ERROR_WANT_READ> and B<SSL_ERROR_WANT_WRITE>. In particular,
  48. SSL_read() or SSL_peek() may want to write data and SSL_write() may want
  49. to read data. This is mainly because TLS/SSL handshakes may occur at any
  50. time during the protocol (initiated by either the client or the server);
  51. SSL_read(), SSL_peek(), and SSL_write() will handle any pending handshakes.
  52. =item SSL_ERROR_WANT_CONNECT, SSL_ERROR_WANT_ACCEPT
  53. The operation did not complete; the same TLS/SSL I/O function should be
  54. called again later. The underlying BIO was not connected yet to the peer
  55. and the call would block in connect()/accept(). The SSL function should be
  56. called again when the connection is established. These messages can only
  57. appear with a BIO_s_connect() or BIO_s_accept() BIO, respectively.
  58. In order to find out, when the connection has been successfully established,
  59. on many platforms select() or poll() for writing on the socket file descriptor
  60. can be used.
  61. =item SSL_ERROR_WANT_X509_LOOKUP
  62. The operation did not complete because an application callback set by
  63. SSL_CTX_set_client_cert_cb() has asked to be called again.
  64. The TLS/SSL I/O function should be called again later.
  65. Details depend on the application.
  66. =item SSL_ERROR_SYSCALL
  67. Some I/O error occurred. The OpenSSL error queue may contain more
  68. information on the error. If the error queue is empty
  69. (i.e. ERR_get_error() returns 0), B<ret> can be used to find out more
  70. about the error: If B<ret == 0>, an EOF was observed that violates
  71. the protocol. If B<ret == -1>, the underlying B<BIO> reported an
  72. I/O error (for socket I/O on Unix systems, consult B<errno> for details).
  73. =item SSL_ERROR_SSL
  74. A failure in the SSL library occurred, usually a protocol error. The
  75. OpenSSL error queue contains more information on the error.
  76. =back
  77. =head1 SEE ALSO
  78. L<ssl(3)|ssl(3)>, L<err(3)|err(3)>
  79. =head1 HISTORY
  80. SSL_get_error() was added in SSLeay 0.8.
  81. =cut