SSL_connect.pod 3.4 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697
  1. =pod
  2. =head1 NAME
  3. SSL_connect - initiate the TLS/SSL handshake with an TLS/SSL server
  4. =head1 SYNOPSIS
  5. #include <openssl/ssl.h>
  6. int SSL_connect(SSL *ssl);
  7. =head1 DESCRIPTION
  8. SSL_connect() initiates the TLS/SSL handshake with a server. The communication
  9. channel must already have been set and assigned to the B<ssl> by setting an
  10. underlying B<BIO>.
  11. =head1 NOTES
  12. The behaviour of SSL_connect() depends on the underlying BIO.
  13. If the underlying BIO is B<blocking>, SSL_connect() will only return once the
  14. handshake has been finished or an error occurred.
  15. If the underlying BIO is B<nonblocking>, SSL_connect() will also return
  16. when the underlying BIO could not satisfy the needs of SSL_connect()
  17. to continue the handshake, indicating the problem by the return value -1.
  18. In this case a call to SSL_get_error() with the
  19. return value of SSL_connect() will yield B<SSL_ERROR_WANT_READ> or
  20. B<SSL_ERROR_WANT_WRITE>. The calling process then must repeat the call after
  21. taking appropriate action to satisfy the needs of SSL_connect().
  22. The action depends on the underlying BIO. When using a nonblocking socket,
  23. nothing is to be done, but select() can be used to check for the required
  24. condition. When using a buffering BIO, like a BIO pair, data must be written
  25. into or retrieved out of the BIO before being able to continue.
  26. Many systems implement Nagle's algorithm by default which means that it will
  27. buffer outgoing TCP data if a TCP packet has already been sent for which no
  28. corresponding ACK has been received yet from the peer. This can have performance
  29. impacts after a successful TLSv1.3 handshake or a successful TLSv1.2 (or below)
  30. resumption handshake, because the last peer to communicate in the handshake is
  31. the client. If the client is also the first to send application data (as is
  32. typical for many protocols) then this data could be buffered until an ACK has
  33. been received for the final handshake message.
  34. The B<TCP_NODELAY> socket option is often available to disable Nagle's
  35. algorithm. If an application opts to disable Nagle's algorithm consideration
  36. should be given to turning it back on again later if appropriate. The helper
  37. function BIO_set_tcp_ndelay() can be used to turn on or off the B<TCP_NODELAY>
  38. option.
  39. =head1 RETURN VALUES
  40. The following return values can occur:
  41. =over 4
  42. =item Z<>0
  43. The TLS/SSL handshake was not successful but was shut down controlled and
  44. by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
  45. return value B<ret> to find out the reason.
  46. =item Z<>1
  47. The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
  48. established.
  49. =item E<lt>0
  50. The TLS/SSL handshake was not successful, because a fatal error occurred either
  51. at the protocol level or a connection failure occurred. The shutdown was
  52. not clean. It can also occur if action is needed to continue the operation
  53. for nonblocking BIOs. Call SSL_get_error() with the return value B<ret>
  54. to find out the reason.
  55. =back
  56. =head1 SEE ALSO
  57. L<SSL_get_error(3)>, L<SSL_accept(3)>,
  58. L<SSL_shutdown(3)>, L<ssl(7)>, L<bio(7)>,
  59. L<SSL_set_connect_state(3)>,
  60. L<SSL_do_handshake(3)>,
  61. L<SSL_CTX_new(3)>
  62. =head1 COPYRIGHT
  63. Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
  64. Licensed under the Apache License 2.0 (the "License"). You may not use
  65. this file except in compliance with the License. You can obtain a copy
  66. in the file LICENSE in the source distribution or at
  67. L<https://www.openssl.org/source/license.html>.
  68. =cut