SSL_CTX_set_mode.pod 3.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116
  1. =pod
  2. =head1 NAME
  3. SSL_CTX_set_mode, SSL_set_mode, SSL_CTX_get_mode, SSL_get_mode - manipulate SSL engine mode
  4. =head1 SYNOPSIS
  5. #include <openssl/ssl.h>
  6. long SSL_CTX_set_mode(SSL_CTX *ctx, long mode);
  7. long SSL_set_mode(SSL *ssl, long mode);
  8. long SSL_CTX_get_mode(SSL_CTX *ctx);
  9. long SSL_get_mode(SSL *ssl);
  10. =head1 DESCRIPTION
  11. SSL_CTX_set_mode() adds the mode set via bitmask in B<mode> to B<ctx>.
  12. Options already set before are not cleared.
  13. SSL_set_mode() adds the mode set via bitmask in B<mode> to B<ssl>.
  14. Options already set before are not cleared.
  15. SSL_CTX_get_mode() returns the mode set for B<ctx>.
  16. SSL_get_mode() returns the mode set for B<ssl>.
  17. =head1 NOTES
  18. The following mode changes are available:
  19. =over 4
  20. =item SSL_MODE_ENABLE_PARTIAL_WRITE
  21. Allow SSL_write_ex(..., n, &r) to return with 0 < r < n (i.e. report success
  22. when just a single record has been written). This works in a similar way for
  23. SSL_write(). When not set (the default), SSL_write_ex() or SSL_write() will only
  24. report success once the complete chunk was written. Once SSL_write_ex() or
  25. SSL_write() returns successful, B<r> bytes have been written and the next call
  26. to SSL_write_ex() or SSL_write() must only send the n-r bytes left, imitating
  27. the behaviour of write().
  28. =item SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER
  29. Make it possible to retry SSL_write_ex() or SSL_write() with changed buffer
  30. location (the buffer contents must stay the same). This is not the default to
  31. avoid the misconception that non-blocking SSL_write() behaves like
  32. non-blocking write().
  33. =item SSL_MODE_AUTO_RETRY
  34. Never bother the application with retries if the transport is blocking.
  35. If a renegotiation take place during normal operation, a
  36. L<SSL_read_ex(3)>, L<SSL_read(3)>, L<SSL_write_ex(3)> or L<SSL_write(3)> would
  37. return with a failure and indicate the need to retry with SSL_ERROR_WANT_READ.
  38. In a non-blocking environment applications must be prepared to handle
  39. incomplete read/write operations.
  40. In a blocking environment, applications are not always prepared to
  41. deal with read/write operations returning without success report. The
  42. flag SSL_MODE_AUTO_RETRY will cause read/write operations to only
  43. return after the handshake and successful completion.
  44. =item SSL_MODE_RELEASE_BUFFERS
  45. When we no longer need a read buffer or a write buffer for a given SSL,
  46. then release the memory we were using to hold it.
  47. Using this flag can
  48. save around 34k per idle SSL connection.
  49. This flag has no effect on SSL v2 connections, or on DTLS connections.
  50. =item SSL_MODE_SEND_FALLBACK_SCSV
  51. Send TLS_FALLBACK_SCSV in the ClientHello.
  52. To be set only by applications that reconnect with a downgraded protocol
  53. version; see draft-ietf-tls-downgrade-scsv-00 for details.
  54. DO NOT ENABLE THIS if your application attempts a normal handshake.
  55. Only use this in explicit fallback retries, following the guidance
  56. in draft-ietf-tls-downgrade-scsv-00.
  57. =item SSL_MODE_ASYNC
  58. Enable asynchronous processing. TLS I/O operations may indicate a retry with
  59. SSL_ERROR_WANT_ASYNC with this mode set if an asynchronous capable engine is
  60. used to perform cryptographic operations. See L<SSL_get_error(3)>.
  61. =back
  62. =head1 RETURN VALUES
  63. SSL_CTX_set_mode() and SSL_set_mode() return the new mode bitmask
  64. after adding B<mode>.
  65. SSL_CTX_get_mode() and SSL_get_mode() return the current bitmask.
  66. =head1 SEE ALSO
  67. L<ssl(7)>, L<SSL_read_ex(3)>, L<SSL_read(3)>, L<SSL_write_ex(3)> or
  68. L<SSL_write(3)>, L<SSL_get_error(3)>
  69. =head1 HISTORY
  70. SSL_MODE_ASYNC was first added to OpenSSL 1.1.0.
  71. =head1 COPYRIGHT
  72. Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
  73. Licensed under the OpenSSL license (the "License"). You may not use
  74. this file except in compliance with the License. You can obtain a copy
  75. in the file LICENSE in the source distribution or at
  76. L<https://www.openssl.org/source/license.html>.
  77. =cut