diff options
Diffstat (limited to 'lib/libssl')
-rw-r--r-- | lib/libssl/man/SSL_clear.3 | 94 |
1 files changed, 71 insertions, 23 deletions
diff --git a/lib/libssl/man/SSL_clear.3 b/lib/libssl/man/SSL_clear.3 index a9e318320f5..38194154f0d 100644 --- a/lib/libssl/man/SSL_clear.3 +++ b/lib/libssl/man/SSL_clear.3 @@ -1,7 +1,55 @@ +.\" $OpenBSD: SSL_clear.3,v 1.2 2016/12/01 22:45:28 schwarze Exp $ +.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 .\" -.\" $OpenBSD: SSL_clear.3,v 1.1 2016/11/05 15:32:20 schwarze Exp $ +.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>. +.\" Copyright (c) 2000, 2001, 2002, 2011, 2015 The OpenSSL Project. +.\" All rights reserved. .\" -.Dd $Mdocdate: November 5 2016 $ +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: December 1 2016 $ .Dt SSL_CLEAR 3 .Os .Sh NAME @@ -16,7 +64,7 @@ Reset .Fa ssl to allow another connection. All settings (method, ciphers, BIOs) are kept. -.Sh NOTES +.Pp .Fn SSL_clear is used to prepare an .Vt SSL @@ -45,30 +93,11 @@ So if the session was a TLSv1 session, a client object will use a TLSv1 client method for the next handshake and a .Vt SSL server object will use a TLSv1 server method, even if -.Fn SSLv23_*_method Ns s +.Fn TLS_*_method Ns s were chosen on startup. This might lead to connection failures (see .Xr SSL_new 3 ) for a description of the method's properties. -.Sh WARNINGS -.Fn SSL_clear -resets the -.Vt SSL -object to allow for another connection. -The reset operation however keeps several settings of the last sessions -(some of these settings were made automatically during the last handshake). -It only makes sense for a new connection with the exact same peer that shares -these settings, -and may fail if that peer changes its settings between connections. -Use the sequence -.Xr SSL_get_session 3 ; -.Xr SSL_new 3 ; -.Xr SSL_set_session 3 ; -.Xr SSL_free 3 -instead to avoid such failures (or simply -.Xr SSL_free 3 ; -.Xr SSL_new 3 -if session reuse is not desired). .Sh RETURN VALUES The following return values can occur: .Bl -tag -width Ds @@ -90,3 +119,22 @@ operation was successful. .Xr SSL_new 3 , .Xr SSL_set_shutdown 3 , .Xr SSL_shutdown 3 +.Sh CAVEATS +.Fn SSL_clear +resets the +.Vt SSL +object to allow for another connection. +The reset operation however keeps several settings of the last sessions +(some of these settings were made automatically during the last handshake). +It only makes sense for a new connection with the exact same peer that shares +these settings, +and may fail if that peer changes its settings between connections. +Use the sequence +.Xr SSL_get_session 3 ; +.Xr SSL_new 3 ; +.Xr SSL_set_session 3 ; +.Xr SSL_free 3 +instead to avoid such failures (or simply +.Xr SSL_free 3 ; +.Xr SSL_new 3 +if session reuse is not desired). |