1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
|
.\"
.\" $OpenBSD: SSL_accept.3,v 1.1 2016/11/05 15:32:20 schwarze Exp $
.\"
.Dd $Mdocdate: November 5 2016 $
.Dt SSL_ACCEPT 3
.Os
.Sh NAME
.Nm SSL_accept
.Nd wait for a TLS/SSL client to initiate a TLS/SSL handshake
.Sh SYNOPSIS
.In openssl/ssl.h
.Ft int
.Fn SSL_accept "SSL *ssl"
.Sh DESCRIPTION
.Fn SSL_accept
waits for a TLS/SSL client to initiate the TLS/SSL handshake.
The communication channel must already have been set and assigned to the
.Fa ssl
object by setting an underlying
.Vt BIO .
.Sh NOTES
The behaviour of
.Fn SSL_accept
depends on the underlying
.Vt BIO .
.Pp
If the underlying
.Vt BIO
is
.Em blocking ,
.Fn SSL_accept
will only return once the handshake has been finished or an error occurred.
.Pp
If the underlying
.Vt BIO
is
.Em non-blocking ,
.Fn SSL_accept
will also return when the underlying
.Vt BIO
could not satisfy the needs of
.Fn SSL_accept
to continue the handshake, indicating the problem by the return value \(mi1.
In this case a call to
.Xr SSL_get_error 3
with the
return value of
.Fn SSL_accept
will yield
.Dv SSL_ERROR_WANT_READ
or
.Dv SSL_ERROR_WANT_WRITE .
The calling process then must repeat the call after taking appropriate action
to satisfy the needs of
.Fn SSL_accept .
The action depends on the underlying
.Dv BIO .
When using a non-blocking socket, nothing is to be done, but
.Xr select 2
can be used to check for the required condition.
When using a buffering
.Vt BIO ,
like a
.Vt BIO
pair, data must be written into or retrieved out of the
.Vt BIO
before being able to continue.
.Sh RETURN VALUES
The following return values can occur:
.Bl -tag -width Ds
.It 0
The TLS/SSL handshake was not successful but was shut down controlled and by
the specifications of the TLS/SSL protocol.
Call
.Xr SSL_get_error 3
with the return value
.Fa ret
to find out the reason.
.It 1
The TLS/SSL handshake was successfully completed,
and a TLS/SSL connection has been established.
.It <0
The TLS/SSL handshake was not successful because a fatal error occurred either
at the protocol level or a connection failure occurred.
The shutdown was not clean.
It can also occur of action is need to continue the operation for non-blocking
.Vt BIO Ns
s.
Call
.Xr SSL_get_error 3
with the return value
.Fa ret
to find out the reason.
.El
.Sh SEE ALSO
.Xr bio 3 ,
.Xr ssl 3 ,
.Xr SSL_connect 3 ,
.Xr SSL_CTX_new 3 ,
.Xr SSL_do_handshake 3 ,
.Xr SSL_get_error 3 ,
.Xr SSL_set_connect_state 3 ,
.Xr SSL_shutdown 3
|
