summaryrefslogtreecommitdiffstats
path: root/lib/libssl/src/doc/ssl/SSL_read.pod
diff options
context:
space:
mode:
Diffstat (limited to 'lib/libssl/src/doc/ssl/SSL_read.pod')
-rw-r--r--lib/libssl/src/doc/ssl/SSL_read.pod25
1 files changed, 18 insertions, 7 deletions
diff --git a/lib/libssl/src/doc/ssl/SSL_read.pod b/lib/libssl/src/doc/ssl/SSL_read.pod
index cc7aa1a5476..f6c37f77e49 100644
--- a/lib/libssl/src/doc/ssl/SSL_read.pod
+++ b/lib/libssl/src/doc/ssl/SSL_read.pod
@@ -25,11 +25,10 @@ the SSL_read() operation. The behaviour of SSL_read() depends on the
underlying BIO.
For the transparent negotiation to succeed, the B<ssl> must have been
-initialized to client or server mode. This is not the case if a generic
-method is being used (see L<SSL_CTX_new(3)|SSL_CTX_new(3)>, so that
+initialized to client or server mode. This is being done by calling
L<SSL_set_connect_state(3)|SSL_set_connect_state(3)> or SSL_set_accept_state()
-must be used before the first call to an SSL_read() or
-L<SSL_write(3)|SSL_write(3)> function).
+before the first call to an SSL_read() or L<SSL_write(3)|SSL_write(3)>
+function.
SSL_read() works based on the SSL/TLS records. The data are received in
records (with a maximum record size of 16kB for SSLv3/TLSv1). Only when a
@@ -84,9 +83,20 @@ bytes actually read from the TLS/SSL connection.
=item 0
-The read operation was not successful, probably because no data was
-available. Call SSL_get_error() with the return value B<ret> to find out,
-whether an error occurred.
+The read operation was not successful. The reason may either be a clean
+shutdown due to a "close notify" alert sent by the peer (in which case
+the SSL_RECEIVED_SHUTDOWN flag in the ssl shutdown state is set
+(see L<SSL_shutdown(3)|SSL_shutdown(3)>,
+L<SSL_set_shutdown(3)|SSL_set_shutdown(3)>). It is also possible, that
+the peer simply shut down the underlying transport and the shutdown is
+incomplete. Call SSL_get_error() with the return value B<ret> to find out,
+whether an error occurred or the connection was shut down cleanly
+(SSL_ERROR_ZERO_RETURN).
+
+SSLv2 (deprecated) does not support a shutdown alert protocol, so it can
+only be detected, whether the underlying connection was closed. It cannot
+be checked, whether the closure was initiated by the peer or by something
+else.
=item E<lt>0
@@ -102,6 +112,7 @@ L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_write(3)|SSL_write(3)>,
L<SSL_CTX_set_mode(3)|SSL_CTX_set_mode(3)>, L<SSL_CTX_new(3)|SSL_CTX_new(3)>,
L<SSL_connect(3)|SSL_connect(3)>, L<SSL_accept(3)|SSL_accept(3)>
L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>,
+L<SSL_shutdown(3)|SSL_shutdown(3)>, L<SSL_set_shutdown(3)|SSL_set_shutdown(3)>,
L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)>
=cut
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.