SSL_clear - reset SSL object to allow another connection
#include <openssl/ssl.h>
int SSL_clear(SSL *ssl);
Reset ssl to allow another connection. All settings
(method, ciphers, BIOs) are kept.
SSL_clear is used to prepare an SSL object for a new connection.
While all settings are kept, a side effect is the
handling of the current SSL session. If a session is
still open, it is considered bad and will be removed from
the session cache, as required by RFC2246. A session is
considered open, if SSL_shutdown(3) was not called for the
connection or at least SSL_set_shutdown(3) was used to set
the SSL_SENT_SHUTDOWN state.
If a session was closed cleanly, the session object will
be kept and all settings corresponding. This explicitly
means, that e.g. the special method used during the session
will be kept for the next handshake. So if the session
was a TLSv1 session, a SSL client object will use a
TLSv1 client method for the next handshake and a SSL
server object will use a TLSv1 server method, even if
SSLv23_*_methods were chosen on startup. This will might
lead to connection failures (see SSL_new(3)) for a
description of the method's properties.
SSL_clear() resets the SSL object to allow for another
connection. The reset operation however keeps several settings
of the last sessions (some of these settings were
made automatically during the last handshake). It only
makes sense when opening a new session (or reusing an old
one) with the same peer that shares these settings.
SSL_clear() is not a short form for the sequence
SSL_free(3); SSL_new(3); .
The following return values can occur:
0 The SSL_clear() operation could not be performed.
Check the error stack to find out the reason.
1 The SSL_clear() operation was successful.
SSL_new(3), SSL_free(3), SSL_shutdown(3),
SSL_set_shutdown(3), SSL_CTX_set_options(3), ssl(3),
SSL_CTX_set_client_cert_cb(3)
OpenBSD 3.6 2002-05-14 1 [ Back ] | 