build - Rewire secure, remove conflicts from libmd, libcrypt
[dragonfly.git] / lib / libcrypto / man / BIO_f_ssl.3
CommitLineData
1acffe94 1.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)
8b0cefbb
JR
2.\"
3.\" Standard preamble:
4.\" ========================================================================
8b0cefbb 5.de Sp \" Vertical space (when we can't use .PP)
984263bc
MD
6.if t .sp .5v
7.if n .sp
8..
8b0cefbb 9.de Vb \" Begin verbatim text
984263bc
MD
10.ft CW
11.nf
12.ne \\$1
13..
8b0cefbb 14.de Ve \" End verbatim text
984263bc 15.ft R
984263bc
MD
16.fi
17..
8b0cefbb
JR
18.\" Set up some character translations and predefined strings. \*(-- will
19.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
e257b235
PA
20.\" double quote, and \*(R" will give a right double quote. \*(C+ will
21.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
22.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
23.\" nothing in troff, for use with C<>.
24.tr \(*W-
8b0cefbb 25.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
984263bc 26.ie n \{\
8b0cefbb
JR
27. ds -- \(*W-
28. ds PI pi
29. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
30. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
31. ds L" ""
32. ds R" ""
33. ds C` ""
34. ds C' ""
984263bc
MD
35'br\}
36.el\{\
8b0cefbb
JR
37. ds -- \|\(em\|
38. ds PI \(*p
39. ds L" ``
40. ds R" ''
5a44c043
SW
41. ds C`
42. ds C'
984263bc 43'br\}
8b0cefbb 44.\"
e257b235
PA
45.\" Escape single quotes in literal strings from groff's Unicode transform.
46.ie \n(.g .ds Aq \(aq
47.el .ds Aq '
48.\"
8b0cefbb 49.\" If the F register is turned on, we'll generate index entries on stderr for
01185282 50.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
8b0cefbb
JR
51.\" entries marked with X<> in POD. Of course, you'll have to process the
52.\" output yourself in some meaningful fashion.
5a44c043
SW
53.\"
54.\" Avoid warning from groff about undefined register 'F'.
55.de IX
984263bc 56..
5a44c043
SW
57.nr rF 0
58.if \n(.g .if rF .nr rF 1
59.if (\n(rF:(\n(.g==0)) \{
60. if \nF \{
61. de IX
62. tm Index:\\$1\t\\n%\t"\\$2"
e257b235 63..
5a44c043
SW
64. if !\nF==2 \{
65. nr % 0
66. nr F 2
67. \}
68. \}
e257b235 69.\}
5a44c043 70.rr rF
aac4ff6f 71.\"
8b0cefbb
JR
72.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
73.\" Fear. Run. Save yourself. No user-serviceable parts.
74. \" fudge factors for nroff and troff
984263bc 75.if n \{\
8b0cefbb
JR
76. ds #H 0
77. ds #V .8m
78. ds #F .3m
79. ds #[ \f1
80. ds #] \fP
984263bc
MD
81.\}
82.if t \{\
8b0cefbb
JR
83. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
84. ds #V .6m
85. ds #F 0
86. ds #[ \&
87. ds #] \&
984263bc 88.\}
8b0cefbb 89. \" simple accents for nroff and troff
984263bc 90.if n \{\
8b0cefbb
JR
91. ds ' \&
92. ds ` \&
93. ds ^ \&
94. ds , \&
95. ds ~ ~
96. ds /
984263bc
MD
97.\}
98.if t \{\
8b0cefbb
JR
99. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
100. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
101. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
102. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
103. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
104. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
984263bc 105.\}
8b0cefbb 106. \" troff and (daisy-wheel) nroff accents
984263bc
MD
107.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
108.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
109.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
110.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
111.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
112.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
113.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
114.ds ae a\h'-(\w'a'u*4/10)'e
115.ds Ae A\h'-(\w'A'u*4/10)'E
8b0cefbb 116. \" corrections for vroff
984263bc
MD
117.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
118.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
8b0cefbb 119. \" for low resolution devices (crt and lpr)
984263bc
MD
120.if \n(.H>23 .if \n(.V>19 \
121\{\
8b0cefbb
JR
122. ds : e
123. ds 8 ss
124. ds o a
125. ds d- d\h'-1'\(ga
126. ds D- D\h'-1'\(hy
127. ds th \o'bp'
128. ds Th \o'LP'
129. ds ae ae
130. ds Ae AE
984263bc
MD
131.\}
132.rm #[ #] #H #V #F C
8b0cefbb
JR
133.\" ========================================================================
134.\"
135.IX Title "BIO_f_ssl 3"
57eefc0b 136.TH BIO_f_ssl 3 "2016-05-03" "1.0.2h" "OpenSSL"
e257b235
PA
137.\" For nroff, turn off justification. Always turn off hyphenation; it makes
138.\" way too many mistakes in technical documents.
139.if n .ad l
140.nh
984263bc
MD
141.SH "NAME"
142BIO_f_ssl, BIO_set_ssl, BIO_get_ssl, BIO_set_ssl_mode, BIO_set_ssl_renegotiate_bytes,
143BIO_get_num_renegotiates, BIO_set_ssl_renegotiate_timeout, BIO_new_ssl,
144BIO_new_ssl_connect, BIO_new_buffer_ssl_connect, BIO_ssl_copy_session_id,
74dab6c2 145BIO_ssl_shutdown \- SSL BIO
984263bc 146.SH "SYNOPSIS"
8b0cefbb 147.IX Header "SYNOPSIS"
984263bc
MD
148.Vb 2
149\& #include <openssl/bio.h>
150\& #include <openssl/ssl.h>
e257b235 151\&
984263bc 152\& BIO_METHOD *BIO_f_ssl(void);
e257b235 153\&
984263bc
MD
154\& #define BIO_set_ssl(b,ssl,c) BIO_ctrl(b,BIO_C_SET_SSL,c,(char *)ssl)
155\& #define BIO_get_ssl(b,sslp) BIO_ctrl(b,BIO_C_GET_SSL,0,(char *)sslp)
156\& #define BIO_set_ssl_mode(b,client) BIO_ctrl(b,BIO_C_SSL_MODE,client,NULL)
157\& #define BIO_set_ssl_renegotiate_bytes(b,num) \e
158\& BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_BYTES,num,NULL);
159\& #define BIO_set_ssl_renegotiate_timeout(b,seconds) \e
160\& BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT,seconds,NULL);
161\& #define BIO_get_num_renegotiates(b) \e
162\& BIO_ctrl(b,BIO_C_SET_SSL_NUM_RENEGOTIATES,0,NULL);
e257b235 163\&
984263bc
MD
164\& BIO *BIO_new_ssl(SSL_CTX *ctx,int client);
165\& BIO *BIO_new_ssl_connect(SSL_CTX *ctx);
166\& BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx);
167\& int BIO_ssl_copy_session_id(BIO *to,BIO *from);
168\& void BIO_ssl_shutdown(BIO *bio);
e257b235 169\&
984263bc
MD
170\& #define BIO_do_handshake(b) BIO_ctrl(b,BIO_C_DO_STATE_MACHINE,0,NULL)
171.Ve
172.SH "DESCRIPTION"
8b0cefbb 173.IX Header "DESCRIPTION"
5a44c043
SW
174\&\fIBIO_f_ssl()\fR returns the \s-1SSL BIO\s0 method. This is a filter \s-1BIO\s0 which
175is a wrapper round the OpenSSL \s-1SSL\s0 routines adding a \s-1BIO \s0\*(L"flavour\*(R" to
176\&\s-1SSL I/O. \s0
984263bc 177.PP
5a44c043 178I/O performed on an \s-1SSL BIO\s0 communicates using the \s-1SSL\s0 protocol with
8b0cefbb 179the SSLs read and write BIOs. If an \s-1SSL\s0 connection is not established
984263bc
MD
180then an attempt is made to establish one on the first I/O call.
181.PP
5a44c043 182If a \s-1BIO\s0 is appended to an \s-1SSL BIO\s0 using \fIBIO_push()\fR it is automatically
8b0cefbb 183used as the \s-1SSL\s0 BIOs read and write BIOs.
984263bc 184.PP
5a44c043 185Calling \fIBIO_reset()\fR on an \s-1SSL BIO\s0 closes down any current \s-1SSL\s0 connection
8b0cefbb 186by calling \fISSL_shutdown()\fR. \fIBIO_reset()\fR is then sent to the next \s-1BIO\s0 in
984263bc 187the chain: this will typically disconnect the underlying transport.
5a44c043 188The \s-1SSL BIO\s0 is then reset to the initial accept or connect state.
984263bc 189.PP
5a44c043 190If the close flag is set when an \s-1SSL BIO\s0 is freed then the internal
8b0cefbb 191\&\s-1SSL\s0 structure is also freed using \fISSL_free()\fR.
984263bc 192.PP
5a44c043 193\&\fIBIO_set_ssl()\fR sets the internal \s-1SSL\s0 pointer of \s-1BIO \s0\fBb\fR to \fBssl\fR using
984263bc
MD
194the close flag \fBc\fR.
195.PP
5a44c043 196\&\fIBIO_get_ssl()\fR retrieves the \s-1SSL\s0 pointer of \s-1BIO \s0\fBb\fR, it can then be
8b0cefbb 197manipulated using the standard \s-1SSL\s0 library functions.
984263bc 198.PP
5a44c043 199\&\fIBIO_set_ssl_mode()\fR sets the \s-1SSL BIO\s0 mode to \fBclient\fR. If \fBclient\fR
984263bc
MD
200is 1 client mode is set. If \fBclient\fR is 0 server mode is set.
201.PP
8b0cefbb 202\&\fIBIO_set_ssl_renegotiate_bytes()\fR sets the renegotiate byte count
984263bc 203to \fBnum\fR. When set after every \fBnum\fR bytes of I/O (read and write)
8b0cefbb 204the \s-1SSL\s0 session is automatically renegotiated. \fBnum\fR must be at
984263bc
MD
205least 512 bytes.
206.PP
8b0cefbb
JR
207\&\fIBIO_set_ssl_renegotiate_timeout()\fR sets the renegotiate timeout to
208\&\fBseconds\fR. When the renegotiate timeout elapses the session is
984263bc
MD
209automatically renegotiated.
210.PP
8b0cefbb 211\&\fIBIO_get_num_renegotiates()\fR returns the total number of session
984263bc
MD
212renegotiations due to I/O or timeout.
213.PP
5a44c043 214\&\fIBIO_new_ssl()\fR allocates an \s-1SSL BIO\s0 using \s-1SSL_CTX \s0\fBctx\fR and using
984263bc
MD
215client mode if \fBclient\fR is non zero.
216.PP
8b0cefbb 217\&\fIBIO_new_ssl_connect()\fR creates a new \s-1BIO\s0 chain consisting of an
5a44c043 218\&\s-1SSL BIO \s0(using \fBctx\fR) followed by a connect \s-1BIO.\s0
984263bc 219.PP
8b0cefbb 220\&\fIBIO_new_buffer_ssl_connect()\fR creates a new \s-1BIO\s0 chain consisting
5a44c043
SW
221of a buffering \s-1BIO,\s0 an \s-1SSL BIO \s0(using \fBctx\fR) and a connect
222\&\s-1BIO.\s0
984263bc 223.PP
8b0cefbb
JR
224\&\fIBIO_ssl_copy_session_id()\fR copies an \s-1SSL\s0 session id between
225\&\s-1BIO\s0 chains \fBfrom\fR and \fBto\fR. It does this by locating the
226\&\s-1SSL\s0 BIOs in each chain and calling \fISSL_copy_session_id()\fR on
227the internal \s-1SSL\s0 pointer.
984263bc 228.PP
8b0cefbb 229\&\fIBIO_ssl_shutdown()\fR closes down an \s-1SSL\s0 connection on \s-1BIO\s0
5a44c043 230chain \fBbio\fR. It does this by locating the \s-1SSL BIO\s0 in the
8b0cefbb 231chain and calling \fISSL_shutdown()\fR on its internal \s-1SSL\s0
984263bc
MD
232pointer.
233.PP
8b0cefbb
JR
234\&\fIBIO_do_handshake()\fR attempts to complete an \s-1SSL\s0 handshake on the
235supplied \s-1BIO\s0 and establish the \s-1SSL\s0 connection. It returns 1
984263bc
MD
236if the connection was established successfully. A zero or negative
237value is returned if the connection could not be established, the
238call \fIBIO_should_retry()\fR should be used for non blocking connect BIOs
8b0cefbb 239to determine if the call should be retried. If an \s-1SSL\s0 connection has
984263bc
MD
240already been established this call has no effect.
241.SH "NOTES"
8b0cefbb
JR
242.IX Header "NOTES"
243\&\s-1SSL\s0 BIOs are exceptional in that if the underlying transport
984263bc
MD
244is non blocking they can still request a retry in exceptional
245circumstances. Specifically this will happen if a session
246renegotiation takes place during a \fIBIO_read()\fR operation, one
57eefc0b 247case where this happens is when step up occurs.
984263bc 248.PP
8b0cefbb 249In OpenSSL 0.9.6 and later the \s-1SSL\s0 flag \s-1SSL_AUTO_RETRY\s0 can be
984263bc 250set to disable this behaviour. That is when this flag is set
5a44c043 251an \s-1SSL BIO\s0 using a blocking transport will never request a
984263bc
MD
252retry.
253.PP
254Since unknown \fIBIO_ctrl()\fR operations are sent through filter
255BIOs the servers name and port can be set using \fIBIO_set_host()\fR
8b0cefbb
JR
256on the \s-1BIO\s0 returned by \fIBIO_new_ssl_connect()\fR without having
257to locate the connect \s-1BIO\s0 first.
984263bc
MD
258.PP
259Applications do not have to call \fIBIO_do_handshake()\fR but may wish
260to do so to separate the handshake process from other I/O
261processing.
262.SH "RETURN VALUES"
8b0cefbb
JR
263.IX Header "RETURN VALUES"
264\&\s-1TBA\s0
984263bc 265.SH "EXAMPLE"
8b0cefbb
JR
266.IX Header "EXAMPLE"
267This \s-1SSL/TLS\s0 client example, attempts to retrieve a page from an
268\&\s-1SSL/TLS\s0 web server. The I/O routines are identical to those of the
269unencrypted example in \fIBIO_s_connect\fR\|(3).
984263bc
MD
270.PP
271.Vb 5
272\& BIO *sbio, *out;
273\& int len;
274\& char tmpbuf[1024];
275\& SSL_CTX *ctx;
276\& SSL *ssl;
e257b235 277\&
984263bc
MD
278\& ERR_load_crypto_strings();
279\& ERR_load_SSL_strings();
280\& OpenSSL_add_all_algorithms();
e257b235
PA
281\&
282\& /* We would seed the PRNG here if the platform didn\*(Aqt
984263bc
MD
283\& * do it automatically
284\& */
e257b235 285\&
984263bc 286\& ctx = SSL_CTX_new(SSLv23_client_method());
e257b235
PA
287\&
288\& /* We\*(Aqd normally set some stuff like the verify paths and
984263bc
MD
289\& * mode here because as things stand this will connect to
290\& * any server whose certificate is signed by any CA.
291\& */
e257b235 292\&
984263bc 293\& sbio = BIO_new_ssl_connect(ctx);
e257b235 294\&
984263bc 295\& BIO_get_ssl(sbio, &ssl);
e257b235 296\&
984263bc 297\& if(!ssl) {
e257b235 298\& fprintf(stderr, "Can\*(Aqt locate SSL pointer\en");
984263bc
MD
299\& /* whatever ... */
300\& }
e257b235
PA
301\&
302\& /* Don\*(Aqt want any retries */
984263bc 303\& SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
e257b235 304\&
984263bc 305\& /* We might want to do other things with ssl here */
e257b235 306\&
984263bc 307\& BIO_set_conn_hostname(sbio, "localhost:https");
e257b235 308\&
984263bc
MD
309\& out = BIO_new_fp(stdout, BIO_NOCLOSE);
310\& if(BIO_do_connect(sbio) <= 0) {
311\& fprintf(stderr, "Error connecting to server\en");
312\& ERR_print_errors_fp(stderr);
313\& /* whatever ... */
314\& }
e257b235 315\&
984263bc
MD
316\& if(BIO_do_handshake(sbio) <= 0) {
317\& fprintf(stderr, "Error establishing SSL connection\en");
318\& ERR_print_errors_fp(stderr);
319\& /* whatever ... */
320\& }
e257b235 321\&
984263bc 322\& /* Could examine ssl here to get connection info */
e257b235 323\&
984263bc
MD
324\& BIO_puts(sbio, "GET / HTTP/1.0\en\en");
325\& for(;;) {
326\& len = BIO_read(sbio, tmpbuf, 1024);
327\& if(len <= 0) break;
328\& BIO_write(out, tmpbuf, len);
329\& }
330\& BIO_free_all(sbio);
331\& BIO_free(out);
332.Ve
8b0cefbb 333.PP
984263bc 334Here is a simple server example. It makes use of a buffering
5a44c043 335\&\s-1BIO\s0 to allow lines to be read from the \s-1SSL BIO\s0 using BIO_gets.
984263bc
MD
336It creates a pseudo web page containing the actual request from
337a client and also echoes the request to standard output.
338.PP
339.Vb 5
340\& BIO *sbio, *bbio, *acpt, *out;
341\& int len;
342\& char tmpbuf[1024];
343\& SSL_CTX *ctx;
344\& SSL *ssl;
e257b235 345\&
984263bc
MD
346\& ERR_load_crypto_strings();
347\& ERR_load_SSL_strings();
348\& OpenSSL_add_all_algorithms();
e257b235 349\&
984263bc 350\& /* Might seed PRNG here */
e257b235 351\&
984263bc 352\& ctx = SSL_CTX_new(SSLv23_server_method());
e257b235 353\&
984263bc
MD
354\& if (!SSL_CTX_use_certificate_file(ctx,"server.pem",SSL_FILETYPE_PEM)
355\& || !SSL_CTX_use_PrivateKey_file(ctx,"server.pem",SSL_FILETYPE_PEM)
356\& || !SSL_CTX_check_private_key(ctx)) {
e257b235 357\&
984263bc
MD
358\& fprintf(stderr, "Error setting up SSL_CTX\en");
359\& ERR_print_errors_fp(stderr);
360\& return 0;
361\& }
e257b235 362\&
984263bc
MD
363\& /* Might do other things here like setting verify locations and
364\& * DH and/or RSA temporary key callbacks
365\& */
e257b235 366\&
984263bc
MD
367\& /* New SSL BIO setup as server */
368\& sbio=BIO_new_ssl(ctx,0);
e257b235 369\&
984263bc 370\& BIO_get_ssl(sbio, &ssl);
e257b235 371\&
984263bc 372\& if(!ssl) {
e257b235 373\& fprintf(stderr, "Can\*(Aqt locate SSL pointer\en");
984263bc
MD
374\& /* whatever ... */
375\& }
e257b235
PA
376\&
377\& /* Don\*(Aqt want any retries */
984263bc 378\& SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
e257b235 379\&
984263bc 380\& /* Create the buffering BIO */
e257b235 381\&
984263bc 382\& bbio = BIO_new(BIO_f_buffer());
e257b235 383\&
984263bc
MD
384\& /* Add to chain */
385\& sbio = BIO_push(bbio, sbio);
e257b235 386\&
984263bc 387\& acpt=BIO_new_accept("4433");
e257b235 388\&
984263bc
MD
389\& /* By doing this when a new connection is established
390\& * we automatically have sbio inserted into it. The
e257b235 391\& * BIO chain is now \*(Aqswallowed\*(Aq by the accept BIO and
984263bc
MD
392\& * will be freed when the accept BIO is freed.
393\& */
e257b235 394\&
984263bc 395\& BIO_set_accept_bios(acpt,sbio);
e257b235 396\&
984263bc 397\& out = BIO_new_fp(stdout, BIO_NOCLOSE);
e257b235 398\&
984263bc
MD
399\& /* Setup accept BIO */
400\& if(BIO_do_accept(acpt) <= 0) {
401\& fprintf(stderr, "Error setting up accept BIO\en");
402\& ERR_print_errors_fp(stderr);
403\& return 0;
404\& }
e257b235 405\&
984263bc
MD
406\& /* Now wait for incoming connection */
407\& if(BIO_do_accept(acpt) <= 0) {
408\& fprintf(stderr, "Error in connection\en");
409\& ERR_print_errors_fp(stderr);
410\& return 0;
411\& }
e257b235 412\&
984263bc
MD
413\& /* We only want one connection so remove and free
414\& * accept BIO
415\& */
e257b235 416\&
984263bc 417\& sbio = BIO_pop(acpt);
e257b235 418\&
984263bc 419\& BIO_free_all(acpt);
e257b235 420\&
984263bc
MD
421\& if(BIO_do_handshake(sbio) <= 0) {
422\& fprintf(stderr, "Error in SSL handshake\en");
423\& ERR_print_errors_fp(stderr);
424\& return 0;
425\& }
e257b235
PA
426\&
427\& BIO_puts(sbio, "HTTP/1.0 200 OK\er\enContent\-type: text/plain\er\en\er\en");
74dab6c2 428\& BIO_puts(sbio, "\er\enConnection Established\er\enRequest headers:\er\en");
e257b235
PA
429\& BIO_puts(sbio, "\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\er\en");
430\&
984263bc
MD
431\& for(;;) {
432\& len = BIO_gets(sbio, tmpbuf, 1024);
433\& if(len <= 0) break;
434\& BIO_write(sbio, tmpbuf, len);
435\& BIO_write(out, tmpbuf, len);
436\& /* Look for blank line signifying end of headers*/
e257b235 437\& if((tmpbuf[0] == \*(Aq\er\*(Aq) || (tmpbuf[0] == \*(Aq\en\*(Aq)) break;
984263bc 438\& }
e257b235
PA
439\&
440\& BIO_puts(sbio, "\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\er\en");
74dab6c2 441\& BIO_puts(sbio, "\er\en");
e257b235 442\&
984263bc
MD
443\& /* Since there is a buffering BIO present we had better flush it */
444\& BIO_flush(sbio);
e257b235 445\&
984263bc
MD
446\& BIO_free_all(sbio);
447.Ve
01185282
PA
448.SH "BUGS"
449.IX Header "BUGS"
450In OpenSSL versions before 1.0.0 the \fIBIO_pop()\fR call was handled incorrectly,
451the I/O \s-1BIO\s0 reference count was incorrectly incremented (instead of
5a44c043 452decremented) and dissociated with the \s-1SSL BIO\s0 even if the \s-1SSL BIO\s0 was not
01185282
PA
453explicitly being popped (e.g. a pop higher up the chain). Applications which
454included workarounds for this bug (e.g. freeing BIOs more than once) should
5a44c043 455be modified to handle this fix or they may free up an already freed \s-1BIO.\s0
984263bc
MD
456.SH "SEE ALSO"
457.IX Header "SEE ALSO"
8b0cefbb 458\&\s-1TBA\s0