Regenerate manual pages.
[dragonfly.git] / secure / lib / libssl / man / SSL_shutdown.3
CommitLineData
e056f0e0
JR
1.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14
2.\"
3.\" Standard preamble:
4.\" ========================================================================
5.de Sh \" Subsection heading
984263bc
MD
6.br
7.if t .Sp
8.ne 5
9.PP
10\fB\\$1\fR
11.PP
12..
e056f0e0 13.de Sp \" Vertical space (when we can't use .PP)
984263bc
MD
14.if t .sp .5v
15.if n .sp
16..
e056f0e0 17.de Vb \" Begin verbatim text
984263bc
MD
18.ft CW
19.nf
20.ne \\$1
21..
e056f0e0 22.de Ve \" End verbatim text
984263bc 23.ft R
984263bc
MD
24.fi
25..
e056f0e0
JR
26.\" Set up some character translations and predefined strings. \*(-- will
27.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
28.\" double quote, and \*(R" will give a right double quote. | will give a
29.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to
30.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C'
31.\" expand to `' in nroff, nothing in troff, for use with C<>.
984263bc 32.tr \(*W-|\(bv\*(Tr
e056f0e0 33.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
984263bc 34.ie n \{\
e056f0e0
JR
35. ds -- \(*W-
36. ds PI pi
37. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
38. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
39. ds L" ""
40. ds R" ""
41. ds C` ""
42. ds C' ""
984263bc
MD
43'br\}
44.el\{\
e056f0e0
JR
45. ds -- \|\(em\|
46. ds PI \(*p
47. ds L" ``
48. ds R" ''
984263bc 49'br\}
e056f0e0
JR
50.\"
51.\" If the F register is turned on, we'll generate index entries on stderr for
52.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index
53.\" entries marked with X<> in POD. Of course, you'll have to process the
54.\" output yourself in some meaningful fashion.
55.if \nF \{\
56. de IX
57. tm Index:\\$1\t\\n%\t"\\$2"
984263bc 58..
e056f0e0
JR
59. nr % 0
60. rr F
984263bc 61.\}
e056f0e0
JR
62.\"
63.\" For nroff, turn off justification. Always turn off hyphenation; it makes
64.\" way too many mistakes in technical documents.
65.hy 0
984263bc 66.if n .na
e056f0e0
JR
67.\"
68.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
69.\" Fear. Run. Save yourself. No user-serviceable parts.
70. \" fudge factors for nroff and troff
984263bc 71.if n \{\
e056f0e0
JR
72. ds #H 0
73. ds #V .8m
74. ds #F .3m
75. ds #[ \f1
76. ds #] \fP
984263bc
MD
77.\}
78.if t \{\
e056f0e0
JR
79. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
80. ds #V .6m
81. ds #F 0
82. ds #[ \&
83. ds #] \&
984263bc 84.\}
e056f0e0 85. \" simple accents for nroff and troff
984263bc 86.if n \{\
e056f0e0
JR
87. ds ' \&
88. ds ` \&
89. ds ^ \&
90. ds , \&
91. ds ~ ~
92. ds /
984263bc
MD
93.\}
94.if t \{\
e056f0e0
JR
95. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
96. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
97. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
98. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
99. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
100. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
984263bc 101.\}
e056f0e0 102. \" troff and (daisy-wheel) nroff accents
984263bc
MD
103.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
104.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
105.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
106.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
107.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
108.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
109.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
110.ds ae a\h'-(\w'a'u*4/10)'e
111.ds Ae A\h'-(\w'A'u*4/10)'E
e056f0e0 112. \" corrections for vroff
984263bc
MD
113.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
114.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
e056f0e0 115. \" for low resolution devices (crt and lpr)
984263bc
MD
116.if \n(.H>23 .if \n(.V>19 \
117\{\
e056f0e0
JR
118. ds : e
119. ds 8 ss
120. ds o a
121. ds d- d\h'-1'\(ga
122. ds D- D\h'-1'\(hy
123. ds th \o'bp'
124. ds Th \o'LP'
125. ds ae ae
126. ds Ae AE
984263bc
MD
127.\}
128.rm #[ #] #H #V #F C
e056f0e0
JR
129.\" ========================================================================
130.\"
131.IX Title "SSL_shutdown 3"
132.TH SSL_shutdown 3 "2004-12-22" "0.9.7e" "OpenSSL"
984263bc 133.SH "NAME"
a7d27d5a 134SSL_shutdown \- shut down a TLS/SSL connection
984263bc 135.SH "SYNOPSIS"
e056f0e0 136.IX Header "SYNOPSIS"
984263bc
MD
137.Vb 1
138\& #include <openssl/ssl.h>
139.Ve
e056f0e0 140.PP
984263bc
MD
141.Vb 1
142\& int SSL_shutdown(SSL *ssl);
143.Ve
144.SH "DESCRIPTION"
e056f0e0
JR
145.IX Header "DESCRIPTION"
146\&\fISSL_shutdown()\fR shuts down an active \s-1TLS/SSL\s0 connection. It sends the
147\&\*(L"close notify\*(R" shutdown alert to the peer.
984263bc 148.SH "NOTES"
e056f0e0
JR
149.IX Header "NOTES"
150\&\fISSL_shutdown()\fR tries to send the \*(L"close notify\*(R" shutdown alert to the peer.
151Whether the operation succeeds or not, the \s-1SSL_SENT_SHUTDOWN\s0 flag is set and
984263bc
MD
152a currently open session is considered closed and good and will be kept in the
153session cache for further reuse.
154.PP
155The shutdown procedure consists of 2 steps: the sending of the \*(L"close notify\*(R"
156shutdown alert and the reception of the peer's \*(L"close notify\*(R" shutdown
e056f0e0 157alert. According to the \s-1TLS\s0 standard, it is acceptable for an application
984263bc
MD
158to only send its shutdown alert and then close the underlying connection
159without waiting for the peer's response (this way resources can be saved,
160as the process can already terminate or serve another connection).
161When the underlying connection shall be used for more communications, the
162complete shutdown procedure (bidirectional \*(L"close notify\*(R" alerts) must be
163performed, so that the peers stay synchronized.
164.PP
e056f0e0 165\&\fISSL_shutdown()\fR supports both uni\- and bidirectional shutdown by its 2 step
984263bc 166behaviour.
e056f0e0
JR
167.ie n .IP "When the application is the first party to send the ""close notify"" alert, \fISSL_shutdown()\fR will only send the alert and the set the \s-1SSL_SENT_SHUTDOWN\s0 flag (so that the session is considered good and will be kept in cache). \fISSL_shutdown()\fR will then return with 0. If a unidirectional shutdown is enough (the underlying connection shall be closed anyway), this first call to \fISSL_shutdown()\fR is sufficient. In order to complete the bidirectional shutdown handshake, \fISSL_shutdown()\fR must be called again. The second call will make \fISSL_shutdown()\fR wait for the peer's ""close notify"" shutdown alert. On success, the second call to \fISSL_shutdown()\fR will return with 1." 4
168.el .IP "When the application is the first party to send the ``close notify'' alert, \fISSL_shutdown()\fR will only send the alert and the set the \s-1SSL_SENT_SHUTDOWN\s0 flag (so that the session is considered good and will be kept in cache). \fISSL_shutdown()\fR will then return with 0. If a unidirectional shutdown is enough (the underlying connection shall be closed anyway), this first call to \fISSL_shutdown()\fR is sufficient. In order to complete the bidirectional shutdown handshake, \fISSL_shutdown()\fR must be called again. The second call will make \fISSL_shutdown()\fR wait for the peer's ``close notify'' shutdown alert. On success, the second call to \fISSL_shutdown()\fR will return with 1." 4
169.IX Item "When the application is the first party to send the close notify alert, SSL_shutdown() will only send the alert and the set the SSL_SENT_SHUTDOWN flag (so that the session is considered good and will be kept in cache). SSL_shutdown() will then return with 0. If a unidirectional shutdown is enough (the underlying connection shall be closed anyway), this first call to SSL_shutdown() is sufficient. In order to complete the bidirectional shutdown handshake, SSL_shutdown() must be called again. The second call will make SSL_shutdown() wait for the peer's close notify shutdown alert. On success, the second call to SSL_shutdown() will return with 1."
170.PD 0
171.ie n .IP "If the peer already sent the ""close notify"" alert \fBand\fR it was already processed implicitly inside another function (\fISSL_read\fR\|(3)), the \s-1SSL_RECEIVED_SHUTDOWN\s0 flag is set. \fISSL_shutdown()\fR will send the ""close notify"" alert, set the \s-1SSL_SENT_SHUTDOWN\s0 flag and will immediately return with 1. Whether \s-1SSL_RECEIVED_SHUTDOWN\s0 is already set can be checked using the \fISSL_get_shutdown()\fR (see also \fISSL_set_shutdown\fR\|(3) call." 4
172.el .IP "If the peer already sent the ``close notify'' alert \fBand\fR it was already processed implicitly inside another function (\fISSL_read\fR\|(3)), the \s-1SSL_RECEIVED_SHUTDOWN\s0 flag is set. \fISSL_shutdown()\fR will send the ``close notify'' alert, set the \s-1SSL_SENT_SHUTDOWN\s0 flag and will immediately return with 1. Whether \s-1SSL_RECEIVED_SHUTDOWN\s0 is already set can be checked using the \fISSL_get_shutdown()\fR (see also \fISSL_set_shutdown\fR\|(3) call." 4
173.IX Item "If the peer already sent the close notify alert and it was already processed implicitly inside another function (SSL_read), the SSL_RECEIVED_SHUTDOWN flag is set. SSL_shutdown() will send the close notify alert, set the SSL_SENT_SHUTDOWN flag and will immediately return with 1. Whether SSL_RECEIVED_SHUTDOWN is already set can be checked using the SSL_get_shutdown() (see also SSL_set_shutdown call."
174.PD
984263bc
MD
175.PP
176It is therefore recommended, to check the return value of \fISSL_shutdown()\fR
177and call \fISSL_shutdown()\fR again, if the bidirectional shutdown is not yet
178complete (return value of the first call is 0). As the shutdown is not
179specially handled in the SSLv2 protocol, \fISSL_shutdown()\fR will succeed on
180the first call.
181.PP
182The behaviour of \fISSL_shutdown()\fR additionally depends on the underlying \s-1BIO\s0.
183.PP
184If the underlying \s-1BIO\s0 is \fBblocking\fR, \fISSL_shutdown()\fR will only return once the
185handshake step has been finished or an error occurred.
186.PP
187If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fISSL_shutdown()\fR will also return
188when the underlying \s-1BIO\s0 could not satisfy the needs of \fISSL_shutdown()\fR
189to continue the handshake. In this case a call to \fISSL_get_error()\fR with the
190return value of \fISSL_shutdown()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or
e056f0e0 191\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. The calling process then must repeat the call after
984263bc
MD
192taking appropriate action to satisfy the needs of \fISSL_shutdown()\fR.
193The action depends on the underlying \s-1BIO\s0. When using a non-blocking socket,
194nothing is to be done, but \fIselect()\fR can be used to check for the required
195condition. When using a buffering \s-1BIO\s0, like a \s-1BIO\s0 pair, data must be written
196into or retrieved out of the \s-1BIO\s0 before being able to continue.
197.PP
e056f0e0 198\&\fISSL_shutdown()\fR can be modified to only set the connection to \*(L"shutdown\*(R"
984263bc 199state but not actually send the \*(L"close notify\*(R" alert messages,
e056f0e0 200see \fISSL_CTX_set_quiet_shutdown\fR\|(3).
984263bc
MD
201When \*(L"quiet shutdown\*(R" is enabled, \fISSL_shutdown()\fR will always succeed
202and return 1.
203.SH "RETURN VALUES"
e056f0e0 204.IX Header "RETURN VALUES"
984263bc 205The following return values can occur:
e056f0e0
JR
206.IP "1" 4
207.IX Item "1"
984263bc
MD
208The shutdown was successfully completed. The \*(L"close notify\*(R" alert was sent
209and the peer's \*(L"close notify\*(R" alert was received.
e056f0e0 210.IP "0" 4
984263bc
MD
211The shutdown is not yet finished. Call \fISSL_shutdown()\fR for a second time,
212if a bidirectional shutdown shall be performed.
e056f0e0 213The output of \fISSL_get_error\fR\|(3) may be misleading, as an
984263bc 214erroneous \s-1SSL_ERROR_SYSCALL\s0 may be flagged even though no error occurred.
e056f0e0
JR
215.IP "\-1" 4
216.IX Item "-1"
984263bc
MD
217The shutdown was not successful because a fatal error occurred either
218at the protocol level or a connection failure occurred. It can also occur if
219action is need to continue the operation for non-blocking BIOs.
e056f0e0 220Call \fISSL_get_error\fR\|(3) with the return value \fBret\fR
984263bc
MD
221to find out the reason.
222.SH "SEE ALSO"
a7d27d5a 223.IX Header "SEE ALSO"
e056f0e0
JR
224\&\fISSL_get_error\fR\|(3), \fISSL_connect\fR\|(3),
225\&\fISSL_accept\fR\|(3), \fISSL_set_shutdown\fR\|(3),
226\&\fISSL_CTX_set_quiet_shutdown\fR\|(3),
227\&\fISSL_clear\fR\|(3), \fISSL_free\fR\|(3),
228\&\fIssl\fR\|(3), \fIbio\fR\|(3)