Update build for OpenSSL-0.9.8j upgrade.
[dragonfly.git] / secure / lib / libssl / man / SSL_shutdown.3
CommitLineData
e257b235 1.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05)
e056f0e0
JR
2.\"
3.\" Standard preamble:
4.\" ========================================================================
5.de Sh \" Subsection heading
984263bc
MD
6.br
7.if t .Sp
8.ne 5
9.PP
10\fB\\$1\fR
11.PP
12..
e056f0e0 13.de Sp \" Vertical space (when we can't use .PP)
984263bc
MD
14.if t .sp .5v
15.if n .sp
16..
e056f0e0 17.de Vb \" Begin verbatim text
984263bc
MD
18.ft CW
19.nf
20.ne \\$1
21..
e056f0e0 22.de Ve \" End verbatim text
984263bc 23.ft R
984263bc
MD
24.fi
25..
e056f0e0
JR
26.\" Set up some character translations and predefined strings. \*(-- will
27.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
e257b235
PA
28.\" double quote, and \*(R" will give a right double quote. \*(C+ will
29.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
30.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
31.\" nothing in troff, for use with C<>.
32.tr \(*W-
e056f0e0 33.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
984263bc 34.ie n \{\
e056f0e0
JR
35. ds -- \(*W-
36. ds PI pi
37. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
38. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
39. ds L" ""
40. ds R" ""
41. ds C` ""
42. ds C' ""
984263bc
MD
43'br\}
44.el\{\
e056f0e0
JR
45. ds -- \|\(em\|
46. ds PI \(*p
47. ds L" ``
48. ds R" ''
984263bc 49'br\}
e056f0e0 50.\"
e257b235
PA
51.\" Escape single quotes in literal strings from groff's Unicode transform.
52.ie \n(.g .ds Aq \(aq
53.el .ds Aq '
54.\"
e056f0e0
JR
55.\" If the F register is turned on, we'll generate index entries on stderr for
56.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index
57.\" entries marked with X<> in POD. Of course, you'll have to process the
58.\" output yourself in some meaningful fashion.
e257b235 59.ie \nF \{\
e056f0e0
JR
60. de IX
61. tm Index:\\$1\t\\n%\t"\\$2"
984263bc 62..
e056f0e0
JR
63. nr % 0
64. rr F
984263bc 65.\}
e257b235
PA
66.el \{\
67. de IX
68..
69.\}
aac4ff6f 70.\"
e056f0e0
JR
71.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
72.\" Fear. Run. Save yourself. No user-serviceable parts.
73. \" fudge factors for nroff and troff
984263bc 74.if n \{\
e056f0e0
JR
75. ds #H 0
76. ds #V .8m
77. ds #F .3m
78. ds #[ \f1
79. ds #] \fP
984263bc
MD
80.\}
81.if t \{\
e056f0e0
JR
82. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
83. ds #V .6m
84. ds #F 0
85. ds #[ \&
86. ds #] \&
984263bc 87.\}
e056f0e0 88. \" simple accents for nroff and troff
984263bc 89.if n \{\
e056f0e0
JR
90. ds ' \&
91. ds ` \&
92. ds ^ \&
93. ds , \&
94. ds ~ ~
95. ds /
984263bc
MD
96.\}
97.if t \{\
e056f0e0
JR
98. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
99. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
100. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
101. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
102. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
103. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
984263bc 104.\}
e056f0e0 105. \" troff and (daisy-wheel) nroff accents
984263bc
MD
106.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
107.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
108.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
109.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
110.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
111.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
112.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
113.ds ae a\h'-(\w'a'u*4/10)'e
114.ds Ae A\h'-(\w'A'u*4/10)'E
e056f0e0 115. \" corrections for vroff
984263bc
MD
116.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
117.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
e056f0e0 118. \" for low resolution devices (crt and lpr)
984263bc
MD
119.if \n(.H>23 .if \n(.V>19 \
120\{\
e056f0e0
JR
121. ds : e
122. ds 8 ss
123. ds o a
124. ds d- d\h'-1'\(ga
125. ds D- D\h'-1'\(hy
126. ds th \o'bp'
127. ds Th \o'LP'
128. ds ae ae
129. ds Ae AE
984263bc
MD
130.\}
131.rm #[ #] #H #V #F C
e056f0e0
JR
132.\" ========================================================================
133.\"
134.IX Title "SSL_shutdown 3"
e257b235
PA
135.TH SSL_shutdown 3 "2009-01-11" "0.9.8j" "OpenSSL"
136.\" For nroff, turn off justification. Always turn off hyphenation; it makes
137.\" way too many mistakes in technical documents.
138.if n .ad l
139.nh
984263bc 140.SH "NAME"
a7d27d5a 141SSL_shutdown \- shut down a TLS/SSL connection
984263bc 142.SH "SYNOPSIS"
e056f0e0 143.IX Header "SYNOPSIS"
984263bc
MD
144.Vb 1
145\& #include <openssl/ssl.h>
e257b235 146\&
984263bc
MD
147\& int SSL_shutdown(SSL *ssl);
148.Ve
149.SH "DESCRIPTION"
e056f0e0
JR
150.IX Header "DESCRIPTION"
151\&\fISSL_shutdown()\fR shuts down an active \s-1TLS/SSL\s0 connection. It sends the
152\&\*(L"close notify\*(R" shutdown alert to the peer.
984263bc 153.SH "NOTES"
e056f0e0
JR
154.IX Header "NOTES"
155\&\fISSL_shutdown()\fR tries to send the \*(L"close notify\*(R" shutdown alert to the peer.
156Whether the operation succeeds or not, the \s-1SSL_SENT_SHUTDOWN\s0 flag is set and
984263bc
MD
157a currently open session is considered closed and good and will be kept in the
158session cache for further reuse.
159.PP
160The shutdown procedure consists of 2 steps: the sending of the \*(L"close notify\*(R"
161shutdown alert and the reception of the peer's \*(L"close notify\*(R" shutdown
e056f0e0 162alert. According to the \s-1TLS\s0 standard, it is acceptable for an application
984263bc
MD
163to only send its shutdown alert and then close the underlying connection
164without waiting for the peer's response (this way resources can be saved,
165as the process can already terminate or serve another connection).
166When the underlying connection shall be used for more communications, the
167complete shutdown procedure (bidirectional \*(L"close notify\*(R" alerts) must be
168performed, so that the peers stay synchronized.
169.PP
e056f0e0 170\&\fISSL_shutdown()\fR supports both uni\- and bidirectional shutdown by its 2 step
984263bc 171behaviour.
a561f9ff
SS
172.ie n .IP "When the application is the first party to send the ""close notify"" alert, \fISSL_shutdown()\fR will only send the alert and then set the \s-1SSL_SENT_SHUTDOWN\s0 flag (so that the session is considered good and will be kept in cache). \fISSL_shutdown()\fR will then return with 0. If a unidirectional shutdown is enough (the underlying connection shall be closed anyway), this first call to \fISSL_shutdown()\fR is sufficient. In order to complete the bidirectional shutdown handshake, \fISSL_shutdown()\fR must be called again. The second call will make \fISSL_shutdown()\fR wait for the peer's ""close notify"" shutdown alert. On success, the second call to \fISSL_shutdown()\fR will return with 1." 4
173.el .IP "When the application is the first party to send the ``close notify'' alert, \fISSL_shutdown()\fR will only send the alert and then set the \s-1SSL_SENT_SHUTDOWN\s0 flag (so that the session is considered good and will be kept in cache). \fISSL_shutdown()\fR will then return with 0. If a unidirectional shutdown is enough (the underlying connection shall be closed anyway), this first call to \fISSL_shutdown()\fR is sufficient. In order to complete the bidirectional shutdown handshake, \fISSL_shutdown()\fR must be called again. The second call will make \fISSL_shutdown()\fR wait for the peer's ``close notify'' shutdown alert. On success, the second call to \fISSL_shutdown()\fR will return with 1." 4
174.IX Item "When the application is the first party to send the close notify alert, SSL_shutdown() will only send the alert and then set the SSL_SENT_SHUTDOWN flag (so that the session is considered good and will be kept in cache). SSL_shutdown() will then return with 0. If a unidirectional shutdown is enough (the underlying connection shall be closed anyway), this first call to SSL_shutdown() is sufficient. In order to complete the bidirectional shutdown handshake, SSL_shutdown() must be called again. The second call will make SSL_shutdown() wait for the peer's close notify shutdown alert. On success, the second call to SSL_shutdown() will return with 1."
e056f0e0
JR
175.PD 0
176.ie n .IP "If the peer already sent the ""close notify"" alert \fBand\fR it was already processed implicitly inside another function (\fISSL_read\fR\|(3)), the \s-1SSL_RECEIVED_SHUTDOWN\s0 flag is set. \fISSL_shutdown()\fR will send the ""close notify"" alert, set the \s-1SSL_SENT_SHUTDOWN\s0 flag and will immediately return with 1. Whether \s-1SSL_RECEIVED_SHUTDOWN\s0 is already set can be checked using the \fISSL_get_shutdown()\fR (see also \fISSL_set_shutdown\fR\|(3) call." 4
177.el .IP "If the peer already sent the ``close notify'' alert \fBand\fR it was already processed implicitly inside another function (\fISSL_read\fR\|(3)), the \s-1SSL_RECEIVED_SHUTDOWN\s0 flag is set. \fISSL_shutdown()\fR will send the ``close notify'' alert, set the \s-1SSL_SENT_SHUTDOWN\s0 flag and will immediately return with 1. Whether \s-1SSL_RECEIVED_SHUTDOWN\s0 is already set can be checked using the \fISSL_get_shutdown()\fR (see also \fISSL_set_shutdown\fR\|(3) call." 4
178.IX Item "If the peer already sent the close notify alert and it was already processed implicitly inside another function (SSL_read), the SSL_RECEIVED_SHUTDOWN flag is set. SSL_shutdown() will send the close notify alert, set the SSL_SENT_SHUTDOWN flag and will immediately return with 1. Whether SSL_RECEIVED_SHUTDOWN is already set can be checked using the SSL_get_shutdown() (see also SSL_set_shutdown call."
179.PD
984263bc
MD
180.PP
181It is therefore recommended, to check the return value of \fISSL_shutdown()\fR
182and call \fISSL_shutdown()\fR again, if the bidirectional shutdown is not yet
183complete (return value of the first call is 0). As the shutdown is not
184specially handled in the SSLv2 protocol, \fISSL_shutdown()\fR will succeed on
185the first call.
186.PP
e257b235 187The behaviour of \fISSL_shutdown()\fR additionally depends on the underlying \s-1BIO\s0.
984263bc
MD
188.PP
189If the underlying \s-1BIO\s0 is \fBblocking\fR, \fISSL_shutdown()\fR will only return once the
190handshake step has been finished or an error occurred.
191.PP
192If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fISSL_shutdown()\fR will also return
193when the underlying \s-1BIO\s0 could not satisfy the needs of \fISSL_shutdown()\fR
194to continue the handshake. In this case a call to \fISSL_get_error()\fR with the
195return value of \fISSL_shutdown()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or
e056f0e0 196\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. The calling process then must repeat the call after
984263bc
MD
197taking appropriate action to satisfy the needs of \fISSL_shutdown()\fR.
198The action depends on the underlying \s-1BIO\s0. When using a non-blocking socket,
199nothing is to be done, but \fIselect()\fR can be used to check for the required
200condition. When using a buffering \s-1BIO\s0, like a \s-1BIO\s0 pair, data must be written
201into or retrieved out of the \s-1BIO\s0 before being able to continue.
202.PP
e056f0e0 203\&\fISSL_shutdown()\fR can be modified to only set the connection to \*(L"shutdown\*(R"
984263bc 204state but not actually send the \*(L"close notify\*(R" alert messages,
e056f0e0 205see \fISSL_CTX_set_quiet_shutdown\fR\|(3).
984263bc
MD
206When \*(L"quiet shutdown\*(R" is enabled, \fISSL_shutdown()\fR will always succeed
207and return 1.
208.SH "RETURN VALUES"
e056f0e0 209.IX Header "RETURN VALUES"
984263bc 210The following return values can occur:
e257b235 211.IP "1." 4
984263bc
MD
212The shutdown was successfully completed. The \*(L"close notify\*(R" alert was sent
213and the peer's \*(L"close notify\*(R" alert was received.
e257b235 214.IP "2." 4
984263bc
MD
215The shutdown is not yet finished. Call \fISSL_shutdown()\fR for a second time,
216if a bidirectional shutdown shall be performed.
e056f0e0 217The output of \fISSL_get_error\fR\|(3) may be misleading, as an
984263bc 218erroneous \s-1SSL_ERROR_SYSCALL\s0 may be flagged even though no error occurred.
e257b235
PA
219.IP "3." 4
220\&\-1
221.Sp
984263bc
MD
222The shutdown was not successful because a fatal error occurred either
223at the protocol level or a connection failure occurred. It can also occur if
224action is need to continue the operation for non-blocking BIOs.
e056f0e0 225Call \fISSL_get_error\fR\|(3) with the return value \fBret\fR
984263bc
MD
226to find out the reason.
227.SH "SEE ALSO"
a7d27d5a 228.IX Header "SEE ALSO"
e056f0e0
JR
229\&\fISSL_get_error\fR\|(3), \fISSL_connect\fR\|(3),
230\&\fISSL_accept\fR\|(3), \fISSL_set_shutdown\fR\|(3),
231\&\fISSL_CTX_set_quiet_shutdown\fR\|(3),
232\&\fISSL_clear\fR\|(3), \fISSL_free\fR\|(3),
233\&\fIssl\fR\|(3), \fIbio\fR\|(3)
e257b235
PA
234.SH "POD ERRORS"
235.IX Header "POD ERRORS"
236Hey! \fBThe above document had some coding errors, which are explained below:\fR
237.IP "Around line 100:" 4
238.IX Item "Around line 100:"
239You have '=item 0' instead of the expected '=item 2'
240.IP "Around line 107:" 4
241.IX Item "Around line 107:"
242Expected '=item 3'