Update files for OpenSSL-1.0.0f import.
[dragonfly.git] / secure / lib / libssl / man / SSL_shutdown.3
CommitLineData
e3261593 1.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.19)
e056f0e0
JR
2.\"
3.\" Standard preamble:
4.\" ========================================================================
e056f0e0 5.de Sp \" Vertical space (when we can't use .PP)
984263bc
MD
6.if t .sp .5v
7.if n .sp
8..
e056f0e0 9.de Vb \" Begin verbatim text
984263bc
MD
10.ft CW
11.nf
12.ne \\$1
13..
e056f0e0 14.de Ve \" End verbatim text
984263bc 15.ft R
984263bc
MD
16.fi
17..
e056f0e0
JR
18.\" Set up some character translations and predefined strings. \*(-- will
19.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
e257b235
PA
20.\" double quote, and \*(R" will give a right double quote. \*(C+ will
21.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
22.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
23.\" nothing in troff, for use with C<>.
24.tr \(*W-
e056f0e0 25.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
984263bc 26.ie n \{\
e056f0e0
JR
27. ds -- \(*W-
28. ds PI pi
29. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
30. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
31. ds L" ""
32. ds R" ""
33. ds C` ""
34. ds C' ""
984263bc
MD
35'br\}
36.el\{\
e056f0e0
JR
37. ds -- \|\(em\|
38. ds PI \(*p
39. ds L" ``
40. ds R" ''
984263bc 41'br\}
e056f0e0 42.\"
e257b235
PA
43.\" Escape single quotes in literal strings from groff's Unicode transform.
44.ie \n(.g .ds Aq \(aq
45.el .ds Aq '
46.\"
e056f0e0 47.\" If the F register is turned on, we'll generate index entries on stderr for
01185282 48.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
e056f0e0
JR
49.\" entries marked with X<> in POD. Of course, you'll have to process the
50.\" output yourself in some meaningful fashion.
e257b235 51.ie \nF \{\
e056f0e0
JR
52. de IX
53. tm Index:\\$1\t\\n%\t"\\$2"
984263bc 54..
e056f0e0
JR
55. nr % 0
56. rr F
984263bc 57.\}
e257b235
PA
58.el \{\
59. de IX
60..
61.\}
aac4ff6f 62.\"
e056f0e0
JR
63.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
64.\" Fear. Run. Save yourself. No user-serviceable parts.
65. \" fudge factors for nroff and troff
984263bc 66.if n \{\
e056f0e0
JR
67. ds #H 0
68. ds #V .8m
69. ds #F .3m
70. ds #[ \f1
71. ds #] \fP
984263bc
MD
72.\}
73.if t \{\
e056f0e0
JR
74. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
75. ds #V .6m
76. ds #F 0
77. ds #[ \&
78. ds #] \&
984263bc 79.\}
e056f0e0 80. \" simple accents for nroff and troff
984263bc 81.if n \{\
e056f0e0
JR
82. ds ' \&
83. ds ` \&
84. ds ^ \&
85. ds , \&
86. ds ~ ~
87. ds /
984263bc
MD
88.\}
89.if t \{\
e056f0e0
JR
90. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
91. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
92. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
93. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
94. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
95. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
984263bc 96.\}
e056f0e0 97. \" troff and (daisy-wheel) nroff accents
984263bc
MD
98.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
99.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
100.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
101.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
102.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
103.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
104.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
105.ds ae a\h'-(\w'a'u*4/10)'e
106.ds Ae A\h'-(\w'A'u*4/10)'E
e056f0e0 107. \" corrections for vroff
984263bc
MD
108.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
109.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
e056f0e0 110. \" for low resolution devices (crt and lpr)
984263bc
MD
111.if \n(.H>23 .if \n(.V>19 \
112\{\
e056f0e0
JR
113. ds : e
114. ds 8 ss
115. ds o a
116. ds d- d\h'-1'\(ga
117. ds D- D\h'-1'\(hy
118. ds th \o'bp'
119. ds Th \o'LP'
120. ds ae ae
121. ds Ae AE
984263bc
MD
122.\}
123.rm #[ #] #H #V #F C
e056f0e0
JR
124.\" ========================================================================
125.\"
126.IX Title "SSL_shutdown 3"
e3261593 127.TH SSL_shutdown 3 "2012-01-04" "1.0.0f" "OpenSSL"
e257b235
PA
128.\" For nroff, turn off justification. Always turn off hyphenation; it makes
129.\" way too many mistakes in technical documents.
130.if n .ad l
131.nh
984263bc 132.SH "NAME"
a7d27d5a 133SSL_shutdown \- shut down a TLS/SSL connection
984263bc 134.SH "SYNOPSIS"
e056f0e0 135.IX Header "SYNOPSIS"
984263bc
MD
136.Vb 1
137\& #include <openssl/ssl.h>
e257b235 138\&
984263bc
MD
139\& int SSL_shutdown(SSL *ssl);
140.Ve
141.SH "DESCRIPTION"
e056f0e0
JR
142.IX Header "DESCRIPTION"
143\&\fISSL_shutdown()\fR shuts down an active \s-1TLS/SSL\s0 connection. It sends the
144\&\*(L"close notify\*(R" shutdown alert to the peer.
984263bc 145.SH "NOTES"
e056f0e0
JR
146.IX Header "NOTES"
147\&\fISSL_shutdown()\fR tries to send the \*(L"close notify\*(R" shutdown alert to the peer.
148Whether the operation succeeds or not, the \s-1SSL_SENT_SHUTDOWN\s0 flag is set and
984263bc
MD
149a currently open session is considered closed and good and will be kept in the
150session cache for further reuse.
151.PP
152The shutdown procedure consists of 2 steps: the sending of the \*(L"close notify\*(R"
153shutdown alert and the reception of the peer's \*(L"close notify\*(R" shutdown
e056f0e0 154alert. According to the \s-1TLS\s0 standard, it is acceptable for an application
984263bc
MD
155to only send its shutdown alert and then close the underlying connection
156without waiting for the peer's response (this way resources can be saved,
157as the process can already terminate or serve another connection).
158When the underlying connection shall be used for more communications, the
159complete shutdown procedure (bidirectional \*(L"close notify\*(R" alerts) must be
160performed, so that the peers stay synchronized.
161.PP
e056f0e0 162\&\fISSL_shutdown()\fR supports both uni\- and bidirectional shutdown by its 2 step
984263bc 163behaviour.
a561f9ff
SS
164.ie n .IP "When the application is the first party to send the ""close notify"" alert, \fISSL_shutdown()\fR will only send the alert and then set the \s-1SSL_SENT_SHUTDOWN\s0 flag (so that the session is considered good and will be kept in cache). \fISSL_shutdown()\fR will then return with 0. If a unidirectional shutdown is enough (the underlying connection shall be closed anyway), this first call to \fISSL_shutdown()\fR is sufficient. In order to complete the bidirectional shutdown handshake, \fISSL_shutdown()\fR must be called again. The second call will make \fISSL_shutdown()\fR wait for the peer's ""close notify"" shutdown alert. On success, the second call to \fISSL_shutdown()\fR will return with 1." 4
165.el .IP "When the application is the first party to send the ``close notify'' alert, \fISSL_shutdown()\fR will only send the alert and then set the \s-1SSL_SENT_SHUTDOWN\s0 flag (so that the session is considered good and will be kept in cache). \fISSL_shutdown()\fR will then return with 0. If a unidirectional shutdown is enough (the underlying connection shall be closed anyway), this first call to \fISSL_shutdown()\fR is sufficient. In order to complete the bidirectional shutdown handshake, \fISSL_shutdown()\fR must be called again. The second call will make \fISSL_shutdown()\fR wait for the peer's ``close notify'' shutdown alert. On success, the second call to \fISSL_shutdown()\fR will return with 1." 4
166.IX Item "When the application is the first party to send the close notify alert, SSL_shutdown() will only send the alert and then set the SSL_SENT_SHUTDOWN flag (so that the session is considered good and will be kept in cache). SSL_shutdown() will then return with 0. If a unidirectional shutdown is enough (the underlying connection shall be closed anyway), this first call to SSL_shutdown() is sufficient. In order to complete the bidirectional shutdown handshake, SSL_shutdown() must be called again. The second call will make SSL_shutdown() wait for the peer's close notify shutdown alert. On success, the second call to SSL_shutdown() will return with 1."
e056f0e0
JR
167.PD 0
168.ie n .IP "If the peer already sent the ""close notify"" alert \fBand\fR it was already processed implicitly inside another function (\fISSL_read\fR\|(3)), the \s-1SSL_RECEIVED_SHUTDOWN\s0 flag is set. \fISSL_shutdown()\fR will send the ""close notify"" alert, set the \s-1SSL_SENT_SHUTDOWN\s0 flag and will immediately return with 1. Whether \s-1SSL_RECEIVED_SHUTDOWN\s0 is already set can be checked using the \fISSL_get_shutdown()\fR (see also \fISSL_set_shutdown\fR\|(3) call." 4
169.el .IP "If the peer already sent the ``close notify'' alert \fBand\fR it was already processed implicitly inside another function (\fISSL_read\fR\|(3)), the \s-1SSL_RECEIVED_SHUTDOWN\s0 flag is set. \fISSL_shutdown()\fR will send the ``close notify'' alert, set the \s-1SSL_SENT_SHUTDOWN\s0 flag and will immediately return with 1. Whether \s-1SSL_RECEIVED_SHUTDOWN\s0 is already set can be checked using the \fISSL_get_shutdown()\fR (see also \fISSL_set_shutdown\fR\|(3) call." 4
170.IX Item "If the peer already sent the close notify alert and it was already processed implicitly inside another function (SSL_read), the SSL_RECEIVED_SHUTDOWN flag is set. SSL_shutdown() will send the close notify alert, set the SSL_SENT_SHUTDOWN flag and will immediately return with 1. Whether SSL_RECEIVED_SHUTDOWN is already set can be checked using the SSL_get_shutdown() (see also SSL_set_shutdown call."
171.PD
984263bc
MD
172.PP
173It is therefore recommended, to check the return value of \fISSL_shutdown()\fR
174and call \fISSL_shutdown()\fR again, if the bidirectional shutdown is not yet
175complete (return value of the first call is 0). As the shutdown is not
176specially handled in the SSLv2 protocol, \fISSL_shutdown()\fR will succeed on
177the first call.
178.PP
e257b235 179The behaviour of \fISSL_shutdown()\fR additionally depends on the underlying \s-1BIO\s0.
984263bc
MD
180.PP
181If the underlying \s-1BIO\s0 is \fBblocking\fR, \fISSL_shutdown()\fR will only return once the
182handshake step has been finished or an error occurred.
183.PP
184If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fISSL_shutdown()\fR will also return
185when the underlying \s-1BIO\s0 could not satisfy the needs of \fISSL_shutdown()\fR
186to continue the handshake. In this case a call to \fISSL_get_error()\fR with the
187return value of \fISSL_shutdown()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or
e056f0e0 188\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. The calling process then must repeat the call after
984263bc
MD
189taking appropriate action to satisfy the needs of \fISSL_shutdown()\fR.
190The action depends on the underlying \s-1BIO\s0. When using a non-blocking socket,
191nothing is to be done, but \fIselect()\fR can be used to check for the required
192condition. When using a buffering \s-1BIO\s0, like a \s-1BIO\s0 pair, data must be written
193into or retrieved out of the \s-1BIO\s0 before being able to continue.
194.PP
e056f0e0 195\&\fISSL_shutdown()\fR can be modified to only set the connection to \*(L"shutdown\*(R"
984263bc 196state but not actually send the \*(L"close notify\*(R" alert messages,
e056f0e0 197see \fISSL_CTX_set_quiet_shutdown\fR\|(3).
984263bc
MD
198When \*(L"quiet shutdown\*(R" is enabled, \fISSL_shutdown()\fR will always succeed
199and return 1.
200.SH "RETURN VALUES"
e056f0e0 201.IX Header "RETURN VALUES"
984263bc 202The following return values can occur:
e257b235 203.IP "1." 4
984263bc
MD
204The shutdown was successfully completed. The \*(L"close notify\*(R" alert was sent
205and the peer's \*(L"close notify\*(R" alert was received.
e257b235 206.IP "2." 4
984263bc
MD
207The shutdown is not yet finished. Call \fISSL_shutdown()\fR for a second time,
208if a bidirectional shutdown shall be performed.
e056f0e0 209The output of \fISSL_get_error\fR\|(3) may be misleading, as an
984263bc 210erroneous \s-1SSL_ERROR_SYSCALL\s0 may be flagged even though no error occurred.
e257b235
PA
211.IP "3." 4
212\&\-1
213.Sp
984263bc
MD
214The shutdown was not successful because a fatal error occurred either
215at the protocol level or a connection failure occurred. It can also occur if
216action is need to continue the operation for non-blocking BIOs.
e056f0e0 217Call \fISSL_get_error\fR\|(3) with the return value \fBret\fR
984263bc
MD
218to find out the reason.
219.SH "SEE ALSO"
a7d27d5a 220.IX Header "SEE ALSO"
e056f0e0
JR
221\&\fISSL_get_error\fR\|(3), \fISSL_connect\fR\|(3),
222\&\fISSL_accept\fR\|(3), \fISSL_set_shutdown\fR\|(3),
223\&\fISSL_CTX_set_quiet_shutdown\fR\|(3),
224\&\fISSL_clear\fR\|(3), \fISSL_free\fR\|(3),
225\&\fIssl\fR\|(3), \fIbio\fR\|(3)
e257b235
PA
226.SH "POD ERRORS"
227.IX Header "POD ERRORS"
228Hey! \fBThe above document had some coding errors, which are explained below:\fR
229.IP "Around line 100:" 4
230.IX Item "Around line 100:"
231You have '=item 0' instead of the expected '=item 2'
232.IP "Around line 107:" 4
233.IX Item "Around line 107:"
234Expected '=item 3'