diff options
author | Lutz Jänicke <jaenicke@openssl.org> | 2001-07-25 12:12:51 +0000 |
---|---|---|
committer | Lutz Jänicke <jaenicke@openssl.org> | 2001-07-25 12:12:51 +0000 |
commit | 7abe76e1bdb50ac8cfc54a8e28e9275aeb64c84d (patch) | |
tree | f31fb0b79b89a12a43a7cc422cb6bcdaae40f096 /doc | |
parent | 7bc03ded122f6538fbcc321db987ba4338f5e278 (diff) |
Fix wrong information about SSL_set_connect_state()...
Diffstat (limited to 'doc')
-rw-r--r-- | doc/ssl/SSL_CTX_new.pod | 4 | ||||
-rw-r--r-- | doc/ssl/SSL_accept.pod | 5 | ||||
-rw-r--r-- | doc/ssl/SSL_connect.pod | 5 | ||||
-rw-r--r-- | doc/ssl/SSL_read.pod | 7 | ||||
-rw-r--r-- | doc/ssl/SSL_set_connect_state.pod | 23 | ||||
-rw-r--r-- | doc/ssl/SSL_write.pod | 6 |
6 files changed, 20 insertions, 30 deletions
diff --git a/doc/ssl/SSL_CTX_new.pod b/doc/ssl/SSL_CTX_new.pod index 1dae8b0bdd..465220a75c 100644 --- a/doc/ssl/SSL_CTX_new.pod +++ b/doc/ssl/SSL_CTX_new.pod @@ -59,10 +59,6 @@ choice when compatibility is a concern. =back -If a generic method is used, it is necessary to explicitly set client or -server mode with L<SSL_set_connect_state(3)|SSL_set_connect_state(3)> -or SSL_set_accept_state(). - The list of protocols available can later be limited using the SSL_OP_NO_SSLv2, SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1 options of the B<SSL_CTX_set_options()> or B<SSL_set_options()> functions. Using these options it is possible to choose diff --git a/doc/ssl/SSL_accept.pod b/doc/ssl/SSL_accept.pod index 86f980de41..ac6caf9baa 100644 --- a/doc/ssl/SSL_accept.pod +++ b/doc/ssl/SSL_accept.pod @@ -37,11 +37,6 @@ nothing is to be done, but select() can be used to check for the required condition. When using a buffering BIO, like a BIO pair, data must be written into or retrieved out of the BIO before being able to continue. -When using a generic method (see L<SSL_CTX_new(3)|SSL_CTX_new(3)>), it -is necessary to call SSL_set_accept_state() -before calling SSL_accept() to explicitly switch the B<ssl> to server -mode. - =head1 RETURN VALUES The following return values can occur: diff --git a/doc/ssl/SSL_connect.pod b/doc/ssl/SSL_connect.pod index bcc167745b..766f1876aa 100644 --- a/doc/ssl/SSL_connect.pod +++ b/doc/ssl/SSL_connect.pod @@ -34,11 +34,6 @@ nothing is to be done, but select() can be used to check for the required condition. When using a buffering BIO, like a BIO pair, data must be written into or retrieved out of the BIO before being able to continue. -When using a generic method (see L<SSL_CTX_new(3)|SSL_CTX_new(3)>), it -is necessary to call L<SSL_set_connect_state(3)|SSL_set_connect_state(3)> -before calling SSL_connect() to explicitly switch the B<ssl> to client -mode. - =head1 RETURN VALUES The following return values can occur: diff --git a/doc/ssl/SSL_read.pod b/doc/ssl/SSL_read.pod index cc7aa1a547..e9557ba1a1 100644 --- a/doc/ssl/SSL_read.pod +++ b/doc/ssl/SSL_read.pod @@ -25,11 +25,10 @@ the SSL_read() operation. The behaviour of SSL_read() depends on the underlying BIO. For the transparent negotiation to succeed, the B<ssl> must have been -initialized to client or server mode. This is not the case if a generic -method is being used (see L<SSL_CTX_new(3)|SSL_CTX_new(3)>, so that +initialized to client or server mode. This is being done by calling L<SSL_set_connect_state(3)|SSL_set_connect_state(3)> or SSL_set_accept_state() -must be used before the first call to an SSL_read() or -L<SSL_write(3)|SSL_write(3)> function). +before the first call to an SSL_read() or L<SSL_write(3)|SSL_write(3)> +function. SSL_read() works based on the SSL/TLS records. The data are received in records (with a maximum record size of 16kB for SSLv3/TLSv1). Only when a diff --git a/doc/ssl/SSL_set_connect_state.pod b/doc/ssl/SSL_set_connect_state.pod index a8c4463c64..adf52a93c2 100644 --- a/doc/ssl/SSL_set_connect_state.pod +++ b/doc/ssl/SSL_set_connect_state.pod @@ -14,9 +14,9 @@ SSL_set_connect_state, SSL_get_accept_state - prepare SSL object to work in clie =head1 DESCRIPTION -SSL_set_connect_state() B<ssl> to work in client mode. +SSL_set_connect_state() sets B<ssl> to work in client mode. -SSL_set_accept_state() B<ssl> to work in server mode. +SSL_set_accept_state() sets B<ssl> to work in server mode. =head1 NOTES @@ -27,12 +27,17 @@ server connections. (The method might have been changed with L<SSL_CTX_set_ssl_version(3)|SSL_CTX_set_ssl_version(3)> or SSL_set_ssl_method().) -In order to successfully accomplish the handshake, the SSL routines need -to know whether they should act in server or client mode. If the generic -method was used, this is not clear from the method itself and must be set -with either SSL_set_connect_state() or SSL_set_accept_state(). If these -routines are not called, the default value set when L<SSL_new(3)|SSL_new(3)> -is called is server mode. +When beginning a new handshake, the SSL engine must know whether it must +call the connect (client) or accept (server) routines. Even though it may +be clear from the method chosen, whether client or server mode was +requested, the handshake routines must be explicitly set. + +When using the L<SSL_connect(3)|SSL_connect(3)> or +L<SSL_accept(3)|SSL_accept(3)> routines, the correct handshake +routines are automatically set. When performing a transparent negotiation +using L<SSL_write(3)|SSL_write(3)> or L<SSL_read(3)|SSL_read(3)>, the +handshake routines must be explicitely set in advance using either +SSL_set_connect_state() or SSL_set_accept_state(). =head1 RETURN VALUES @@ -42,6 +47,8 @@ information. =head1 SEE ALSO L<ssl(3)|ssl(3)>, L<SSL_new(3)|SSL_new(3)>, L<SSL_CTX_new(3)|SSL_CTX_new(3)>, +L<SSL_connect(3)|SSL_connect(3)>, L<SSL_accept(3)|SSL_accept(3)>, +L<SSL_write(3)|SSL_write(3)>, L<SSL_read(3)|SSL_read(3)>, L<SSL_CTX_set_ssl_version(3)|SSL_CTX_set_ssl_version(3)> =cut diff --git a/doc/ssl/SSL_write.pod b/doc/ssl/SSL_write.pod index b0dfefae20..da66f0f056 100644 --- a/doc/ssl/SSL_write.pod +++ b/doc/ssl/SSL_write.pod @@ -25,11 +25,9 @@ the SSL_write() operation. The behaviour of SSL_write() depends on the underlying BIO. For the transparent negotiation to succeed, the B<ssl> must have been -initialized to client or server mode. This is not the case if a generic -method is being used (see L<SSL_CTX_new(3)|SSL_CTX_new(3)>, so that +initialized to client or server mode. This is being done by calling L<SSL_set_connect_state(3)|SSL_set_connect_state(3)> or SSL_set_accept_state() -must be used before the first call to an L<SSL_read(3)|SSL_read(3)> -or SSL_write() function. +before the first call to an L<SSL_read(3)|SSL_read(3)> or SSL_write() function. If the underlying BIO is B<blocking>, SSL_write() will only return, once the write operation has been finished or an error occurred, except when a |