[thirdparty/openssl.git] / doc / ssl / SSL_clear.pod

=pod

=head1 NAME

SSL_clear - reset SSL object to allow another connection

=head1 SYNOPSIS

 #include <openssl/ssl.h>

 int SSL_clear(SSL *ssl);

=head1 DESCRIPTION

Reset B<ssl> to allow another connection. All settings (method, ciphers,
BIOs) are kept.

=head1 NOTES

SSL_clear is used to prepare an SSL object for a new connection. While all
settings are kept, a side effect is the handling of the current SSL session.
If a session is still B<open>, it is considered bad and will be removed
from the session cache, as required by RFC2246. A session is considered open,
if L<SSL_shutdown(3)|SSL_shutdown(3)> was not called for the connection
or at least L<SSL_set_shutdown(3)|SSL_set_shutdown(3)> was used to
set the SSL_SENT_SHUTDOWN state.

If a session was closed cleanly, the session object will be kept and all
settings corresponding. This explicitly means, that e.g. the special method
used during the session will be kept for the next handshake. So if the
session was a TLSv1 session, a SSL client object will use a TLSv1 client
method for the next handshake and a SSL server object will use a TLSv1
server method, even if TLS_*_methods were chosen on startup. This
will might lead to connection failures (see L<SSL_new(3)|SSL_new(3)>)
for a description of the method's properties.

=head1 WARNINGS

SSL_clear() resets the SSL object to allow for another connection. The
reset operation however keeps several settings of the last sessions
(some of these settings were made automatically during the last
handshake). It only makes sense for a new connection with the exact
same peer that shares these settings, and may fail if that peer
changes its settings between connections. Use the sequence
L<SSL_get_session(3)|SSL_get_session(3)>;
L<SSL_new(3)|SSL_new(3)>;
L<SSL_set_session(3)|SSL_set_session(3)>;
L<SSL_free(3)|SSL_free(3)>
instead to avoid such failures
(or simply L<SSL_free(3)|SSL_free(3)>; L<SSL_new(3)|SSL_new(3)>
if session reuse is not desired).

=head1 RETURN VALUES

The following return values can occur:

=over 4

=item Z<>0

The SSL_clear() operation could not be performed. Check the error stack to
find out the reason.

=item Z<>1

The SSL_clear() operation was successful.

=back

L<SSL_new(3)|SSL_new(3)>, L<SSL_free(3)|SSL_free(3)>,
L<SSL_shutdown(3)|SSL_shutdown(3)>, L<SSL_set_shutdown(3)|SSL_set_shutdown(3)>,
L<SSL_CTX_set_options(3)|SSL_CTX_set_options(3)>, L<ssl(3)|ssl(3)>,
L<SSL_CTX_set_client_cert_cb(3)|SSL_CTX_set_client_cert_cb(3)>

=cut
Commit	Line	Data
cc99526d RL	1	=pod
	2
	3	=head1 NAME
	4
1e4e5492	5	SSL_clear - reset SSL object to allow another connection
cc99526d RL	6
	7	=head1 SYNOPSIS
	8
	9	#include <openssl/ssl.h>
	10
c6def253	11	int SSL_clear(SSL *ssl);
cc99526d RL	12
	13	=head1 DESCRIPTION
	14
1e4e5492	15	Reset B<ssl> to allow another connection. All settings (method, ciphers,
8e495e4a LJ	16	BIOs) are kept.
	17
	18	=head1 NOTES
	19
	20	SSL_clear is used to prepare an SSL object for a new connection. While all
	21	settings are kept, a side effect is the handling of the current SSL session.
	22	If a session is still B<open>, it is considered bad and will be removed
	23	from the session cache, as required by RFC2246. A session is considered open,
	24	if L<SSL_shutdown(3)\|SSL_shutdown(3)> was not called for the connection
	25	or at least L<SSL_set_shutdown(3)\|SSL_set_shutdown(3)> was used to
	26	set the SSL_SENT_SHUTDOWN state.
cc99526d	27
ce4b274a LJ	28	If a session was closed cleanly, the session object will be kept and all
	29	settings corresponding. This explicitly means, that e.g. the special method
	30	used during the session will be kept for the next handshake. So if the
	31	session was a TLSv1 session, a SSL client object will use a TLSv1 client
	32	method for the next handshake and a SSL server object will use a TLSv1
a27e81ee	33	server method, even if TLS_*_methods were chosen on startup. This
ce4b274a LJ	34	will might lead to connection failures (see L<SSL_new(3)\|SSL_new(3)>)
	35	for a description of the method's properties.
	36
	37	=head1 WARNINGS
	38
	39	SSL_clear() resets the SSL object to allow for another connection. The
	40	reset operation however keeps several settings of the last sessions
	41	(some of these settings were made automatically during the last
9d74befd BM	42	handshake). It only makes sense for a new connection with the exact
	43	same peer that shares these settings, and may fail if that peer
	44	changes its settings between connections. Use the sequence
	45	L<SSL_get_session(3)\|SSL_get_session(3)>;
	46	L<SSL_new(3)\|SSL_new(3)>;
	47	L<SSL_set_session(3)\|SSL_set_session(3)>;
	48	L<SSL_free(3)\|SSL_free(3)>
	49	instead to avoid such failures
	50	(or simply L<SSL_free(3)\|SSL_free(3)>; L<SSL_new(3)\|SSL_new(3)>
	51	if session reuse is not desired).
ce4b274a	52
cc99526d RL	53	=head1 RETURN VALUES
	54
	55	The following return values can occur:
	56
	57	=over 4
	58
c8919dde	59	=item Z<>0
cc99526d RL	60
	61	The SSL_clear() operation could not be performed. Check the error stack to
	62	find out the reason.
	63
c8919dde	64	=item Z<>1
cc99526d	65
1e4e5492	66	The SSL_clear() operation was successful.
cc99526d RL	67
	68	=back
	69
	70	L<SSL_new(3)\|SSL_new(3)>, L<SSL_free(3)\|SSL_free(3)>,
8e495e4a	71	L<SSL_shutdown(3)\|SSL_shutdown(3)>, L<SSL_set_shutdown(3)\|SSL_set_shutdown(3)>,
f0d6ee6b LJ	72	L<SSL_CTX_set_options(3)\|SSL_CTX_set_options(3)>, L<ssl(3)\|ssl(3)>,
f0d6ee6b LJ	73	L<SSL_CTX_set_client_cert_cb(3)\|SSL_CTX_set_client_cert_cb(3)>
cc99526d RL	74
cc99526d RL	75	=cut