=head1 DESCRIPTION
SSL_get_tick_timeout() determines when the SSL object next needs to perform
-internal processing due to the passage of time. It is currently applicable only
-to DTLS and QUIC connection SSL objects, and is not supported on other kinds of
-SSL object.
+internal processing due to the passage of time.
Calling SSL_get_tick_timeout() results in B<*tv> being written with an amount of
time left before the SSL object needs to be ticked. If the SSL object needs to
need to be ticked at any point in the future, B<tv_sec> is set to -1,
representing infinity.
+This function is currently applicable only to DTLS and QUIC connection SSL
+objects. If it is called on any other kind of SSL object, it always outputs
+infinity. This is considered a success condition.
+
Note that the value output by a call to SSL_get_tick_timeout() may change as a
result of other calls to the SSL object.
connection attempt is first made. B<addr> must point to a B<BIO_ADDR>
representing a UDP destination address of the server to connect to.
-In some cases, the initial destination peer address can be detected
-automatically when the SSL object is first provided with a suitable BIO. This
-behaviour can be overridden by calling SSL_set_initial_peer_addr() explicitly.
+Where a QUIC connection object is provided with a write BIO which supports the
+B<BIO_CTRL_DGRAM_GET_PEER> control (for example, B<BIO_s_dgram>), the initial
+destination peer address can be detected automatically; if
+B<BIO_CTRL_DGRAM_GET_PEER> returns a valid (non-B<AF_UNSPEC>) peer address and
+no valid peer address has yet been set, this will be set automatically as the
+initial peer address. This behaviour can be overridden by calling
+SSL_set_initial_peer_addr() with a valid peer address explicitly.
The destination address used by QUIC may change over time in response to
connection events, such as connection migration (where supported).
DTLSv1_handle_timeout(), it should be preferred for new applications which do
not require support for OpenSSL 3.1 or older.
+When using DTLS, an application must call SSL_tick() as indicated by calls to
+SSL_get_tick_timeout(); ticking is not performed automatically by calls to other
+SSL functions such as SSL_read() or SSL_write(). Note that this is different to
+QUIC which also performs ticking implicitly; see below.
+
=item QUIC connection SSL objects
Using SSL_tick() on an SSL object which represents a QUIC connection allows
need to call SSL_tick() because OpenSSL performs ticking internally on an
automatic basis. However, if an application uses a QUIC connection in
nonblocking mode, it must at a minimum ensure that SSL_tick() is called
-periodically to allow timeout events to be handled. An application can
-find out when it next needs to call SSL_tick() for this purpose (if at all) by
-calling SSL_get_tick_timeout().
+periodically to allow timeout events to be handled. An application can find out
+when it next needs to call SSL_tick() for this purpose (if at all) by calling
+SSL_get_tick_timeout().
Calling SSL_tick() on a QUIC connection SSL object being used in blocking mode
is not necessary unless no I/O calls (such as SSL_read() or SSL_write()) will be
=back
+Calling SSL_tick() on any other kind of SSL object is a no-op. This is
+considered a success case.
+
=head1 RETURN VALUES
Returns 1 on success and 0 on failure.
projects / thirdparty / openssl.git / commitdiff
