summaryrefslogtreecommitdiff
path: root/secure/lib/libcrypto/man/SSL_get_error.3
diff options
context:
space:
mode:
Diffstat (limited to 'secure/lib/libcrypto/man/SSL_get_error.3')
-rw-r--r--secure/lib/libcrypto/man/SSL_get_error.3103
1 files changed, 55 insertions, 48 deletions
diff --git a/secure/lib/libcrypto/man/SSL_get_error.3 b/secure/lib/libcrypto/man/SSL_get_error.3
index 5a2d201580040..aa56b83544a4e 100644
--- a/secure/lib/libcrypto/man/SSL_get_error.3
+++ b/secure/lib/libcrypto/man/SSL_get_error.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_GET_ERROR 3"
-.TH SSL_GET_ERROR 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_GET_ERROR 3 "2019-02-26" "1.1.1b" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -145,18 +149,18 @@ SSL_get_error \- obtain result code for TLS/SSL I/O operation
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\fISSL_get_error()\fR returns a result code (suitable for the C \*(L"switch\*(R"
-statement) for a preceding call to \fISSL_connect()\fR, \fISSL_accept()\fR, \fISSL_do_handshake()\fR,
-\&\fISSL_read_ex()\fR, \fISSL_read()\fR, \fISSL_peek_ex()\fR, \fISSL_peek()\fR, \fISSL_write_ex()\fR or
-\&\fISSL_write()\fR on \fBssl\fR. The value returned by that \s-1TLS/SSL I/O\s0 function must be
-passed to \fISSL_get_error()\fR in parameter \fBret\fR.
+\&\fBSSL_get_error()\fR returns a result code (suitable for the C \*(L"switch\*(R"
+statement) for a preceding call to \fBSSL_connect()\fR, \fBSSL_accept()\fR, \fBSSL_do_handshake()\fR,
+\&\fBSSL_read_ex()\fR, \fBSSL_read()\fR, \fBSSL_peek_ex()\fR, \fBSSL_peek()\fR, \fBSSL_write_ex()\fR or
+\&\fBSSL_write()\fR on \fBssl\fR. The value returned by that \s-1TLS/SSL I/O\s0 function must be
+passed to \fBSSL_get_error()\fR in parameter \fBret\fR.
.PP
-In addition to \fBssl\fR and \fBret\fR, \fISSL_get_error()\fR inspects the
-current thread's OpenSSL error queue. Thus, \fISSL_get_error()\fR must be
+In addition to \fBssl\fR and \fBret\fR, \fBSSL_get_error()\fR inspects the
+current thread's OpenSSL error queue. Thus, \fBSSL_get_error()\fR must be
used in the same thread that performed the \s-1TLS/SSL I/O\s0 operation, and no
other OpenSSL function calls should appear in between. The current
thread's error queue must be empty before the \s-1TLS/SSL I/O\s0 operation is
-attempted, or \fISSL_get_error()\fR will not work reliably.
+attempted, or \fBSSL_get_error()\fR will not work reliably.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
The following return values can currently occur:
@@ -182,10 +186,10 @@ operation.
If at a later time the underlying \fB\s-1BIO\s0\fR has data available for reading the same
function can be called again.
.Sp
-\&\fISSL_read()\fR and \fISSL_read_ex()\fR can also set \fB\s-1SSL_ERROR_WANT_READ\s0\fR when there is
+\&\fBSSL_read()\fR and \fBSSL_read_ex()\fR can also set \fB\s-1SSL_ERROR_WANT_READ\s0\fR when there is
still unprocessed data available at either the \fB\s-1SSL\s0\fR or the \fB\s-1BIO\s0\fR layer, even
for a blocking \fB\s-1BIO\s0\fR.
-See \fISSL_read\fR\|(3) for more information.
+See \fBSSL_read\fR\|(3) for more information.
.Sp
\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR is returned when the last operation was a write
to a non-blocking \fB\s-1BIO\s0\fR and it was unable to sent all data to the \fB\s-1BIO\s0\fR.
@@ -197,85 +201,88 @@ There is no fixed upper limit for the number of iterations that
may be necessary until progress becomes visible at application
protocol level.
.Sp
-It is safe to call \fISSL_read()\fR or \fISSL_read_ex()\fR when more data is available
-even when the call that set this error was an \fISSL_write()\fR or \fISSL_write_ex()\fR.
-However if the call was an \fISSL_write()\fR or \fISSL_write_ex()\fR, it should be called
+It is safe to call \fBSSL_read()\fR or \fBSSL_read_ex()\fR when more data is available
+even when the call that set this error was an \fBSSL_write()\fR or \fBSSL_write_ex()\fR.
+However if the call was an \fBSSL_write()\fR or \fBSSL_write_ex()\fR, it should be called
again to continue sending the application data.
.Sp
-For socket \fB\s-1BIO\s0\fRs (e.g. when \fISSL_set_fd()\fR was used), \fIselect()\fR or
-\&\fIpoll()\fR on the underlying socket can be used to find out when the
+For socket \fB\s-1BIO\s0\fRs (e.g. when \fBSSL_set_fd()\fR was used), \fBselect()\fR or
+\&\fBpoll()\fR on the underlying socket can be used to find out when the
\&\s-1TLS/SSL I/O\s0 function should be retried.
.Sp
Caveat: Any \s-1TLS/SSL I/O\s0 function can lead to either of
\&\fB\s-1SSL_ERROR_WANT_READ\s0\fR and \fB\s-1SSL_ERROR_WANT_WRITE\s0\fR.
In particular,
-\&\fISSL_read_ex()\fR, \fISSL_read()\fR, \fISSL_peek_ex()\fR, or \fISSL_peek()\fR may want to write data
-and \fISSL_write()\fR or \fISSL_write_ex()\fR may want to read data.
+\&\fBSSL_read_ex()\fR, \fBSSL_read()\fR, \fBSSL_peek_ex()\fR, or \fBSSL_peek()\fR may want to write data
+and \fBSSL_write()\fR or \fBSSL_write_ex()\fR may want to read data.
This is mainly because
\&\s-1TLS/SSL\s0 handshakes may occur at any time during the protocol (initiated by
-either the client or the server); \fISSL_read_ex()\fR, \fISSL_read()\fR, \fISSL_peek_ex()\fR,
-\&\fISSL_peek()\fR, \fISSL_write_ex()\fR, and \fISSL_write()\fR will handle any pending handshakes.
+either the client or the server); \fBSSL_read_ex()\fR, \fBSSL_read()\fR, \fBSSL_peek_ex()\fR,
+\&\fBSSL_peek()\fR, \fBSSL_write_ex()\fR, and \fBSSL_write()\fR will handle any pending handshakes.
.IP "\s-1SSL_ERROR_WANT_CONNECT, SSL_ERROR_WANT_ACCEPT\s0" 4
.IX Item "SSL_ERROR_WANT_CONNECT, SSL_ERROR_WANT_ACCEPT"
The operation did not complete; the same \s-1TLS/SSL I/O\s0 function should be
called again later. The underlying \s-1BIO\s0 was not connected yet to the peer
-and the call would block in \fIconnect()\fR/\fIaccept()\fR. The \s-1SSL\s0 function should be
+and the call would block in \fBconnect()\fR/\fBaccept()\fR. The \s-1SSL\s0 function should be
called again when the connection is established. These messages can only
-appear with a \fIBIO_s_connect()\fR or \fIBIO_s_accept()\fR \s-1BIO,\s0 respectively.
+appear with a \fBBIO_s_connect()\fR or \fBBIO_s_accept()\fR \s-1BIO,\s0 respectively.
In order to find out, when the connection has been successfully established,
-on many platforms \fIselect()\fR or \fIpoll()\fR for writing on the socket file descriptor
+on many platforms \fBselect()\fR or \fBpoll()\fR for writing on the socket file descriptor
can be used.
.IP "\s-1SSL_ERROR_WANT_X509_LOOKUP\s0" 4
.IX Item "SSL_ERROR_WANT_X509_LOOKUP"
The operation did not complete because an application callback set by
-\&\fISSL_CTX_set_client_cert_cb()\fR has asked to be called again.
+\&\fBSSL_CTX_set_client_cert_cb()\fR has asked to be called again.
The \s-1TLS/SSL I/O\s0 function should be called again later.
Details depend on the application.
.IP "\s-1SSL_ERROR_WANT_ASYNC\s0" 4
.IX Item "SSL_ERROR_WANT_ASYNC"
The operation did not complete because an asynchronous engine is still
processing data. This will only occur if the mode has been set to \s-1SSL_MODE_ASYNC\s0
-using \fISSL_CTX_set_mode\fR\|(3) or \fISSL_set_mode\fR\|(3) and an asynchronous capable
+using \fBSSL_CTX_set_mode\fR\|(3) or \fBSSL_set_mode\fR\|(3) and an asynchronous capable
engine is being used. An application can determine whether the engine has
-completed its processing using \fIselect()\fR or \fIpoll()\fR on the asynchronous wait file
+completed its processing using \fBselect()\fR or \fBpoll()\fR on the asynchronous wait file
descriptor. This file descriptor is available by calling
-\&\fISSL_get_all_async_fds\fR\|(3) or \fISSL_get_changed_async_fds\fR\|(3). The \s-1TLS/SSL I/O\s0
+\&\fBSSL_get_all_async_fds\fR\|(3) or \fBSSL_get_changed_async_fds\fR\|(3). The \s-1TLS/SSL I/O\s0
function should be called again later. The function \fBmust\fR be called from the
same thread that the original call was made from.
.IP "\s-1SSL_ERROR_WANT_ASYNC_JOB\s0" 4
.IX Item "SSL_ERROR_WANT_ASYNC_JOB"
The asynchronous job could not be started because there were no async jobs
-available in the pool (see \fIASYNC_init_thread\fR\|(3)). This will only occur if the
-mode has been set to \s-1SSL_MODE_ASYNC\s0 using \fISSL_CTX_set_mode\fR\|(3) or
-\&\fISSL_set_mode\fR\|(3) and a maximum limit has been set on the async job pool
-through a call to \fIASYNC_init_thread\fR\|(3). The application should retry the
+available in the pool (see \fBASYNC_init_thread\fR\|(3)). This will only occur if the
+mode has been set to \s-1SSL_MODE_ASYNC\s0 using \fBSSL_CTX_set_mode\fR\|(3) or
+\&\fBSSL_set_mode\fR\|(3) and a maximum limit has been set on the async job pool
+through a call to \fBASYNC_init_thread\fR\|(3). The application should retry the
operation after a currently executing asynchronous operation for the current
thread has completed.
.IP "\s-1SSL_ERROR_WANT_CLIENT_HELLO_CB\s0" 4
.IX Item "SSL_ERROR_WANT_CLIENT_HELLO_CB"
The operation did not complete because an application callback set by
-\&\fISSL_CTX_set_client_hello_cb()\fR has asked to be called again.
+\&\fBSSL_CTX_set_client_hello_cb()\fR has asked to be called again.
The \s-1TLS/SSL I/O\s0 function should be called again later.
Details depend on the application.
.IP "\s-1SSL_ERROR_SYSCALL\s0" 4
.IX Item "SSL_ERROR_SYSCALL"
-Some non-recoverable I/O error occurred.
-The OpenSSL error queue may contain more information on the error.
-For socket I/O on Unix systems, consult \fBerrno\fR for details.
+Some non-recoverable, fatal I/O error occurred. The OpenSSL error queue may
+contain more information on the error. For socket I/O on Unix systems, consult
+\&\fBerrno\fR for details. If this error occurs then no further I/O operations should
+be performed on the connection and \fBSSL_shutdown()\fR must not be called.
.Sp
This value can also be returned for other errors, check the error queue for
details.
.IP "\s-1SSL_ERROR_SSL\s0" 4
.IX Item "SSL_ERROR_SSL"
-A failure in the \s-1SSL\s0 library occurred, usually a protocol error. The
-OpenSSL error queue contains more information on the error.
+A non-recoverable, fatal error in the \s-1SSL\s0 library occurred, usually a protocol
+error. The OpenSSL error queue contains more information on the error. If this
+error occurs then no further I/O operations should be performed on the
+connection and \fBSSL_shutdown()\fR must not be called.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIssl\fR\|(7)
+\&\fBssl\fR\|(7)
.SH "HISTORY"
.IX Header "HISTORY"
-\&\s-1SSL_ERROR_WANT_ASYNC\s0 was added in OpenSSL 1.1.0.
-\&\s-1SSL_ERROR_WANT_CLIENT_HELLO_CB\s0 was added in OpenSSL 1.1.1.
+The \s-1SSL_ERROR_WANT_ASYNC\s0 error code was added in OpenSSL 1.1.0.
+The \s-1SSL_ERROR_WANT_CLIENT_HELLO_CB\s0 error code was added in OpenSSL 1.1.1.
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved.
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-13 22:00:54 +0000