diff options
Diffstat (limited to 'doc/man3/SSL_get_error.pod')
| -rw-r--r-- | doc/man3/SSL_get_error.pod | 20 |
1 files changed, 15 insertions, 5 deletions
diff --git a/doc/man3/SSL_get_error.pod b/doc/man3/SSL_get_error.pod index e5a507217ed4..794598facb33 100644 --- a/doc/man3/SSL_get_error.pod +++ b/doc/man3/SSL_get_error.pod @@ -62,8 +62,8 @@ is set. See L<SSL_CTX_set_options(3)> for more details. The operation did not complete and can be retried later. -B<SSL_ERROR_WANT_READ> is returned when the last operation was a read -operation from a nonblocking B<BIO>. +For non-QUIC SSL objects, B<SSL_ERROR_WANT_READ> is returned when the last +operation was a read operation from a nonblocking B<BIO>. It means that not enough data was available at this time to complete the operation. If at a later time the underlying B<BIO> has data available for reading the same @@ -74,9 +74,10 @@ still unprocessed data available at either the B<SSL> or the B<BIO> layer, even for a blocking B<BIO>. See L<SSL_read(3)> for more information. -B<SSL_ERROR_WANT_WRITE> is returned when the last operation was a write -to a nonblocking B<BIO> and it was unable to sent all data to the B<BIO>. -When the B<BIO> is writable again, the same function can be called again. +For non-QUIC SSL objects, B<SSL_ERROR_WANT_WRITE> is returned when the last +operation was a write to a nonblocking B<BIO> and it was unable to send all data +to the B<BIO>. When the B<BIO> is writable again, the same function can be +called again. Note that the retry may again lead to an B<SSL_ERROR_WANT_READ> or B<SSL_ERROR_WANT_WRITE> condition. @@ -84,6 +85,15 @@ There is no fixed upper limit for the number of iterations that may be necessary until progress becomes visible at application protocol level. +For QUIC SSL objects, the meaning of B<SSL_ERROR_WANT_READ> and +B<SSL_ERROR_WANT_WRITE> have different but largely compatible semantics. Since +QUIC implements its own flow control and uses UDP datagrams, backpressure +conditions in terms of the underlying BIO providing network I/O are not directly +relevant to the circumstances in which these errors are produced. In particular, +B<SSL_ERROR_WANT_WRITE> indicates that the OpenSSL internal send buffer for a +given QUIC stream has been filled. Likewise, B<SSL_ERROR_WANT_READ> indicates +that the OpenSSL internal receive buffer for a given QUIC stream is empty. + It is safe to call SSL_read() or SSL_read_ex() when more data is available even when the call that set this error was an SSL_write() or SSL_write_ex(). However, if the call was an SSL_write() or SSL_write_ex(), it should be called |