Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
2f6f913e
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
1 年多 前同步成功
通知
9
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
2f6f913e
编写于
3月 31, 2018
作者:
K
Kurt Roeckx
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Update documentation on how to close a connection
Reviewed-by:
N
Bernd Edlinger
<
bernd.edlinger@hotmail.de
>
GH: #5823
上级
094925de
变更
2
隐藏空白更改
内联
并排
Showing
2 changed file
with
46 addition
and
28 deletion
+46
-28
doc/man3/SSL_get_error.pod
doc/man3/SSL_get_error.pod
+4
-5
doc/man3/SSL_shutdown.pod
doc/man3/SSL_shutdown.pod
+42
-23
未找到文件。
doc/man3/SSL_get_error.pod
浏览文件 @
2f6f913e
...
...
@@ -38,11 +38,10 @@ if and only if B<ret E<gt> 0>.
=item SSL_ERROR_ZERO_RETURN
The TLS/SSL connection has been closed.
If the protocol version is SSL 3.0 or higher, this result code is returned only
if a closure alert has occurred in the protocol, i.e. if the connection has been
closed cleanly.
Note that in this case B<SSL_ERROR_ZERO_RETURN> does not necessarily
The TLS/SSL peer has closed the connection for writing by sending the
"close notify" alert.
No more data can be read.
Note that B<SSL_ERROR_ZERO_RETURN> does not necessarily
indicate that the underlying transport has been closed.
=item SSL_ERROR_WANT_READ, SSL_ERROR_WANT_WRITE
...
...
doc/man3/SSL_shutdown.pod
浏览文件 @
2f6f913e
...
...
@@ -35,35 +35,52 @@ performed, so that the peers stay synchronized.
SSL_shutdown() supports both uni- and bidirectional shutdown by its 2 step
behaviour.
=over 4
SSL_shutdown() only closes the write direction.
It is not possible to call SSL_write() after calling SSL_shutdown().
The read direction is closed by the peer.
=head2 First to close the connection
=item
When the application is the first party to send the "close notify"
When the application is the first party to send the "close notify"
alert, SSL_shutdown() will only send the alert and then set the
SSL_SENT_SHUTDOWN flag (so that the session is considered good and will
be kept in cache). SSL_shutdown() will then return with 0. If a unidirectional
shutdown is enough (the underlying connection shall be closed anyway), this
first call to SSL_shutdown() is sufficient. In order to complete the
bidirectional shutdown handshake, SSL_shutdown() must be called again.
The second call will make SSL_shutdown() wait for the peer's "close notify"
shutdown alert. On success, the second call to SSL_shutdown() will return
with 1.
=item If the peer already sent the "close notify" alert B<and> it was
be kept in the cache).
SSL_shutdown() will then return with 0.
If a unidirectional shutdown is enough (the underlying connection shall be
closed anyway), this first call to SSL_shutdown() is sufficient.
In order to complete the bidirectional shutdown handshake, the peer needs
to send back a "close notify" alert.
The SSL_RECEIVED_SHUTDOWN flag will be set after receiving and processing
it.
SSL_shutdown() will return 1 when it has been received.
The peer is still allowed to send data after receiving the "close notify"
event.
If the peer did send data it needs to be processed by calling SSL_read()
before calling SSL_shutdown() a second time.
SSL_read() will indicate the end of the peer data by returning <= 0
and SSL_get_error() returning SSL_ERROR_ZERO_RETURN.
It is recommended to call SSL_read() between SSL_shutdown() calls.
=head2 Peer closes the connection
If the peer already sent the "close notify" alert B<and> it was
already processed implicitly inside another function
(L<SSL_read(3)>), the SSL_RECEIVED_SHUTDOWN flag is set.
SSL_read() will return <= 0 in that case, and SSL_get_error() will return
SSL_ERROR_ZERO_RETURN.
SSL_shutdown() will send the "close notify" alert, set the SSL_SENT_SHUTDOWN
flag and will immediately return with 1.
Whether SSL_RECEIVED_SHUTDOWN is already set can be checked using the
SSL_get_shutdown() (see also L<SSL_set_shutdown(3)> call.
=
back
=
head1 NOTES
It is therefore recommended, to check the return value of SSL_shutdown()
and call SSL_shutdown() again, if the bidirectional shutdown is not yet
complete (return value of the first call is 0).
It is recommended to do a bidirectional shutdown by checking the return value
of SSL_shutdown() and call it again until it returns 1 or a fatal error.
The behaviour of SSL_shutdown() additionally depends on the underlying BIO.
If the underlying BIO is B<blocking>, SSL_shutdown() will only return once the
handshake step has been finished or an error occurred.
...
...
@@ -92,8 +109,9 @@ The following return values can occur:
=item Z<>0
The shutdown is not yet finished. Call SSL_shutdown() for a second time,
if a bidirectional shutdown shall be performed.
The shutdown is not yet finished: the "close notify" was send but the peer
did not send it back yet.
Call SSL_shutdown() again to do a bidirectional shutdown.
The output of L<SSL_get_error(3)> may be misleading, as an
erroneous SSL_ERROR_SYSCALL may be flagged even though no error occurred.
...
...
@@ -104,11 +122,12 @@ and the peer's "close notify" alert was received.
=item E<lt>0
The shutdown was not successful because a fatal error occurred either
at the protocol level or a connection failure occurred. It can also occur if
action is need to continue the operation for non-blocking BIOs.
Call L<SSL_get_error(3)> with the return value B<ret>
to find out the reason.
The shutdown was not successful.
Call L<SSL_get_error(3)> with the return value B<ret> to find out the reason.
It can occur if an action is needed to continue the operation for non-blocking
BIOs.
It can also occur when not all data was read using SSL_read().
=back
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录