diff --git a/doc/ssl/SSL_get_error.pod b/doc/ssl/SSL_get_error.pod new file mode 100644 index 0000000000000000000000000000000000000000..d7e2a81a88e6af56582996c2feb70eda850c3687 --- /dev/null +++ b/doc/ssl/SSL_get_error.pod @@ -0,0 +1,91 @@ +=pod + +=head1 NAME + +SSL_get_error - obtain result code for SSL I/O operation + +=head1 SYNOPSIS + + #include + + int SSL_get_error(SSL *ssl, int ret); + +=head1 DESCRIPTION + +SSL_get_error() returns a result code (suitable for the C "switch" +statement) for a preceding call to SSL_connect(), SSL_accept(), +SSL_read(), or SSL_write() on B. The value returned by that +SSL I/O function must be passed to SSL_get_error() in parameter +B. + +In addition to B and B, SSL_get_error() inspects the +current thread's OpenSSL error queue. Thus, SSL_get_error() must be +used in the same thread that performed the SSL I/O operation, and no +other OpenSSL function calls should appear inbetween. The current +thread's error queue must be empty before the SSL I/O operation is +attempted, or SSL_get_error() will not work reliably. + +=head1 RETURN VALUES + +The following return values can currently occur: + +=over 4 + +=item SSL_ERROR_NONE + +The SSL I/O operation completed. This result code is returned +if and only if B 0>. + +=item SSL_ERROR_ZERO_RETURN + +The SSL connection has been closed. If the protocol version is SSL 3.0 +or TLS 1.0, this result code is returned only if a closure +alerts has occured in the protocol, i.e. if the connection has been +closed cleanly. + +=item SSL_ERROR_WANT_READ, SSL_ERROR_WANT_WRITE + +The operation did not complete; the same SSL I/O function should be +called again later. There will be protocol progress if, by then, the +underlying B has data available for reading (if the result code is +B) or allows writing data (B). +For socket Bs (e.g. when SSL_set_fd() was used) this means that +select() or poll() on the underlying socket can be used to find out +when the SSL I/O function should be retried. + +Caveat: Any SSL I/O function can lead to either of +B and B, i.e. SSL_read() +may want to write data and SSL_write() may want to read data. + +=item SSL_ERROR_WANT_X509_LOOKUP + +The operation did not complete because an application callback set by +SSL_CTX_set_client_cert_cb() has asked to be called again. +The SSL I/O function should be called again later. +Details depend on the application. + +=item SSL_ERROR_SYSCALL + +Some I/O error occurred. The OpenSSL error queue may contain more +information on the error. If the error queue is empty +(i.e. ERR_get_error() returns 0), B can be used to find out more +about the error: If B, an EOF was observed that violates +the protocol. If B, the underlying B reported an +I/O error. (For socket I/O on Unix systems, consult B.) + +=item SSL_ERROR_SSL + +A failure in the SSL library occured, usually a protocol error. The +OpenSSL error queue contains more information on the error. + +=back + +=head1 SEE ALSO + +ssl(3), err(3) + +=head1 HISTORY + +SSL_get_error() was added in SSLeay 0.8. + +=cut