Skip to content

T
Third Party Openssl

OpenHarmony / Third Party Openssl
10 个月 前同步成功

通知 8
Star 18
Fork 1
T
Third Party Openssl

前往新版Gitcode,体验更适合开发者的 AI 搜索 >>

提交 b72ff470 编写于 作者: L Lutz Jänicke
浏览文件
操作

Add newly learned knowledge from yesterday's discussion.

上级 a2b03690
隐藏空白更改
内联 并排
Showing with 57 addition and 15 deletion
doc/ssl/SSL_CTX_new.pod
浏览文件 @ b72ff470
...@@ -59,6 +59,10 @@ choice when compatibility is a concern. ...@@ -59,6 +59,10 @@ choice when compatibility is a concern.
=back =back
If a generic method is used, it is necessary to explicitly set client or
server mode with L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>
or SSL_set_accept_state().
The list of protocols available can later be limited using the SSL_OP_NO_SSLv2, The list of protocols available can later be limited using the SSL_OP_NO_SSLv2,
SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1 options of the B<SSL_CTX_set_options()> or SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1 options of the B<SSL_CTX_set_options()> or
B<SSL_set_options()> functions. Using these options it is possible to choose B<SSL_set_options()> functions. Using these options it is possible to choose
...@@ -89,6 +93,6 @@ The return value points to an allocated SSL_CTX object. ...@@ -89,6 +93,6 @@ The return value points to an allocated SSL_CTX object.
=head1 SEE ALSO =head1 SEE ALSO
L<SSL_CTX_free(3)|SSL_CTX_free(3)>, L<SSL_accept(3)|SSL_accept(3)>, L<SSL_CTX_free(3)|SSL_CTX_free(3)>, L<SSL_accept(3)|SSL_accept(3)>,
L<ssl(3)|ssl(3)> L<ssl(3)|ssl(3)>, L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>
=cut =cut
doc/ssl/SSL_CTX_set_ssl_version.pod
浏览文件 @ b72ff470
...@@ -17,8 +17,8 @@ SSL_CTX_set_ssl_version, SSL_set_ssl_method, SSL_get_ssl_method ...@@ -17,8 +17,8 @@ SSL_CTX_set_ssl_version, SSL_set_ssl_method, SSL_get_ssl_method
SSL_CTX_set_ssl_version() sets a new default TLS/SSL B<method> for SSL objects SSL_CTX_set_ssl_version() sets a new default TLS/SSL B<method> for SSL objects
newly created from this B<ctx>. SSL objects already created with newly created from this B<ctx>. SSL objects already created with
L<SSL_new(3)|SSL_new(3)> are not affected, except when SSL_clear() is L<SSL_new(3)|SSL_new(3)> are not affected, except when
being called. L<SSL_clear(3)|SSL_clear(3)> is being called.
SSL_set_ssl_method() sets a new TLS/SSL B<method> for a particular B<ssl> SSL_set_ssl_method() sets a new TLS/SSL B<method> for a particular B<ssl>
object. It may be reset, when SSL_clear() is called. object. It may be reset, when SSL_clear() is called.
...@@ -31,9 +31,9 @@ set in B<ssl>. ...@@ -31,9 +31,9 @@ set in B<ssl>.
The available B<method> choices are described in The available B<method> choices are described in
L<SSL_CTX_new(3)|SSL_CTX_new(3)>. L<SSL_CTX_new(3)|SSL_CTX_new(3)>.
When SSL_clear() is called and no session is connected to an SSL object, When L<SSL_clear(3)|SSL_clear(3)> is called and no session is connected to
the method of the SSL object is reset to the method currently set in an SSL object, the method of the SSL object is reset to the method currently
the corresponding SSL_CTX object. set in the corresponding SSL_CTX object.
=head1 RETURN VALUES =head1 RETURN VALUES
...@@ -55,6 +55,7 @@ The operation succeeded. ...@@ -55,6 +55,7 @@ The operation succeeded.
=head1 SEE ALSO =head1 SEE ALSO
L<SSL_CTX_new(3)|SSL_CTX_new(3)>, L<SSL_new(3)|SSL_new(3)>, L<SSL_CTX_new(3)|SSL_CTX_new(3)>, L<SSL_new(3)|SSL_new(3)>,
L<SSL_clear(3)|SSL_clear(3)>, L<ssl(3)|ssl(3)> L<SSL_clear(3)|SSL_clear(3)>, L<ssl(3)|ssl(3)>,
L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>
=cut =cut
doc/ssl/SSL_accept.pod
浏览文件 @ b72ff470
...@@ -37,6 +37,11 @@ nothing is to be done, but select() can be used to check for the required ...@@ -37,6 +37,11 @@ nothing is to be done, but select() can be used to check for the required
condition. When using a buffering BIO, like a BIO pair, data must be written condition. When using a buffering BIO, like a BIO pair, data must be written
into or retrieved out of the BIO before being able to continue. into or retrieved out of the BIO before being able to continue.
When using a generic method (see L<SSL_CTX_new(3)|SSL_CTX_new(3)>), it
is necessary to call SSL_set_accept_state()
before calling SSL_accept() to explicitly switch the B<ssl> to server
mode.
=head1 RETURN VALUES =head1 RETURN VALUES
The following return values can occur: The following return values can occur:
...@@ -67,6 +72,8 @@ to find out the reason. ...@@ -67,6 +72,8 @@ to find out the reason.
=head1 SEE ALSO =head1 SEE ALSO
L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_connect(3)|SSL_connect(3)>, L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_connect(3)|SSL_connect(3)>,
L<SSL_shutdown(3)|SSL_shutdown(3)>, L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)> L<SSL_shutdown(3)|SSL_shutdown(3)>, L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)>,
L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>,
L<SSL_CTX_new(3)|SSL_CTX_new(3)>
=cut =cut
doc/ssl/SSL_connect.pod
浏览文件 @ b72ff470
...@@ -34,6 +34,11 @@ nothing is to be done, but select() can be used to check for the required ...@@ -34,6 +34,11 @@ nothing is to be done, but select() can be used to check for the required
condition. When using a buffering BIO, like a BIO pair, data must be written condition. When using a buffering BIO, like a BIO pair, data must be written
into or retrieved out of the BIO before being able to continue. into or retrieved out of the BIO before being able to continue.
When using a generic method (see L<SSL_CTX_new(3)|SSL_CTX_new(3)>), it
is necessary to call L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>
before calling SSL_connect() to explicitly switch the B<ssl> to client
mode.
=head1 RETURN VALUES =head1 RETURN VALUES
The following return values can occur: The following return values can occur:
...@@ -64,6 +69,8 @@ to find out the reason. ...@@ -64,6 +69,8 @@ to find out the reason.
=head1 SEE ALSO =head1 SEE ALSO
L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_accept(3)|SSL_accept(3)>, L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_accept(3)|SSL_accept(3)>,
L<SSL_shutdown(3)|SSL_shutdown(3)>, L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)> L<SSL_shutdown(3)|SSL_shutdown(3)>, L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)>,
L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>,
L<SSL_CTX_new(3)|SSL_CTX_new(3)>
=cut =cut
doc/ssl/SSL_read.pod
浏览文件 @ b72ff470
...@@ -18,11 +18,19 @@ buffer B<buf>. ...@@ -18,11 +18,19 @@ buffer B<buf>.
=head1 NOTES =head1 NOTES
If necessary, SSL_read() will negotiate a TLS/SSL session, if If necessary, SSL_read() will negotiate a TLS/SSL session, if
not already explicitly performed by SSL_connect() or SSL_accept(). If the not already explicitly performed by L<SSL_connect(3)|SSL_connect(3)> or
L<SSL_accept(3)|SSL_accept(3)>. If the
peer requests a re-negotiation, it will be performed transparently during peer requests a re-negotiation, it will be performed transparently during
the SSL_read() operation. The behaviour of SSL_read() depends on the the SSL_read() operation. The behaviour of SSL_read() depends on the
underlying BIO. underlying BIO.
For the transparent negotiation to succeed, the B<ssl> must have been
initialized to client or server mode. This is not the case if a generic
method is being used (see L<SSL_CTX_new(3)|SSL_CTX_new(3)>, so that
L<SSL_set_connect_state(3)|SSL_set_connect_state(3)> or SSL_set_accept_state()
must be used before the first call to an SSL_read() or
L<SSL_write(3)|SSL_write(3)> function.
If the underlying BIO is B<blocking>, SSL_read() will only return, once the If the underlying BIO is B<blocking>, SSL_read() will only return, once the
read operation has been finished or an error occurred, except when a read operation has been finished or an error occurred, except when a
renegotiation take place, in which case a SSL_ERROR_WANT_READ may occur. renegotiation take place, in which case a SSL_ERROR_WANT_READ may occur.
...@@ -31,7 +39,8 @@ L<SSL_CTX_set_mode(3)|SSL_CTX_set_mode(3)> call. ...@@ -31,7 +39,8 @@ L<SSL_CTX_set_mode(3)|SSL_CTX_set_mode(3)> call.
If the underlying BIO is B<non-blocking>, SSL_read() will also return If the underlying BIO is B<non-blocking>, SSL_read() will also return
when the underlying BIO could not satisfy the needs of SSL_read() when the underlying BIO could not satisfy the needs of SSL_read()
to continue the operation. In this case a call to SSL_get_error() with the to continue the operation. In this case a call to
L<SSL_get_error(3)|SSL_get_error(3)> with the
return value of SSL_read() will yield B<SSL_ERROR_WANT_READ> or return value of SSL_read() will yield B<SSL_ERROR_WANT_READ> or
B<SSL_ERROR_WANT_WRITE>. As at any time a re-negotiation is possible, a B<SSL_ERROR_WANT_WRITE>. As at any time a re-negotiation is possible, a
call to SSL_read() can also cause write operations! The calling process call to SSL_read() can also cause write operations! The calling process
...@@ -75,7 +84,9 @@ return value B<ret> to find out the reason. ...@@ -75,7 +84,9 @@ return value B<ret> to find out the reason.
=head1 SEE ALSO =head1 SEE ALSO
L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_write(3)|SSL_write(3)>, L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_write(3)|SSL_write(3)>,
L<SSL_CTX_set_mode(3)|SSL_CTX_set_mode(3)>, L<SSL_CTX_set_mode(3)|SSL_CTX_set_mode(3)>, L<SSL_CTX_new(3)|SSL_CTX_new(3)>,
L<SSL_connect(3)|SSL_connect(3)>, L<SSL_accept(3)|SSL_accept(3)>
L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>,
L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)> L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)>
=cut =cut
doc/ssl/SSL_write.pod
浏览文件 @ b72ff470
...@@ -18,11 +18,19 @@ B<ssl> connection. ...@@ -18,11 +18,19 @@ B<ssl> connection.
=head1 NOTES =head1 NOTES
If necessary, SSL_write() will negotiate a TLS/SSL session, if If necessary, SSL_write() will negotiate a TLS/SSL session, if
not already explicitly performed by SSL_connect() or SSL_accept(). If the not already explicitly performed by L<SSL_connect(3)|SSL_connect(3)> or
L<SSL_accept(3)|SSL_accept(3)>. If the
peer requests a re-negotiation, it will be performed transparently during peer requests a re-negotiation, it will be performed transparently during
the SSL_write() operation. The behaviour of SSL_write() depends on the the SSL_write() operation. The behaviour of SSL_write() depends on the
underlying BIO. underlying BIO.
For the transparent negotiation to succeed, the B<ssl> must have been
initialized to client or server mode. This is not the case if a generic
method is being used (see L<SSL_CTX_new(3)|SSL_CTX_new(3)>, so that
L<SSL_set_connect_state(3)|SSL_set_connect_state(3)> or SSL_set_accept_state()
must be used before the first call to an L<SSL_read(3)|SSL_read(3)>
or SSL_write() function.
If the underlying BIO is B<blocking>, SSL_write() will only return, once the If the underlying BIO is B<blocking>, SSL_write() will only return, once the
write operation has been finished or an error occurred, except when a write operation has been finished or an error occurred, except when a
renegotiation take place, in which case a SSL_ERROR_WANT_READ may occur. renegotiation take place, in which case a SSL_ERROR_WANT_READ may occur.
...@@ -31,7 +39,8 @@ L<SSL_CTX_set_mode(3)|SSL_CTX_set_mode(3)> call. ...@@ -31,7 +39,8 @@ L<SSL_CTX_set_mode(3)|SSL_CTX_set_mode(3)> call.
If the underlying BIO is B<non-blocking>, SSL_write() will also return, If the underlying BIO is B<non-blocking>, SSL_write() will also return,
when the underlying BIO could not satisfy the needs of SSL_write() when the underlying BIO could not satisfy the needs of SSL_write()
to continue the operation. In this case a call to SSL_get_error() with the to continue the operation. In this case a call to
L<SSL_get_error(3)|SSL_get_error(3)> with the
return value of SSL_write() will yield B<SSL_ERROR_WANT_READ> or return value of SSL_write() will yield B<SSL_ERROR_WANT_READ> or
B<SSL_ERROR_WANT_WRITE>. As at any time a re-negotiation is possible, a B<SSL_ERROR_WANT_WRITE>. As at any time a re-negotiation is possible, a
call to SSL_write() can also cause read operations! The calling process call to SSL_write() can also cause read operations! The calling process
...@@ -74,7 +83,9 @@ return value B<ret> to find out the reason. ...@@ -74,7 +83,9 @@ return value B<ret> to find out the reason.
=head1 SEE ALSO =head1 SEE ALSO
L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_read(3)|SSL_read(3)>, L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_read(3)|SSL_read(3)>,
L<SSL_CTX_set_mode(3)|SSL_CTX_set_mode(3)>, L<SSL_CTX_set_mode(3)|SSL_CTX_set_mode(3)>, L<SSL_CTX_new(3)|SSL_CTX_new(3)>,
L<SSL_connect(3)|SSL_connect(3)>, L<SSL_accept(3)|SSL_accept(3)>
L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>,
L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)> L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)>
=cut =cut
doc/ssl/ssl.pod
浏览文件 @ b72ff470
...@@ -687,6 +687,7 @@ L<SSL_library_init(3)|SSL_library_init(3)>, ...@@ -687,6 +687,7 @@ L<SSL_library_init(3)|SSL_library_init(3)>,
L<SSL_load_client_CA_file(3)|SSL_load_client_CA_file(3)>, L<SSL_load_client_CA_file(3)|SSL_load_client_CA_file(3)>,
L<SSL_new(3)|SSL_new(3)>, L<SSL_new(3)|SSL_new(3)>,
L<SSL_read(3)|SSL_read(3)>, L<SSL_set_bio(3)|SSL_set_bio(3)>, L<SSL_read(3)|SSL_read(3)>, L<SSL_set_bio(3)|SSL_set_bio(3)>,
L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>,
L<SSL_set_fd(3)|SSL_set_fd(3)>, L<SSL_pending(3)|SSL_pending(3)>, L<SSL_set_fd(3)|SSL_set_fd(3)>, L<SSL_pending(3)|SSL_pending(3)>,
L<SSL_set_session(3)|SSL_set_session(3)>, L<SSL_set_session(3)|SSL_set_session(3)>,
L<SSL_set_shutdown(3)|SSL_set_shutdown(3)>, L<SSL_set_shutdown(3)|SSL_set_shutdown(3)>,
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册