Convert libssl manpages from pod to mdoc(7).

libcrypto has not been started yet. ok schwarze@ miod@
author: bentley <> 2014-10-12 09:33:04 +0000
committer: bentley <> 2014-10-12 09:33:04 +0000
commit: 82b7f378b6907ab315a6e50322d2a0a8794a0aa9 (patch)
tree: a5087bf8d016a6041c2b6822fbecfd8f6c5e70b1 /src/lib/libssl/doc/SSL_get_error.3
parent: 0a63f0cf49369e1926567ab62e04e3355cedf0cd (diff)
download: openbsd-82b7f378b6907ab315a6e50322d2a0a8794a0aa9.tar.gz
openbsd-82b7f378b6907ab315a6e50322d2a0a8794a0aa9.tar.bz2
openbsd-82b7f378b6907ab315a6e50322d2a0a8794a0aa9.zip
1 files changed, 166 insertions, 0 deletions
diff --git a/src/lib/libssl/doc/SSL_get_error.3 b/src/lib/libssl/doc/SSL_get_error.3
new file mode 100644
index 0000000000..ad533f68c5
--- /dev/null
+++ b/src/lib/libssl/doc/SSL_get_error.3
@@ -0,0 +1,166 @@
+.Dd $Mdocdate: October 12 2014 $
+.Dt SSL_GET_ERROR 3
+.Os
+.Sh NAME
+.Nm SSL_get_error
+.Nd obtain result code for TLS/SSL I/O operation
+.Sh SYNOPSIS
+.In openssl/ssl.h
+.Ft int
+.Fn SSL_get_error "const SSL *ssl" "int ret"
+.Sh DESCRIPTION
+.Fn SSL_get_error
+returns a result code (suitable for the C
+.Dq switch
+statement) for a preceding call to
+.Xr SSL_connect 3 ,
+.Xr SSL_accept 3 ,
+.Xr SSL_do_handshake 3 ,
+.Xr SSL_read 3 ,
+.Xr SSL_peek 3 ,
+or
+.Xr SSL_write 3
+on
+.Fa ssl .
+The value returned by that TLS/SSL I/O function must be passed to
+.Fn SSL_get_error
+in parameter
+.Fa ret .
+.Pp
+In addition to
+.Fa ssl
+and
+.Fa ret ,
+.Fn SSL_get_error
+inspects the current thread's OpenSSL error queue.
+Thus,
+.Fn SSL_get_error
+must be used in the same thread that performed the TLS/SSL I/O operation,
+and no other OpenSSL function calls should appear in between.
+The current thread's error queue must be empty before the TLS/SSL I/O operation
+is attempted, or
+.Fn SSL_get_error
+will not work reliably.
+.Sh RETURN VALUES
+The following return values can currently occur:
+.Bl -tag -width Ds
+.It Dv SSL_ERROR_NONE
+The TLS/SSL I/O operation completed.
+This result code is returned if and only if
+.Fa ret
+< 0.
+.It Dv SSL_ERROR_ZERO_RETURN
+The TLS/SSL connection has been closed.
+If the protocol version is SSL 3.0 or TLS 1.0, this result code is returned
+only if a closure alert has occurred in the protocol, i.e., if the connection
+has been closed cleanly.
+Note that in this case
+.Dv SSL_ERROR_ZERO_RETURN
+does not necessarily indicate that the underlying transport has been closed.
+.It Dv SSL_ERROR_WANT_READ , Dv SSL_ERROR_WANT_WRITE
+The operation did not complete;
+the same TLS/SSL I/O function should be called again later.
+If, by then, the underlying
+.Vt BIO
+has data available for reading (if the result code is
+.Dv SSL_ERROR_WANT_READ )
+or allows writing data
+.Pq Dv SSL_ERROR_WANT_WRITE ,
+then some TLS/SSL protocol progress will take place,
+i.e., at least part of an TLS/SSL record will be read or written.
+Note that the retry may again lead to a
+.Dv SSL_ERROR_WANT_READ
+or
+.Dv SSL_ERROR_WANT_WRITE
+condition.
+There is no fixed upper limit for the number of iterations that may be
+necessary until progress becomes visible at application protocol level.
+.Pp
+For socket
+.Fa BIO Ns
+s (e.g., when
+.Fn SSL_set_fd
+was used),
+.Xr select 2
+or
+.Xr poll 2
+on the underlying socket can be used to find out when the TLS/SSL I/O function
+should be retried.
+.Pp
+Caveat: Any TLS/SSL I/O function can lead to either of
+.Dv SSL_ERROR_WANT_READ
+and
+.Dv SSL_ERROR_WANT_WRITE .
+In particular,
+.Xr SSL_read 3
+or
+.Xr SSL_peek 3
+may want to write data and
+.Xr SSL_write 3
+may want
+to read data.
+This is mainly because TLS/SSL handshakes may occur at any time during the
+protocol (initiated by either the client or the server);
+.Xr SSL_read 3 ,
+.Xr SSL_peek 3 ,
+and
+.Xr SSL_write 3
+will handle any pending handshakes.
+.It Dv SSL_ERROR_WANT_CONNECT , Dv SSL_ERROR_WANT_ACCEPT
+The operation did not complete; the same TLS/SSL I/O function should be
+called again later.
+The underlying BIO was not connected yet to the peer and the call would block
+in
+.Xr connect 2 Ns / Ns
+.Xr accept 2 .
+The SSL function should be
+called again when the connection is established.
+These messages can only appear with a
+.Xr BIO_s_connect 3
+or
+.Xr BIO_s_accept 3
+.Vt BIO ,
+respectively.
+In order to find out when the connection has been successfully established,
+on many platforms
+.Xr select 2
+or
+.Xr poll 2
+for writing on the socket file descriptor can be used.
+.It Dv SSL_ERROR_WANT_X509_LOOKUP
+The operation did not complete because an application callback set by
+.Xr SSL_CTX_set_client_cert_cb 3
+has asked to be called again.
+The TLS/SSL I/O function should be called again later.
+Details depend on the application.
+.It Dv SSL_ERROR_SYSCALL
+Some I/O error occurred.
+The OpenSSL error queue may contain more information on the error.
+If the error queue is empty (i.e.,
+.Fn ERR_get_error
+returns 0),
+.Fa ret
+can be used to find out more about the error:
+If
+.Fa ret
+== 0, an
+.Dv EOF
+was observed that violates the protocol.
+If
+.Fa ret
+== \(mi1, the underlying
+.Vt BIO
+reported an
+I/O error (for socket I/O on Unix systems, consult
+.Dv errno
+for details).
+.It Dv SSL_ERROR_SSL
+A failure in the SSL library occurred, usually a protocol error.
+The OpenSSL error queue contains more information on the error.
+.El
+.Sh SEE ALSO
+.Xr err 3 ,
+.Xr ssl 3
+.Sh HISTORY
+.Fn SSL_get_error
+was added in SSLeay 0.8.
author	bentley <>	2014-10-12 09:33:04 +0000
committer	bentley <>	2014-10-12 09:33:04 +0000
commit	82b7f378b6907ab315a6e50322d2a0a8794a0aa9 (patch)
tree	a5087bf8d016a6041c2b6822fbecfd8f6c5e70b1 /src/lib/libssl/doc/SSL_get_error.3
parent	0a63f0cf49369e1926567ab62e04e3355cedf0cd (diff)
download	openbsd-82b7f378b6907ab315a6e50322d2a0a8794a0aa9.tar.gz openbsd-82b7f378b6907ab315a6e50322d2a0a8794a0aa9.tar.bz2 openbsd-82b7f378b6907ab315a6e50322d2a0a8794a0aa9.zip

diff --git a/src/lib/libssl/doc/SSL_get_error.3 b/src/lib/libssl/doc/SSL_get_error.3 new file mode 100644 index 0000000000..ad533f68c5 --- /dev/null +++ b/src/lib/libssl/doc/SSL_get_error.3
@@ -0,0 +1,166 @@
	1	.Dd $Mdocdate: October 12 2014 $
	2	.Dt SSL_GET_ERROR 3
	3	.Os
	4	.Sh NAME
	5	.Nm SSL_get_error
	6	.Nd obtain result code for TLS/SSL I/O operation
	7	.Sh SYNOPSIS
	8	.In openssl/ssl.h
	9	.Ft int
	10	.Fn SSL_get_error "const SSL *ssl" "int ret"
	11	.Sh DESCRIPTION
	12	.Fn SSL_get_error
	13	returns a result code (suitable for the C
	14	.Dq switch
	15	statement) for a preceding call to
	16	.Xr SSL_connect 3 ,
	17	.Xr SSL_accept 3 ,
	18	.Xr SSL_do_handshake 3 ,
	19	.Xr SSL_read 3 ,
	20	.Xr SSL_peek 3 ,
	21	or
	22	.Xr SSL_write 3
	23	on
	24	.Fa ssl .
	25	The value returned by that TLS/SSL I/O function must be passed to
	26	.Fn SSL_get_error
	27	in parameter
	28	.Fa ret .
	29	.Pp
	30	In addition to
	31	.Fa ssl
	32	and
	33	.Fa ret ,
	34	.Fn SSL_get_error
	35	inspects the current thread's OpenSSL error queue.
	36	Thus,
	37	.Fn SSL_get_error
	38	must be used in the same thread that performed the TLS/SSL I/O operation,
	39	and no other OpenSSL function calls should appear in between.
	40	The current thread's error queue must be empty before the TLS/SSL I/O operation
	41	is attempted, or
	42	.Fn SSL_get_error
	43	will not work reliably.
	44	.Sh RETURN VALUES
	45	The following return values can currently occur:
	46	.Bl -tag -width Ds
	47	.It Dv SSL_ERROR_NONE
	48	The TLS/SSL I/O operation completed.
	49	This result code is returned if and only if
	50	.Fa ret
	51	< 0.
	52	.It Dv SSL_ERROR_ZERO_RETURN
	53	The TLS/SSL connection has been closed.
	54	If the protocol version is SSL 3.0 or TLS 1.0, this result code is returned
	55	only if a closure alert has occurred in the protocol, i.e., if the connection
	56	has been closed cleanly.
	57	Note that in this case
	58	.Dv SSL_ERROR_ZERO_RETURN
	59	does not necessarily indicate that the underlying transport has been closed.
	60	.It Dv SSL_ERROR_WANT_READ , Dv SSL_ERROR_WANT_WRITE
	61	The operation did not complete;
	62	the same TLS/SSL I/O function should be called again later.
	63	If, by then, the underlying
	64	.Vt BIO
	65	has data available for reading (if the result code is
	66	.Dv SSL_ERROR_WANT_READ )
	67	or allows writing data
	68	.Pq Dv SSL_ERROR_WANT_WRITE ,
	69	then some TLS/SSL protocol progress will take place,
	70	i.e., at least part of an TLS/SSL record will be read or written.
	71	Note that the retry may again lead to a
	72	.Dv SSL_ERROR_WANT_READ
	73	or
	74	.Dv SSL_ERROR_WANT_WRITE
	75	condition.
	76	There is no fixed upper limit for the number of iterations that may be
	77	necessary until progress becomes visible at application protocol level.
	78	.Pp
	79	For socket
	80	.Fa BIO Ns
	81	s (e.g., when
	82	.Fn SSL_set_fd
	83	was used),
	84	.Xr select 2
	85	or
	86	.Xr poll 2
	87	on the underlying socket can be used to find out when the TLS/SSL I/O function
	88	should be retried.
	89	.Pp
	90	Caveat: Any TLS/SSL I/O function can lead to either of
	91	.Dv SSL_ERROR_WANT_READ
	92	and
	93	.Dv SSL_ERROR_WANT_WRITE .
	94	In particular,
	95	.Xr SSL_read 3
	96	or
	97	.Xr SSL_peek 3
	98	may want to write data and
	99	.Xr SSL_write 3
	100	may want
	101	to read data.
	102	This is mainly because TLS/SSL handshakes may occur at any time during the
	103	protocol (initiated by either the client or the server);
	104	.Xr SSL_read 3 ,
	105	.Xr SSL_peek 3 ,
	106	and
	107	.Xr SSL_write 3
	108	will handle any pending handshakes.
	109	.It Dv SSL_ERROR_WANT_CONNECT , Dv SSL_ERROR_WANT_ACCEPT
	110	The operation did not complete; the same TLS/SSL I/O function should be
	111	called again later.
	112	The underlying BIO was not connected yet to the peer and the call would block
	113	in
	114	.Xr connect 2 Ns / Ns
	115	.Xr accept 2 .
	116	The SSL function should be
	117	called again when the connection is established.
	118	These messages can only appear with a
	119	.Xr BIO_s_connect 3
	120	or
	121	.Xr BIO_s_accept 3
	122	.Vt BIO ,
	123	respectively.
	124	In order to find out when the connection has been successfully established,
	125	on many platforms
	126	.Xr select 2
	127	or
	128	.Xr poll 2
	129	for writing on the socket file descriptor can be used.
	130	.It Dv SSL_ERROR_WANT_X509_LOOKUP
	131	The operation did not complete because an application callback set by
	132	.Xr SSL_CTX_set_client_cert_cb 3
	133	has asked to be called again.
	134	The TLS/SSL I/O function should be called again later.
	135	Details depend on the application.
	136	.It Dv SSL_ERROR_SYSCALL
	137	Some I/O error occurred.
	138	The OpenSSL error queue may contain more information on the error.
	139	If the error queue is empty (i.e.,
	140	.Fn ERR_get_error
	141	returns 0),
	142	.Fa ret
	143	can be used to find out more about the error:
	144	If
	145	.Fa ret
	146	== 0, an
	147	.Dv EOF
	148	was observed that violates the protocol.
	149	If
	150	.Fa ret
	151	== \(mi1, the underlying
	152	.Vt BIO
	153	reported an
	154	I/O error (for socket I/O on Unix systems, consult
	155	.Dv errno
	156	for details).
	157	.It Dv SSL_ERROR_SSL
	158	A failure in the SSL library occurred, usually a protocol error.
	159	The OpenSSL error queue contains more information on the error.
	160	.El
	161	.Sh SEE ALSO
	162	.Xr err 3 ,
	163	.Xr ssl 3
	164	.Sh HISTORY
	165	.Fn SSL_get_error
	166	was added in SSLeay 0.8.