1 files changed, 0 insertions, 204 deletions
diff --git a/src/lib/libssl/doc/SSL_shutdown.3 b/src/lib/libssl/doc/SSL_shutdown.3
deleted file mode 100644
index 187e656fe3..0000000000
--- a/src/lib/libssl/doc/SSL_shutdown.3
+++ /dev/null
@@ -1,204 +0,0 @@
-.\"
-.\"     $OpenBSD: SSL_shutdown.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
-.\"
-.Dd $Mdocdate: December 2 2014 $
-.Dt SSL_SHUTDOWN 3
-.Os
-.Sh NAME
-.Nm SSL_shutdown
-.Nd shut down a TLS/SSL connection
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft int
-.Fn SSL_shutdown "SSL *ssl"
-.Sh DESCRIPTION
-.Fn SSL_shutdown
-shuts down an active TLS/SSL connection.
-It sends the
-.Dq close notify
-shutdown alert to the peer.
-.Sh NOTES
-.Fn SSL_shutdown
-tries to send the
-.Dq close notify
-shutdown alert to the peer.
-Whether the operation succeeds or not, the
-.Dv SSL_SENT_SHUTDOWN
-flag is set and a currently open session is considered closed and good and will
-be kept in the session cache for further reuse.
-.Pp
-The shutdown procedure consists of 2 steps: the sending of the
-.Dq close notify
-shutdown alert and the reception of the peer's
-.Dq close notify
-shutdown alert.
-According to the TLS standard, it is acceptable for an application to only send
-its shutdown alert and then close the underlying connection without waiting for
-the peer's response (this way resources can be saved, as the process can
-already terminate or serve another connection).
-When the underlying connection shall be used for more communications,
-the complete shutdown procedure (bidirectional
-.Dq close notify
-alerts) must be performed, so that the peers stay synchronized.
-.Pp
-.Fn SSL_shutdown
-supports both uni- and bidirectional shutdown by its 2 step behavior.
-.Pp
-When the application is the first party to send the
-.Dq close notify
-alert,
-.Fn SSL_shutdown
-will only send the alert and then set the
-.Dv SSL_SENT_SHUTDOWN
-flag (so that the session is considered good and will be kept in cache).
-.Fn SSL_shutdown
-will then return 0.
-If a unidirectional shutdown is enough
-(the underlying connection shall be closed anyway), this first call to
-.Fn SSL_shutdown
-is sufficient.
-In order to complete the bidirectional shutdown handshake,
-.Fn SSL_shutdown
-must be called again.
-The second call will make
-.Fn SSL_shutdown
-wait for the peer's
-.Dq close notify
-shutdown alert.
-On success, the second call to
-.Fn SSL_shutdown
-will return 1.
-.Pp
-If the peer already sent the
-.Dq close notify
-alert and it was already processed implicitly inside another function
-.Pq Xr SSL_read 3 ,
-the
-.Dv SSL_RECEIVED_SHUTDOWN
-flag is set.
-.Fn SSL_shutdown
-will send the
-.Dq close notify
-alert, set the
-.Dv SSL_SENT_SHUTDOWN
-flag and will immediately return with 1.
-Whether
-.Dv SSL_RECEIVED_SHUTDOWN
-is already set can be checked using the
-.Fn SSL_get_shutdown
-(see also the
-.Xr SSL_set_shutdown 3
-call).
-.Pp
-It is therefore recommended to check the return value of
-.Fn SSL_shutdown
-and call
-.Fn SSL_shutdown
-again, if the bidirectional shutdown is not yet complete (return value of the
-first call is 0).
-As the shutdown is not specially handled in the SSLv2 protocol,
-.Fn SSL_shutdown
-will succeed on the first call.
-.Pp
-The behaviour of
-.Fn SSL_shutdown
-additionally depends on the underlying
-.Vt BIO .
-.Pp
-If the underlying
-.Vt BIO
-is
-.Em blocking ,
-.Fn SSL_shutdown
-will only return once the
-handshake step has been finished or an error occurred.
-.Pp
-If the underlying
-.Vt BIO
-is
-.Em non-blocking ,
-.Fn SSL_shutdown
-will also return when the underlying
-.Vt BIO
-could not satisfy the needs of
-.Fn SSL_shutdown
-to continue the handshake.
-In this case a call to
-.Xr SSL_get_error 3
-with the
-return value of
-.Fn SSL_shutdown
-will yield
-.Dv SSL_ERROR_WANT_READ
-or
-.Dv SSL_ERROR_WANT_WRITE .
-The calling process then must repeat the call after taking appropriate action
-to satisfy the needs of
-.Fn SSL_shutdown .
-The action depends on the underlying
-.Vt BIO .
-When using a non-blocking socket, nothing is to be done, but
-.Xr select 2
-can be used to check for the required condition.
-When using a buffering
-.Vt BIO ,
-like a
-.Vt BIO
-pair, data must be written into or retrieved out of the
-.Vt BIO
-before being able to continue.
-.Pp
-.Fn SSL_shutdown
-can be modified to only set the connection to
-.Dq shutdown
-state but not actually send the
-.Dq close notify
-alert messages; see
-.Xr SSL_CTX_set_quiet_shutdown 3 .
-When
-.Dq quiet shutdown
-is enabled,
-.Fn SSL_shutdown
-will always succeed and return 1.
-.Sh RETURN VALUES
-The following return values can occur:
-.Bl -tag -width Ds
-.It 0
-The shutdown is not yet finished.
-Call
-.Fn SSL_shutdown
-for a second time, if a bidirectional shutdown shall be performed.
-The output of
-.Xr SSL_get_error 3
-may be misleading, as an erroneous
-.Dv SSL_ERROR_SYSCALL
-may be flagged even though no error occurred.
-.It 1
-The shutdown was successfully completed.
-The
-.Dq close notify
-alert was sent and the peer's
-.Dq close notify
-alert was received.
-.It \(mi1
-The shutdown was not successful because a fatal error occurred either
-at the protocol level or a connection failure occurred.
-It can also occur if action is need to continue the operation for non-blocking
-.Vt BIO Ns
-s.
-Call
-.Xr SSL_get_error 3
-with the return value
-.Fa ret
-to find out the reason.
-.El
-.Sh SEE ALSO
-.Xr bio 3 ,
-.Xr ssl 3 ,
-.Xr SSL_accept 3 ,
-.Xr SSL_clear 3 ,
-.Xr SSL_connect 3 ,
-.Xr SSL_CTX_set_quiet_shutdown 3 ,
-.Xr SSL_free 3 ,
-.Xr SSL_get_error 3 ,
-.Xr SSL_set_shutdown 3

diff --git a/src/lib/libssl/doc/SSL_shutdown.3 b/src/lib/libssl/doc/SSL_shutdown.3 deleted file mode 100644 index 187e656fe3..0000000000 --- a/src/lib/libssl/doc/SSL_shutdown.3 +++ /dev/null
@@ -1,204 +0,0 @@
1	.\"
2	.\" $OpenBSD: SSL_shutdown.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3	.\"
4	.Dd $Mdocdate: December 2 2014 $
5	.Dt SSL_SHUTDOWN 3
6	.Os
7	.Sh NAME
8	.Nm SSL_shutdown
9	.Nd shut down a TLS/SSL connection
10	.Sh SYNOPSIS
11	.In openssl/ssl.h
12	.Ft int
13	.Fn SSL_shutdown "SSL *ssl"
14	.Sh DESCRIPTION
15	.Fn SSL_shutdown
16	shuts down an active TLS/SSL connection.
17	It sends the
18	.Dq close notify
19	shutdown alert to the peer.
20	.Sh NOTES
21	.Fn SSL_shutdown
22	tries to send the
23	.Dq close notify
24	shutdown alert to the peer.
25	Whether the operation succeeds or not, the
26	.Dv SSL_SENT_SHUTDOWN
27	flag is set and a currently open session is considered closed and good and will
28	be kept in the session cache for further reuse.
29	.Pp
30	The shutdown procedure consists of 2 steps: the sending of the
31	.Dq close notify
32	shutdown alert and the reception of the peer's
33	.Dq close notify
34	shutdown alert.
35	According to the TLS standard, it is acceptable for an application to only send
36	its shutdown alert and then close the underlying connection without waiting for
37	the peer's response (this way resources can be saved, as the process can
38	already terminate or serve another connection).
39	When the underlying connection shall be used for more communications,
40	the complete shutdown procedure (bidirectional
41	.Dq close notify
42	alerts) must be performed, so that the peers stay synchronized.
43	.Pp
44	.Fn SSL_shutdown
45	supports both uni- and bidirectional shutdown by its 2 step behavior.
46	.Pp
47	When the application is the first party to send the
48	.Dq close notify
49	alert,
50	.Fn SSL_shutdown
51	will only send the alert and then set the
52	.Dv SSL_SENT_SHUTDOWN
53	flag (so that the session is considered good and will be kept in cache).
54	.Fn SSL_shutdown
55	will then return 0.
56	If a unidirectional shutdown is enough
57	(the underlying connection shall be closed anyway), this first call to
58	.Fn SSL_shutdown
59	is sufficient.
60	In order to complete the bidirectional shutdown handshake,
61	.Fn SSL_shutdown
62	must be called again.
63	The second call will make
64	.Fn SSL_shutdown
65	wait for the peer's
66	.Dq close notify
67	shutdown alert.
68	On success, the second call to
69	.Fn SSL_shutdown
70	will return 1.
71	.Pp
72	If the peer already sent the
73	.Dq close notify
74	alert and it was already processed implicitly inside another function
75	.Pq Xr SSL_read 3 ,
76	the
77	.Dv SSL_RECEIVED_SHUTDOWN
78	flag is set.
79	.Fn SSL_shutdown
80	will send the
81	.Dq close notify
82	alert, set the
83	.Dv SSL_SENT_SHUTDOWN
84	flag and will immediately return with 1.
85	Whether
86	.Dv SSL_RECEIVED_SHUTDOWN
87	is already set can be checked using the
88	.Fn SSL_get_shutdown
89	(see also the
90	.Xr SSL_set_shutdown 3
91	call).
92	.Pp
93	It is therefore recommended to check the return value of
94	.Fn SSL_shutdown
95	and call
96	.Fn SSL_shutdown
97	again, if the bidirectional shutdown is not yet complete (return value of the
98	first call is 0).
99	As the shutdown is not specially handled in the SSLv2 protocol,
100	.Fn SSL_shutdown
101	will succeed on the first call.
102	.Pp
103	The behaviour of
104	.Fn SSL_shutdown
105	additionally depends on the underlying
106	.Vt BIO .
107	.Pp
108	If the underlying
109	.Vt BIO
110	is
111	.Em blocking ,
112	.Fn SSL_shutdown
113	will only return once the
114	handshake step has been finished or an error occurred.
115	.Pp
116	If the underlying
117	.Vt BIO
118	is
119	.Em non-blocking ,
120	.Fn SSL_shutdown
121	will also return when the underlying
122	.Vt BIO
123	could not satisfy the needs of
124	.Fn SSL_shutdown
125	to continue the handshake.
126	In this case a call to
127	.Xr SSL_get_error 3
128	with the
129	return value of
130	.Fn SSL_shutdown
131	will yield
132	.Dv SSL_ERROR_WANT_READ
133	or
134	.Dv SSL_ERROR_WANT_WRITE .
135	The calling process then must repeat the call after taking appropriate action
136	to satisfy the needs of
137	.Fn SSL_shutdown .
138	The action depends on the underlying
139	.Vt BIO .
140	When using a non-blocking socket, nothing is to be done, but
141	.Xr select 2
142	can be used to check for the required condition.
143	When using a buffering
144	.Vt BIO ,
145	like a
146	.Vt BIO
147	pair, data must be written into or retrieved out of the
148	.Vt BIO
149	before being able to continue.
150	.Pp
151	.Fn SSL_shutdown
152	can be modified to only set the connection to
153	.Dq shutdown
154	state but not actually send the
155	.Dq close notify
156	alert messages; see
157	.Xr SSL_CTX_set_quiet_shutdown 3 .
158	When
159	.Dq quiet shutdown
160	is enabled,
161	.Fn SSL_shutdown
162	will always succeed and return 1.
163	.Sh RETURN VALUES
164	The following return values can occur:
165	.Bl -tag -width Ds
166	.It 0
167	The shutdown is not yet finished.
168	Call
169	.Fn SSL_shutdown
170	for a second time, if a bidirectional shutdown shall be performed.
171	The output of
172	.Xr SSL_get_error 3
173	may be misleading, as an erroneous
174	.Dv SSL_ERROR_SYSCALL
175	may be flagged even though no error occurred.
176	.It 1
177	The shutdown was successfully completed.
178	The
179	.Dq close notify
180	alert was sent and the peer's
181	.Dq close notify
182	alert was received.
183	.It \(mi1
184	The shutdown was not successful because a fatal error occurred either
185	at the protocol level or a connection failure occurred.
186	It can also occur if action is need to continue the operation for non-blocking
187	.Vt BIO Ns
188	s.
189	Call
190	.Xr SSL_get_error 3
191	with the return value
192	.Fa ret
193	to find out the reason.
194	.El
195	.Sh SEE ALSO
196	.Xr bio 3 ,
197	.Xr ssl 3 ,
198	.Xr SSL_accept 3 ,
199	.Xr SSL_clear 3 ,
200	.Xr SSL_connect 3 ,
201	.Xr SSL_CTX_set_quiet_shutdown 3 ,
202	.Xr SSL_free 3 ,
203	.Xr SSL_get_error 3 ,
204	.Xr SSL_set_shutdown 3