1 files changed, 88 insertions, 0 deletions
diff --git a/src/lib/libssl/man/SSL_set_shutdown.3 b/src/lib/libssl/man/SSL_set_shutdown.3
new file mode 100644
index 0000000000..81eb703c67
--- /dev/null
+++ b/src/lib/libssl/man/SSL_set_shutdown.3
@@ -0,0 +1,88 @@
+.\"
+.\"     $OpenBSD: SSL_set_shutdown.3,v 1.1 2016/11/05 15:32:20 schwarze Exp $
+.\"
+.Dd $Mdocdate: November 5 2016 $
+.Dt SSL_SET_SHUTDOWN 3
+.Os
+.Sh NAME
+.Nm SSL_set_shutdown ,
+.Nm SSL_get_shutdown
+.Nd manipulate shutdown state of an SSL connection
+.Sh SYNOPSIS
+.In openssl/ssl.h
+.Ft void
+.Fn SSL_set_shutdown "SSL *ssl" "int mode"
+.Ft int
+.Fn SSL_get_shutdown "const SSL *ssl"
+.Sh DESCRIPTION
+.Fn SSL_set_shutdown
+sets the shutdown state of
+.Fa ssl
+to
+.Fa mode .
+.Pp
+.Fn SSL_get_shutdown
+returns the shutdown mode of
+.Fa ssl .
+.Sh NOTES
+The shutdown state of an ssl connection is a bitmask of:
+.Bl -tag -width Ds
+.It 0
+No shutdown setting, yet.
+.It Dv SSL_SENT_SHUTDOWN
+A
+.Dq close notify
+shutdown alert was sent to the peer; the connection is being considered closed
+and the session is closed and correct.
+.It Dv SSL_RECEIVED_SHUTDOWN
+A shutdown alert was received form the peer, either a normal
+.Dq close notify
+or a fatal error.
+.El
+.Pp
+.Dv SSL_SENT_SHUTDOWN
+and
+.Dv SSL_RECEIVED_SHUTDOWN
+can be set at the same time.
+.Pp
+The shutdown state of the connection is used to determine the state of the
+.Fa ssl
+session.
+If the session is still open when
+.Xr SSL_clear 3
+or
+.Xr SSL_free 3
+is called, it is considered bad and removed according to RFC2246.
+The actual condition for a correctly closed session is
+.Dv SSL_SENT_SHUTDOWN
+(according to the TLS RFC, it is acceptable to only send the
+.Dq close notify
+alert but to not wait for the peer's answer when the underlying connection is
+closed).
+.Fn SSL_set_shutdown
+can be used to set this state without sending a close alert to the peer (see
+.Xr SSL_shutdown 3 ) .
+.Pp
+If a
+.Dq close notify
+was received,
+.Dv SSL_RECEIVED_SHUTDOWN
+will be set, but to set
+.Dv SSL_SENT_SHUTDOWN
+the application must still call
+.Xr SSL_shutdown 3
+or
+.Fn SSL_set_shutdown
+itself.
+.Sh RETURN VALUES
+.Fn SSL_set_shutdown
+does not return diagnostic information.
+.Pp
+.Fn SSL_get_shutdown
+returns the current setting.
+.Sh SEE ALSO
+.Xr ssl 3 ,
+.Xr SSL_clear 3 ,
+.Xr SSL_CTX_set_quiet_shutdown 3 ,
+.Xr SSL_free 3 ,
+.Xr SSL_shutdown 3

diff --git a/src/lib/libssl/man/SSL_set_shutdown.3 b/src/lib/libssl/man/SSL_set_shutdown.3 new file mode 100644 index 0000000000..81eb703c67 --- /dev/null +++ b/src/lib/libssl/man/SSL_set_shutdown.3
@@ -0,0 +1,88 @@
	1	.\"
	2	.\" $OpenBSD: SSL_set_shutdown.3,v 1.1 2016/11/05 15:32:20 schwarze Exp $
	3	.\"
	4	.Dd $Mdocdate: November 5 2016 $
	5	.Dt SSL_SET_SHUTDOWN 3
	6	.Os
	7	.Sh NAME
	8	.Nm SSL_set_shutdown ,
	9	.Nm SSL_get_shutdown
	10	.Nd manipulate shutdown state of an SSL connection
	11	.Sh SYNOPSIS
	12	.In openssl/ssl.h
	13	.Ft void
	14	.Fn SSL_set_shutdown "SSL *ssl" "int mode"
	15	.Ft int
	16	.Fn SSL_get_shutdown "const SSL *ssl"
	17	.Sh DESCRIPTION
	18	.Fn SSL_set_shutdown
	19	sets the shutdown state of
	20	.Fa ssl
	21	to
	22	.Fa mode .
	23	.Pp
	24	.Fn SSL_get_shutdown
	25	returns the shutdown mode of
	26	.Fa ssl .
	27	.Sh NOTES
	28	The shutdown state of an ssl connection is a bitmask of:
	29	.Bl -tag -width Ds
	30	.It 0
	31	No shutdown setting, yet.
	32	.It Dv SSL_SENT_SHUTDOWN
	33	A
	34	.Dq close notify
	35	shutdown alert was sent to the peer; the connection is being considered closed
	36	and the session is closed and correct.
	37	.It Dv SSL_RECEIVED_SHUTDOWN
	38	A shutdown alert was received form the peer, either a normal
	39	.Dq close notify
	40	or a fatal error.
	41	.El
	42	.Pp
	43	.Dv SSL_SENT_SHUTDOWN
	44	and
	45	.Dv SSL_RECEIVED_SHUTDOWN
	46	can be set at the same time.
	47	.Pp
	48	The shutdown state of the connection is used to determine the state of the
	49	.Fa ssl
	50	session.
	51	If the session is still open when
	52	.Xr SSL_clear 3
	53	or
	54	.Xr SSL_free 3
	55	is called, it is considered bad and removed according to RFC2246.
	56	The actual condition for a correctly closed session is
	57	.Dv SSL_SENT_SHUTDOWN
	58	(according to the TLS RFC, it is acceptable to only send the
	59	.Dq close notify
	60	alert but to not wait for the peer's answer when the underlying connection is
	61	closed).
	62	.Fn SSL_set_shutdown
	63	can be used to set this state without sending a close alert to the peer (see
	64	.Xr SSL_shutdown 3 ) .
	65	.Pp
	66	If a
	67	.Dq close notify
	68	was received,
	69	.Dv SSL_RECEIVED_SHUTDOWN
	70	will be set, but to set
	71	.Dv SSL_SENT_SHUTDOWN
	72	the application must still call
	73	.Xr SSL_shutdown 3
	74	or
	75	.Fn SSL_set_shutdown
	76	itself.
	77	.Sh RETURN VALUES
	78	.Fn SSL_set_shutdown
	79	does not return diagnostic information.
	80	.Pp
	81	.Fn SSL_get_shutdown
	82	returns the current setting.
	83	.Sh SEE ALSO
	84	.Xr ssl 3 ,
	85	.Xr SSL_clear 3 ,
	86	.Xr SSL_CTX_set_quiet_shutdown 3 ,
	87	.Xr SSL_free 3 ,
	88	.Xr SSL_shutdown 3