1ebfedea0SLionel Sambuc=pod 2ebfedea0SLionel Sambuc 3ebfedea0SLionel Sambuc=head1 NAME 4ebfedea0SLionel Sambuc 5ebfedea0SLionel SambucSSL_read - read bytes from a TLS/SSL connection. 6ebfedea0SLionel Sambuc 7ebfedea0SLionel Sambuc=head1 SYNOPSIS 8ebfedea0SLionel Sambuc 9ebfedea0SLionel Sambuc #include <openssl/ssl.h> 10ebfedea0SLionel Sambuc 11ebfedea0SLionel Sambuc int SSL_read(SSL *ssl, void *buf, int num); 12ebfedea0SLionel Sambuc 13ebfedea0SLionel Sambuc=head1 DESCRIPTION 14ebfedea0SLionel Sambuc 15ebfedea0SLionel SambucSSL_read() tries to read B<num> bytes from the specified B<ssl> into the 16ebfedea0SLionel Sambucbuffer B<buf>. 17ebfedea0SLionel Sambuc 18ebfedea0SLionel Sambuc=head1 NOTES 19ebfedea0SLionel Sambuc 20ebfedea0SLionel SambucIf necessary, SSL_read() will negotiate a TLS/SSL session, if 21ebfedea0SLionel Sambucnot already explicitly performed by L<SSL_connect(3)|SSL_connect(3)> or 22ebfedea0SLionel SambucL<SSL_accept(3)|SSL_accept(3)>. If the 23ebfedea0SLionel Sambucpeer requests a re-negotiation, it will be performed transparently during 24ebfedea0SLionel Sambucthe SSL_read() operation. The behaviour of SSL_read() depends on the 25ebfedea0SLionel Sambucunderlying BIO. 26ebfedea0SLionel Sambuc 27ebfedea0SLionel SambucFor the transparent negotiation to succeed, the B<ssl> must have been 28ebfedea0SLionel Sambucinitialized to client or server mode. This is being done by calling 29ebfedea0SLionel SambucL<SSL_set_connect_state(3)|SSL_set_connect_state(3)> or SSL_set_accept_state() 30ebfedea0SLionel Sambucbefore the first call to an SSL_read() or L<SSL_write(3)|SSL_write(3)> 31ebfedea0SLionel Sambucfunction. 32ebfedea0SLionel Sambuc 33ebfedea0SLionel SambucSSL_read() works based on the SSL/TLS records. The data are received in 34ebfedea0SLionel Sambucrecords (with a maximum record size of 16kB for SSLv3/TLSv1). Only when a 35ebfedea0SLionel Sambucrecord has been completely received, it can be processed (decryption and 36ebfedea0SLionel Sambuccheck of integrity). Therefore data that was not retrieved at the last 37ebfedea0SLionel Sambuccall of SSL_read() can still be buffered inside the SSL layer and will be 38ebfedea0SLionel Sambucretrieved on the next call to SSL_read(). If B<num> is higher than the 39ebfedea0SLionel Sambucnumber of bytes buffered, SSL_read() will return with the bytes buffered. 40ebfedea0SLionel SambucIf no more bytes are in the buffer, SSL_read() will trigger the processing 41ebfedea0SLionel Sambucof the next record. Only when the record has been received and processed 42ebfedea0SLionel Sambuccompletely, SSL_read() will return reporting success. At most the contents 43ebfedea0SLionel Sambucof the record will be returned. As the size of an SSL/TLS record may exceed 44ebfedea0SLionel Sambucthe maximum packet size of the underlying transport (e.g. TCP), it may 45ebfedea0SLionel Sambucbe necessary to read several packets from the transport layer before the 46ebfedea0SLionel Sambucrecord is complete and SSL_read() can succeed. 47ebfedea0SLionel Sambuc 48ebfedea0SLionel SambucIf the underlying BIO is B<blocking>, SSL_read() will only return, once the 49ebfedea0SLionel Sambucread operation has been finished or an error occurred, except when a 50ebfedea0SLionel Sambucrenegotiation take place, in which case a SSL_ERROR_WANT_READ may occur. 51ebfedea0SLionel SambucThis behaviour can be controlled with the SSL_MODE_AUTO_RETRY flag of the 52ebfedea0SLionel SambucL<SSL_CTX_set_mode(3)|SSL_CTX_set_mode(3)> call. 53ebfedea0SLionel Sambuc 54ebfedea0SLionel SambucIf the underlying BIO is B<non-blocking>, SSL_read() will also return 55ebfedea0SLionel Sambucwhen the underlying BIO could not satisfy the needs of SSL_read() 56ebfedea0SLionel Sambucto continue the operation. In this case a call to 57ebfedea0SLionel SambucL<SSL_get_error(3)|SSL_get_error(3)> with the 58ebfedea0SLionel Sambucreturn value of SSL_read() will yield B<SSL_ERROR_WANT_READ> or 59ebfedea0SLionel SambucB<SSL_ERROR_WANT_WRITE>. As at any time a re-negotiation is possible, a 60ebfedea0SLionel Sambuccall to SSL_read() can also cause write operations! The calling process 61ebfedea0SLionel Sambucthen must repeat the call after taking appropriate action to satisfy the 62ebfedea0SLionel Sambucneeds of SSL_read(). The action depends on the underlying BIO. When using a 63ebfedea0SLionel Sambucnon-blocking socket, nothing is to be done, but select() can be used to check 64ebfedea0SLionel Sambucfor the required condition. When using a buffering BIO, like a BIO pair, data 65ebfedea0SLionel Sambucmust be written into or retrieved out of the BIO before being able to continue. 66ebfedea0SLionel Sambuc 67ebfedea0SLionel SambucL<SSL_pending(3)|SSL_pending(3)> can be used to find out whether there 68ebfedea0SLionel Sambucare buffered bytes available for immediate retrieval. In this case 69ebfedea0SLionel SambucSSL_read() can be called without blocking or actually receiving new 70ebfedea0SLionel Sambucdata from the underlying socket. 71ebfedea0SLionel Sambuc 72ebfedea0SLionel Sambuc=head1 WARNING 73ebfedea0SLionel Sambuc 74ebfedea0SLionel SambucWhen an SSL_read() operation has to be repeated because of 75ebfedea0SLionel SambucB<SSL_ERROR_WANT_READ> or B<SSL_ERROR_WANT_WRITE>, it must be repeated 76ebfedea0SLionel Sambucwith the same arguments. 77ebfedea0SLionel Sambuc 78ebfedea0SLionel Sambuc=head1 RETURN VALUES 79ebfedea0SLionel Sambuc 80ebfedea0SLionel SambucThe following return values can occur: 81ebfedea0SLionel Sambuc 82ebfedea0SLionel Sambuc=over 4 83ebfedea0SLionel Sambuc 84ebfedea0SLionel Sambuc=item E<gt>0 85ebfedea0SLionel Sambuc 86ebfedea0SLionel SambucThe read operation was successful; the return value is the number of 87ebfedea0SLionel Sambucbytes actually read from the TLS/SSL connection. 88ebfedea0SLionel Sambuc 89*0a6a1f1dSLionel Sambuc=item Z<>0 90ebfedea0SLionel Sambuc 91ebfedea0SLionel SambucThe read operation was not successful. The reason may either be a clean 92ebfedea0SLionel Sambucshutdown due to a "close notify" alert sent by the peer (in which case 93ebfedea0SLionel Sambucthe SSL_RECEIVED_SHUTDOWN flag in the ssl shutdown state is set 94ebfedea0SLionel Sambuc(see L<SSL_shutdown(3)|SSL_shutdown(3)>, 95ebfedea0SLionel SambucL<SSL_set_shutdown(3)|SSL_set_shutdown(3)>). It is also possible, that 96ebfedea0SLionel Sambucthe peer simply shut down the underlying transport and the shutdown is 97ebfedea0SLionel Sambucincomplete. Call SSL_get_error() with the return value B<ret> to find out, 98ebfedea0SLionel Sambucwhether an error occurred or the connection was shut down cleanly 99ebfedea0SLionel Sambuc(SSL_ERROR_ZERO_RETURN). 100ebfedea0SLionel Sambuc 101ebfedea0SLionel SambucSSLv2 (deprecated) does not support a shutdown alert protocol, so it can 102ebfedea0SLionel Sambuconly be detected, whether the underlying connection was closed. It cannot 103ebfedea0SLionel Sambucbe checked, whether the closure was initiated by the peer or by something 104ebfedea0SLionel Sambucelse. 105ebfedea0SLionel Sambuc 106ebfedea0SLionel Sambuc=item E<lt>0 107ebfedea0SLionel Sambuc 108ebfedea0SLionel SambucThe read operation was not successful, because either an error occurred 109ebfedea0SLionel Sambucor action must be taken by the calling process. Call SSL_get_error() with the 110ebfedea0SLionel Sambucreturn value B<ret> to find out the reason. 111ebfedea0SLionel Sambuc 112ebfedea0SLionel Sambuc=back 113ebfedea0SLionel Sambuc 114ebfedea0SLionel Sambuc=head1 SEE ALSO 115ebfedea0SLionel Sambuc 116ebfedea0SLionel SambucL<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_write(3)|SSL_write(3)>, 117ebfedea0SLionel SambucL<SSL_CTX_set_mode(3)|SSL_CTX_set_mode(3)>, L<SSL_CTX_new(3)|SSL_CTX_new(3)>, 118ebfedea0SLionel SambucL<SSL_connect(3)|SSL_connect(3)>, L<SSL_accept(3)|SSL_accept(3)> 119ebfedea0SLionel SambucL<SSL_set_connect_state(3)|SSL_set_connect_state(3)>, 120ebfedea0SLionel SambucL<SSL_pending(3)|SSL_pending(3)>, 121ebfedea0SLionel SambucL<SSL_shutdown(3)|SSL_shutdown(3)>, L<SSL_set_shutdown(3)|SSL_set_shutdown(3)>, 122ebfedea0SLionel SambucL<ssl(3)|ssl(3)>, L<bio(3)|bio(3)> 123ebfedea0SLionel Sambuc 124ebfedea0SLionel Sambuc=cut 125