1*4724848cSchristos=pod 2*4724848cSchristos 3*4724848cSchristos=head1 NAME 4*4724848cSchristos 5*4724848cSchristosSSL_write_ex, SSL_write - write bytes to a TLS/SSL connection 6*4724848cSchristos 7*4724848cSchristos=head1 SYNOPSIS 8*4724848cSchristos 9*4724848cSchristos #include <openssl/ssl.h> 10*4724848cSchristos 11*4724848cSchristos int SSL_write_ex(SSL *s, const void *buf, size_t num, size_t *written); 12*4724848cSchristos int SSL_write(SSL *ssl, const void *buf, int num); 13*4724848cSchristos 14*4724848cSchristos=head1 DESCRIPTION 15*4724848cSchristos 16*4724848cSchristosSSL_write_ex() and SSL_write() write B<num> bytes from the buffer B<buf> into 17*4724848cSchristosthe specified B<ssl> connection. On success SSL_write_ex() will store the number 18*4724848cSchristosof bytes written in B<*written>. 19*4724848cSchristos 20*4724848cSchristos=head1 NOTES 21*4724848cSchristos 22*4724848cSchristosIn the paragraphs below a "write function" is defined as one of either 23*4724848cSchristosSSL_write_ex(), or SSL_write(). 24*4724848cSchristos 25*4724848cSchristosIf necessary, a write function will negotiate a TLS/SSL session, if not already 26*4724848cSchristosexplicitly performed by L<SSL_connect(3)> or L<SSL_accept(3)>. If the peer 27*4724848cSchristosrequests a re-negotiation, it will be performed transparently during 28*4724848cSchristosthe write function operation. The behaviour of the write functions depends on the 29*4724848cSchristosunderlying BIO. 30*4724848cSchristos 31*4724848cSchristosFor the transparent negotiation to succeed, the B<ssl> must have been 32*4724848cSchristosinitialized to client or server mode. This is being done by calling 33*4724848cSchristosL<SSL_set_connect_state(3)> or SSL_set_accept_state() 34*4724848cSchristosbefore the first call to a write function. 35*4724848cSchristos 36*4724848cSchristosIf the underlying BIO is B<blocking>, the write functions will only return, once 37*4724848cSchristosthe write operation has been finished or an error occurred. 38*4724848cSchristos 39*4724848cSchristosIf the underlying BIO is B<nonblocking> the write functions will also return 40*4724848cSchristoswhen the underlying BIO could not satisfy the needs of the function to continue 41*4724848cSchristosthe operation. In this case a call to L<SSL_get_error(3)> with the 42*4724848cSchristosreturn value of the write function will yield B<SSL_ERROR_WANT_READ> 43*4724848cSchristosor B<SSL_ERROR_WANT_WRITE>. As at any time a re-negotiation is possible, a 44*4724848cSchristoscall to a write function can also cause read operations! The calling process 45*4724848cSchristosthen must repeat the call after taking appropriate action to satisfy the needs 46*4724848cSchristosof the write function. The action depends on the underlying BIO. When using a 47*4724848cSchristosnonblocking socket, nothing is to be done, but select() can be used to check 48*4724848cSchristosfor the required condition. When using a buffering BIO, like a BIO pair, data 49*4724848cSchristosmust be written into or retrieved out of the BIO before being able to continue. 50*4724848cSchristos 51*4724848cSchristosThe write functions will only return with success when the complete contents of 52*4724848cSchristosB<buf> of length B<num> has been written. This default behaviour can be changed 53*4724848cSchristoswith the SSL_MODE_ENABLE_PARTIAL_WRITE option of L<SSL_CTX_set_mode(3)>. When 54*4724848cSchristosthis flag is set the write functions will also return with success when a 55*4724848cSchristospartial write has been successfully completed. In this case the write function 56*4724848cSchristosoperation is considered completed. The bytes are sent and a new write call with 57*4724848cSchristosa new buffer (with the already sent bytes removed) must be started. A partial 58*4724848cSchristoswrite is performed with the size of a message block, which is 16kB. 59*4724848cSchristos 60*4724848cSchristos=head1 WARNINGS 61*4724848cSchristos 62*4724848cSchristosWhen a write function call has to be repeated because L<SSL_get_error(3)> 63*4724848cSchristosreturned B<SSL_ERROR_WANT_READ> or B<SSL_ERROR_WANT_WRITE>, it must be repeated 64*4724848cSchristoswith the same arguments. 65*4724848cSchristosThe data that was passed might have been partially processed. 66*4724848cSchristosWhen B<SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER> was set using L<SSL_CTX_set_mode(3)> 67*4724848cSchristosthe pointer can be different, but the data and length should still be the same. 68*4724848cSchristos 69*4724848cSchristosYou should not call SSL_write() with num=0, it will return an error. 70*4724848cSchristosSSL_write_ex() can be called with num=0, but will not send application data to 71*4724848cSchristosthe peer. 72*4724848cSchristos 73*4724848cSchristos=head1 RETURN VALUES 74*4724848cSchristos 75*4724848cSchristosSSL_write_ex() will return 1 for success or 0 for failure. Success means that 76*4724848cSchristosall requested application data bytes have been written to the SSL connection or, 77*4724848cSchristosif SSL_MODE_ENABLE_PARTIAL_WRITE is in use, at least 1 application data byte has 78*4724848cSchristosbeen written to the SSL connection. Failure means that not all the requested 79*4724848cSchristosbytes have been written yet (if SSL_MODE_ENABLE_PARTIAL_WRITE is not in use) or 80*4724848cSchristosno bytes could be written to the SSL connection (if 81*4724848cSchristosSSL_MODE_ENABLE_PARTIAL_WRITE is in use). Failures can be retryable (e.g. the 82*4724848cSchristosnetwork write buffer has temporarily filled up) or non-retryable (e.g. a fatal 83*4724848cSchristosnetwork error). In the event of a failure call L<SSL_get_error(3)> to find out 84*4724848cSchristosthe reason which indicates whether the call is retryable or not. 85*4724848cSchristos 86*4724848cSchristosFor SSL_write() the following return values can occur: 87*4724848cSchristos 88*4724848cSchristos=over 4 89*4724848cSchristos 90*4724848cSchristos=item E<gt> 0 91*4724848cSchristos 92*4724848cSchristosThe write operation was successful, the return value is the number of 93*4724848cSchristosbytes actually written to the TLS/SSL connection. 94*4724848cSchristos 95*4724848cSchristos=item Z<><= 0 96*4724848cSchristos 97*4724848cSchristosThe write operation was not successful, because either the connection was 98*4724848cSchristosclosed, an error occurred or action must be taken by the calling process. 99*4724848cSchristosCall SSL_get_error() with the return value B<ret> to find out the reason. 100*4724848cSchristos 101*4724848cSchristosOld documentation indicated a difference between 0 and -1, and that -1 was 102*4724848cSchristosretryable. 103*4724848cSchristosYou should instead call SSL_get_error() to find out if it's retryable. 104*4724848cSchristos 105*4724848cSchristos=back 106*4724848cSchristos 107*4724848cSchristos=head1 SEE ALSO 108*4724848cSchristos 109*4724848cSchristosL<SSL_get_error(3)>, L<SSL_read_ex(3)>, L<SSL_read(3)> 110*4724848cSchristosL<SSL_CTX_set_mode(3)>, L<SSL_CTX_new(3)>, 111*4724848cSchristosL<SSL_connect(3)>, L<SSL_accept(3)> 112*4724848cSchristosL<SSL_set_connect_state(3)>, 113*4724848cSchristosL<ssl(7)>, L<bio(7)> 114*4724848cSchristos 115*4724848cSchristos=head1 HISTORY 116*4724848cSchristos 117*4724848cSchristosThe SSL_write_ex() function was added in OpenSSL 1.1.1. 118*4724848cSchristos 119*4724848cSchristos=head1 COPYRIGHT 120*4724848cSchristos 121*4724848cSchristosCopyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. 122*4724848cSchristos 123*4724848cSchristosLicensed under the OpenSSL license (the "License"). You may not use 124*4724848cSchristosthis file except in compliance with the License. You can obtain a copy 125*4724848cSchristosin the file LICENSE in the source distribution or at 126*4724848cSchristosL<https://www.openssl.org/source/license.html>. 127*4724848cSchristos 128*4724848cSchristos=cut 129