xref: /onnv-gate/usr/src/common/openssl/doc/ssl/SSL_do_handshake.pod (revision 2175:b0b2f052a486) 
1*2175Sjp161948=pod
2*2175Sjp161948
3*2175Sjp161948=head1 NAME
4*2175Sjp161948
5*2175Sjp161948SSL_do_handshake - perform a TLS/SSL handshake
6*2175Sjp161948
7*2175Sjp161948=head1 SYNOPSIS
8*2175Sjp161948
9*2175Sjp161948 #include <openssl/ssl.h>
10*2175Sjp161948
11*2175Sjp161948 int SSL_do_handshake(SSL *ssl);
12*2175Sjp161948
13*2175Sjp161948=head1 DESCRIPTION
14*2175Sjp161948
15*2175Sjp161948SSL_do_handshake() will wait for a SSL/TLS handshake to take place. If the
16*2175Sjp161948connection is in client mode, the handshake will be started. The handshake
17*2175Sjp161948routines may have to be explicitly set in advance using either
18*2175Sjp161948L<SSL_set_connect_state(3)|SSL_set_connect_state(3)> or
19*2175Sjp161948L<SSL_set_accept_state(3)|SSL_set_accept_state(3)>.
20*2175Sjp161948
21*2175Sjp161948=head1 NOTES
22*2175Sjp161948
23*2175Sjp161948The behaviour of SSL_do_handshake() depends on the underlying BIO.
24*2175Sjp161948
25*2175Sjp161948If the underlying BIO is B<blocking>, SSL_do_handshake() will only return
26*2175Sjp161948once the handshake has been finished or an error occurred, except for SGC
27*2175Sjp161948(Server Gated Cryptography). For SGC, SSL_do_handshake() may return with -1,
28*2175Sjp161948but SSL_get_error() will yield B<SSL_ERROR_WANT_READ/WRITE> and
29*2175Sjp161948SSL_do_handshake() should be called again.
30*2175Sjp161948
31*2175Sjp161948If the underlying BIO is B<non-blocking>, SSL_do_handshake() will also return
32*2175Sjp161948when the underlying BIO could not satisfy the needs of SSL_do_handshake()
33*2175Sjp161948to continue the handshake. In this case a call to SSL_get_error() with the
34*2175Sjp161948return value of SSL_do_handshake() will yield B<SSL_ERROR_WANT_READ> or
35*2175Sjp161948B<SSL_ERROR_WANT_WRITE>. The calling process then must repeat the call after
36*2175Sjp161948taking appropriate action to satisfy the needs of SSL_do_handshake().
37*2175Sjp161948The action depends on the underlying BIO. When using a non-blocking socket,
38*2175Sjp161948nothing is to be done, but select() can be used to check for the required
39*2175Sjp161948condition. When using a buffering BIO, like a BIO pair, data must be written
40*2175Sjp161948into or retrieved out of the BIO before being able to continue.
41*2175Sjp161948
42*2175Sjp161948=head1 RETURN VALUES
43*2175Sjp161948
44*2175Sjp161948The following return values can occur:
45*2175Sjp161948
46*2175Sjp161948=over 4
47*2175Sjp161948
48*2175Sjp161948=item 1
49*2175Sjp161948
50*2175Sjp161948The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
51*2175Sjp161948established.
52*2175Sjp161948
53*2175Sjp161948=item 0
54*2175Sjp161948
55*2175Sjp161948The TLS/SSL handshake was not successful but was shut down controlled and
56*2175Sjp161948by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
57*2175Sjp161948return value B<ret> to find out the reason.
58*2175Sjp161948
59*2175Sjp161948=item E<lt>0
60*2175Sjp161948
61*2175Sjp161948The TLS/SSL handshake was not successful because a fatal error occurred either
62*2175Sjp161948at the protocol level or a connection failure occurred. The shutdown was
63*2175Sjp161948not clean. It can also occur of action is need to continue the operation
64*2175Sjp161948for non-blocking BIOs. Call SSL_get_error() with the return value B<ret>
65*2175Sjp161948to find out the reason.
66*2175Sjp161948
67*2175Sjp161948=back
68*2175Sjp161948
69*2175Sjp161948=head1 SEE ALSO
70*2175Sjp161948
71*2175Sjp161948L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_connect(3)|SSL_connect(3)>,
72*2175Sjp161948L<SSL_accept(3)|SSL_accept(3)>, L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)>,
73*2175Sjp161948L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>
74*2175Sjp161948
75*2175Sjp161948=cut
76