1.\" $OpenBSD: SSL_clear.3,v 1.5 2021/06/11 19:41:39 jmc Exp $ 2.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 3.\" 4.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>. 5.\" Copyright (c) 2000, 2001, 2002, 2011, 2015 The OpenSSL Project. 6.\" All rights reserved. 7.\" 8.\" Redistribution and use in source and binary forms, with or without 9.\" modification, are permitted provided that the following conditions 10.\" are met: 11.\" 12.\" 1. Redistributions of source code must retain the above copyright 13.\" notice, this list of conditions and the following disclaimer. 14.\" 15.\" 2. Redistributions in binary form must reproduce the above copyright 16.\" notice, this list of conditions and the following disclaimer in 17.\" the documentation and/or other materials provided with the 18.\" distribution. 19.\" 20.\" 3. All advertising materials mentioning features or use of this 21.\" software must display the following acknowledgment: 22.\" "This product includes software developed by the OpenSSL Project 23.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 24.\" 25.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 26.\" endorse or promote products derived from this software without 27.\" prior written permission. For written permission, please contact 28.\" openssl-core@openssl.org. 29.\" 30.\" 5. Products derived from this software may not be called "OpenSSL" 31.\" nor may "OpenSSL" appear in their names without prior written 32.\" permission of the OpenSSL Project. 33.\" 34.\" 6. Redistributions of any form whatsoever must retain the following 35.\" acknowledgment: 36.\" "This product includes software developed by the OpenSSL Project 37.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" 38.\" 39.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 40.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 41.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 42.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 43.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 44.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 45.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 46.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 48.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 49.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 50.\" OF THE POSSIBILITY OF SUCH DAMAGE. 51.\" 52.Dd $Mdocdate: June 11 2021 $ 53.Dt SSL_CLEAR 3 54.Os 55.Sh NAME 56.Nm SSL_clear 57.Nd reset SSL object to allow another connection 58.Sh SYNOPSIS 59.In openssl/ssl.h 60.Ft int 61.Fn SSL_clear "SSL *ssl" 62.Sh DESCRIPTION 63Reset 64.Fa ssl 65to allow another connection. 66All settings (method, ciphers, BIOs) are kept. 67.Pp 68.Fn SSL_clear 69is used to prepare an 70.Vt SSL 71object for a new connection. 72While all settings are kept, 73a side effect is the handling of the current SSL session. 74If a session is still 75.Em open , 76it is considered bad and will be removed from the session cache, 77as required by RFC 2246. 78A session is considered open if 79.Xr SSL_shutdown 3 80was not called for the connection or at least 81.Xr SSL_set_shutdown 3 82was used to 83set the 84.Dv SSL_SENT_SHUTDOWN 85state. 86.Pp 87If a session was closed cleanly, 88the session object will be kept and all settings corresponding. 89This explicitly means that for example the special method used during the 90session will be kept for the next handshake. 91So if the session was a TLSv1 session, a 92.Vt SSL 93client object will use a TLSv1 client method for the next handshake and a 94.Vt SSL 95server object will use a TLSv1 server method, even if 96.Fn TLS_*_method Ns s 97were chosen on startup. 98This might lead to connection failures (see 99.Xr SSL_new 3 ) 100for a description of the method's properties. 101.Sh RETURN VALUES 102The following return values can occur: 103.Bl -tag -width Ds 104.It 0 105The 106.Fn SSL_clear 107operation could not be performed. 108Check the error stack to find out the reason. 109.It 1 110The 111.Fn SSL_clear 112operation was successful. 113.El 114.Sh SEE ALSO 115.Xr ssl 3 , 116.Xr SSL_CTX_set_client_cert_cb 3 , 117.Xr SSL_CTX_set_options 3 , 118.Xr SSL_free 3 , 119.Xr SSL_new 3 , 120.Xr SSL_set_shutdown 3 , 121.Xr SSL_shutdown 3 122.Sh HISTORY 123.Fn SSL_clear 124first appeared in SSLeay 0.4.5b and has been available since 125.Ox 2.4 . 126.Sh CAVEATS 127.Fn SSL_clear 128resets the 129.Vt SSL 130object to allow for another connection. 131The reset operation however keeps several settings of the last sessions 132(some of these settings were made automatically during the last handshake). 133It only makes sense for a new connection with the exact same peer that shares 134these settings, 135and may fail if that peer changes its settings between connections. 136Use the sequence 137.Xr SSL_get_session 3 ; 138.Xr SSL_new 3 ; 139.Xr SSL_set_session 3 ; 140.Xr SSL_free 3 141instead to avoid such failures (or simply 142.Xr SSL_free 3 ; 143.Xr SSL_new 3 144if session reuse is not desired). 145