xref: /freebsd/crypto/openssl/doc/man3/SSL_clear.pod (revision ba3c1f5972d7b90feb6e6da47905ff2757e0fe57)
1=pod
2
3=head1 NAME
4
5SSL_clear - reset SSL object to allow another connection
6
7=head1 SYNOPSIS
8
9 #include <openssl/ssl.h>
10
11 int SSL_clear(SSL *ssl);
12
13=head1 DESCRIPTION
14
15Reset B<ssl> to allow another connection. All settings (method, ciphers,
16BIOs) are kept.
17
18=head1 NOTES
19
20SSL_clear is used to prepare an SSL object for a new connection. While all
21settings are kept, a side effect is the handling of the current SSL session.
22If a session is still B<open>, it is considered bad and will be removed
23from the session cache, as required by RFC2246. A session is considered open,
24if L<SSL_shutdown(3)> was not called for the connection
25or at least L<SSL_set_shutdown(3)> was used to
26set the SSL_SENT_SHUTDOWN state.
27
28If a session was closed cleanly, the session object will be kept and all
29settings corresponding. This explicitly means, that e.g. the special method
30used during the session will be kept for the next handshake. So if the
31session was a TLSv1 session, a SSL client object will use a TLSv1 client
32method for the next handshake and a SSL server object will use a TLSv1
33server method, even if TLS_*_methods were chosen on startup. This
34will might lead to connection failures (see L<SSL_new(3)>)
35for a description of the method's properties.
36
37=head1 WARNINGS
38
39SSL_clear() resets the SSL object to allow for another connection. The
40reset operation however keeps several settings of the last sessions
41(some of these settings were made automatically during the last
42handshake). It only makes sense for a new connection with the exact
43same peer that shares these settings, and may fail if that peer
44changes its settings between connections. Use the sequence
45L<SSL_get_session(3)>;
46L<SSL_new(3)>;
47L<SSL_set_session(3)>;
48L<SSL_free(3)>
49instead to avoid such failures
50(or simply L<SSL_free(3)>; L<SSL_new(3)>
51if session reuse is not desired).
52
53=head1 RETURN VALUES
54
55The following return values can occur:
56
57=over 4
58
59=item Z<>0
60
61The SSL_clear() operation could not be performed. Check the error stack to
62find out the reason.
63
64=item Z<>1
65
66The SSL_clear() operation was successful.
67
68=back
69
70L<SSL_new(3)>, L<SSL_free(3)>,
71L<SSL_shutdown(3)>, L<SSL_set_shutdown(3)>,
72L<SSL_CTX_set_options(3)>, L<ssl(7)>,
73L<SSL_CTX_set_client_cert_cb(3)>
74
75=head1 COPYRIGHT
76
77Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
78
79Licensed under the Apache License 2.0 (the "License").  You may not use
80this file except in compliance with the License.  You can obtain a copy
81in the file LICENSE in the source distribution or at
82L<https://www.openssl.org/source/license.html>.
83
84=cut
85