xref: /freebsd/crypto/openssl/doc/man3/SSL_handle_events.pod (revision 24e4dcf4ba5e9dedcf89efd358ea3e1fe5867020)
1=pod
2
3=head1 NAME
4
5SSL_handle_events - advance asynchronous state machine and perform network I/O
6
7=head1 SYNOPSIS
8
9 #include <openssl/ssl.h>
10
11 int SSL_handle_events(SSL *ssl);
12
13=head1 DESCRIPTION
14
15SSL_handle_events() performs any internal processing which is due on an SSL object. The
16exact operations performed by SSL_handle_events() vary depending on what kind of protocol
17is being used with the given SSL object. For example, SSL_handle_events() may handle
18timeout events which have become due, or may attempt, to the extent currently
19possible, to perform network I/O operations on one of the BIOs underlying the
20SSL object.
21
22The primary use case for SSL_handle_events() is to allow an application which uses
23OpenSSL in nonblocking mode to give OpenSSL an opportunity to handle timer
24events, or to respond to the availability of new data to be read from an
25underlying BIO, or to respond to the opportunity to write pending data to an
26underlying BIO.
27
28SSL_handle_events() can be used only with the following types of SSL object:
29
30=over 4
31
32=item DTLS SSL objects
33
34Using SSL_handle_events() on an SSL object being used with a DTLS method allows timeout
35events to be handled properly. This is equivalent to a call to
36L<DTLSv1_handle_timeout(3)>. Since SSL_handle_events() handles a superset of the use
37cases of L<DTLSv1_handle_timeout(3)>, it should be preferred for new
38applications which do not require support for OpenSSL 3.1 or older.
39
40When using DTLS, an application must call SSL_handle_events() as indicated by
41calls to L<SSL_get_event_timeout(3)>; event handling is not performed
42automatically by calls to other SSL functions such as L<SSL_read(3)> or
43L<SSL_write(3)>. Note that this is different to QUIC which also performs event
44handling implicitly; see below.
45
46=item QUIC connection SSL objects
47
48Using SSL_handle_events() on an SSL object which represents a QUIC connection allows
49timeout events to be handled properly, as well as incoming network data to be
50processed, and queued outgoing network data to be written, if the underlying BIO
51has the capacity to accept it.
52
53Ordinarily, when an application uses an SSL object in blocking mode, it does not
54need to call SSL_handle_events() because OpenSSL performs ticking internally on an
55automatic basis. However, if an application uses a QUIC connection in
56nonblocking mode, it must at a minimum ensure that SSL_handle_events() is called
57periodically to allow timeout events to be handled. An application can find out
58when it next needs to call SSL_handle_events() for this purpose (if at all) by calling
59L<SSL_get_event_timeout(3)>.
60
61Calling SSL_handle_events() on a QUIC connection SSL object being used in blocking mode
62is not necessary unless no I/O calls (such as L<SSL_read(3)> or L<SSL_write(3)>)
63will be made to the object for a substantial period of time. So long as at least
64one call to the SSL object is blocking, no such call is needed. However,
65SSL_handle_events() may optionally be used on a QUIC connection object if desired.
66
67With the thread-assisted mode of operation L<OSSL_QUIC_client_thread_method(3)>
68it is unnecessary to call SSL_handle_events() as the assist thread handles the QUIC
69connection events.
70
71=back
72
73Calling SSL_handle_events() on any other kind of SSL object is a no-op. This is
74considered a success case.
75
76Note that SSL_handle_events() supersedes the older L<DTLSv1_handle_timeout(3)> function
77for all use cases.
78
79=head1 RETURN VALUES
80
81Returns 1 on success and 0 on failure.
82
83=head1 SEE ALSO
84
85L<SSL_get_event_timeout(3)>, L<DTLSv1_handle_timeout(3)>, L<ssl(7)>
86
87=head1 HISTORY
88
89The SSL_handle_events() function was added in OpenSSL 3.2.
90
91=head1 COPYRIGHT
92
93Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
94
95Licensed under the Apache License 2.0 (the "License").  You may not use
96this file except in compliance with the License.  You can obtain a copy
97in the file LICENSE in the source distribution or at
98L<https://www.openssl.org/source/license.html>.
99
100=cut
101