xref: /freebsd/secure/lib/libcrypto/man/man3/SSL_connect.3 (revision 1b10e191f341111fad7be32ead11484dfd09b800)
Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40)

Standard preamble:
========================================================================
..
..
.. Set up some character translations and predefined strings. \*(-- will
give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
double quote, and \*(R" will give a right double quote. \*(C+ will
give a nicer C++. Capital omega is used to do unbreakable dashes and
therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
nothing in troff, for use with C<>.
.tr \(*W- . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\}
Escape single quotes in literal strings from groff's Unicode transform.

If the F register is >0, we'll generate index entries on stderr for
titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
entries marked with X<> in POD. Of course, you'll have to process the
output yourself in some meaningful fashion.

Avoid warning from groff about undefined register 'F'.
.. .nr rF 0 . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF
Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] .\} . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents . \" corrections for vroff . \" for low resolution devices (crt and lpr) \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} ========================================================================

Title "SSL_CONNECT 3"
SSL_CONNECT 3 "2023-02-07" "1.1.1t" "OpenSSL"
For nroff, turn off justification. Always turn off hyphenation; it makes
way too many mistakes in technical documents.
"NAME"
SSL_connect - initiate the TLS/SSL handshake with an TLS/SSL server
"SYNOPSIS"
Header "SYNOPSIS" .Vb 1 #include <openssl/ssl.h> \& int SSL_connect(SSL *ssl); .Ve
"DESCRIPTION"
Header "DESCRIPTION" \fBSSL_connect() initiates the \s-1TLS/SSL\s0 handshake with a server. The communication channel must already have been set and assigned to the ssl by setting an underlying \s-1BIO\s0.
"NOTES"
Header "NOTES" The behaviour of SSL_connect() depends on the underlying \s-1BIO.\s0

If the underlying \s-1BIO\s0 is blocking, SSL_connect() will only return once the handshake has been finished or an error occurred.

If the underlying \s-1BIO\s0 is nonblocking, SSL_connect() will also return when the underlying \s-1BIO\s0 could not satisfy the needs of SSL_connect() to continue the handshake, indicating the problem by the return value -1. In this case a call to SSL_get_error() with the return value of SSL_connect() will yield \s-1SSL_ERROR_WANT_READ\s0 or \fB\s-1SSL_ERROR_WANT_WRITE\s0. The calling process then must repeat the call after taking appropriate action to satisfy the needs of SSL_connect(). The action depends on the underlying \s-1BIO.\s0 When using a nonblocking socket, nothing is to be done, but select() can be used to check for the required condition. When using a buffering \s-1BIO,\s0 like a \s-1BIO\s0 pair, data must be written into or retrieved out of the \s-1BIO\s0 before being able to continue.

Many systems implement Nagle's algorithm by default which means that it will buffer outgoing \s-1TCP\s0 data if a \s-1TCP\s0 packet has already been sent for which no corresponding \s-1ACK\s0 has been received yet from the peer. This can have performance impacts after a successful TLSv1.3 handshake or a successful TLSv1.2 (or below) resumption handshake, because the last peer to communicate in the handshake is the client. If the client is also the first to send application data (as is typical for many protocols) then this data could be buffered until an \s-1ACK\s0 has been received for the final handshake message.

The \s-1TCP_NODELAY\s0 socket option is often available to disable Nagle's algorithm. If an application opts to disable Nagle's algorithm consideration should be given to turning it back on again later if appropriate. The helper function BIO_set_tcp_ndelay() can be used to turn on or off the \s-1TCP_NODELAY\s0 option.

"RETURN VALUES"
Header "RETURN VALUES" The following return values can occur:
"0" 4
The \s-1TLS/SSL\s0 handshake was not successful but was shut down controlled and by the specifications of the \s-1TLS/SSL\s0 protocol. Call SSL_get_error() with the return value ret to find out the reason.
"1" 4
Item "1" The \s-1TLS/SSL\s0 handshake was successfully completed, a \s-1TLS/SSL\s0 connection has been established.
"<0" 4
Item "<0" The \s-1TLS/SSL\s0 handshake was not successful, because a fatal error occurred either at the protocol level or a connection failure occurred. The shutdown was not clean. It can also occur if action is needed to continue the operation for nonblocking BIOs. Call SSL_get_error() with the return value ret to find out the reason.
"SEE ALSO"
Header "SEE ALSO" \fBSSL_get_error\|(3), SSL_accept\|(3), \fBSSL_shutdown\|(3), ssl\|(7), bio\|(7), \fBSSL_set_connect_state\|(3), \fBSSL_do_handshake\|(3), \fBSSL_CTX_new\|(3)
"COPYRIGHT"
Header "COPYRIGHT" Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>.