NAME
SSL_get_state
,
SSL_state
,
SSL_in_accept_init
,
SSL_in_before
,
SSL_in_connect_init
,
SSL_in_init
,
SSL_is_init_finished
—
inspect the state of the SSL state
machine
SYNOPSIS
#include
<openssl/ssl.h>
int
SSL_get_state
(const SSL
*ssl);
int
SSL_state
(const SSL *ssl);
int
SSL_in_accept_init
(const SSL
*ssl);
int
SSL_in_before
(const SSL
*ssl);
int
SSL_in_connect_init
(const SSL
*ssl);
int
SSL_in_init
(const SSL *ssl);
int
SSL_is_init_finished
(const SSL
*ssl);
DESCRIPTION
SSL_get_state
()
returns an encoded representation of the current state of the SSL state
machine.
SSL_state
()
is a deprecated alias for SSL_get_state
().
The following bits may be set:
SSL_ST_ACCEPT
- This bit is set by
SSL_accept(3) and by
SSL_set_accept_state(3). It indicates that
ssl is set up for server mode and no client
initiated the TLS handshake yet. The function
SSL_in_accept_init
() returns non-zero if this bit is set or 0 otherwise. SSL_ST_BEFORE
- This bit is set by the
SSL_accept(3),
SSL_connect(3),
SSL_set_accept_state(3), and
SSL_set_connect_state(3) functions. It indicates that the
TLS handshake was not initiated yet. The function
SSL_in_before
() returns non-zero if this bit is set or 0 otherwise. SSL_ST_CONNECT
- This bit is set by
SSL_connect(3) and by
SSL_set_connect_state(3). It indicates that
ssl is set up for client mode and no TLS handshake
was initiated yet. The function
SSL_in_connect_init
() returns non-zero if this bit is set or 0 otherwise.
The following masks can be used:
SSL_ST_INIT
- Set if
SSL_ST_ACCEPT
orSSL_ST_CONNECT
is set. The functionSSL_in_init
() returns a non-zero value if one of these is set or 0 otherwise. SSL_ST_MASK
- This mask includes all bits except
SSL_ST_ACCEPT
,SSL_ST_BEFORE
, andSSL_ST_CONNECT
. SSL_ST_OK
- The state is set to this value when a connection is established. The
function
SSL_is_init_finished
() returns a non-zero value if the state equals this constant, or 0 otherwise. SSL_ST_RENEGOTIATE
- The program is about to renegotiate, for example when entering SSL_read(3) or SSL_write(3) right after SSL_renegotiate(3) was called.
The meaning of other bits is protocol-dependent. Application programs usually do not need to inspect any of those other bits.
All these functions may be implemented as macros.
SEE ALSO
HISTORY
These functions are available in all versions of OpenSSL.