NAME
SSL_clear
—
reset SSL object to allow another
connection
SYNOPSIS
#include
<openssl/ssl.h>
int
SSL_clear
(SSL
*ssl);
DESCRIPTION
Reset ssl to allow another connection. All settings (method, ciphers, BIOs) are kept.
SSL_clear
()
is used to prepare an SSL object for a new connection.
While all settings are kept, a side effect is the handling of the current
SSL session. If a session is still
open, it
is considered bad and will be removed from the session cache, as required by
RFC 2246. A session is considered open if
SSL_shutdown(3) was not called for the connection or at least
SSL_set_shutdown(3) was used to set the
SSL_SENT_SHUTDOWN
state.
If a session was closed cleanly, the session
object will be kept and all settings corresponding. This explicitly means
that for example the special method used during the session will be kept for
the next handshake. So if the session was a TLSv1 session, a
SSL client object will use a TLSv1 client method for
the next handshake and a SSL server object will use a
TLSv1 server method, even if
TLS_*_method
()s
were chosen on startup. This might lead to connection failures (see
SSL_new(3)) for a description of the method's properties.
RETURN VALUES
The following return values can occur:
- 0
- The
SSL_clear
() operation could not be performed. Check the error stack to find out the reason. - 1
- The
SSL_clear
() operation was successful.
SEE ALSO
ssl(3), SSL_CTX_set_client_cert_cb(3), SSL_CTX_set_options(3), SSL_free(3), SSL_new(3), SSL_set_shutdown(3), SSL_shutdown(3)
HISTORY
SSL_clear
() first appeared in SSLeay
0.4.5b and has been available since OpenBSD 2.4.
CAVEATS
SSL_clear
() resets the
SSL object to allow for another connection. The reset
operation however keeps several settings of the last sessions (some of these
settings were made automatically during the last handshake). It only makes
sense for a new connection with the exact same peer that shares these
settings, and may fail if that peer changes its settings between
connections. Use the sequence
SSL_get_session(3);
SSL_new(3);
SSL_set_session(3);
SSL_free(3) instead to avoid such failures (or simply
SSL_free(3);
SSL_new(3) if session reuse is not desired).