|SSL_CLEAR(3)||Library Functions Manual||SSL_CLEAR(3)|
SSL_clear — reset
SSL object to allow another connection
Reset ssl to allow another connection. All settings (method, ciphers, BIOs) are kept.
SSL_clear() is used to prepare an
SSL object for a new connection. While all settings
are kept, a side effect is the handling of the current SSL session. If a
session is still open, it is considered bad and will be
removed from the session cache, as required by RFC2246. A session is
considered open if SSL_shutdown(3)
was not called for the connection or at least
SSL_set_shutdown(3) was used to
If a session was closed cleanly, the session object will be kept
and all settings corresponding. This explicitly means that for example the
special method used during the session will be kept for the next handshake.
So if the session was a TLSv1 session, a SSL client
object will use a TLSv1 client method for the next handshake and a
SSL server object will use a TLSv1 server method, even
TLS_*_method()s were chosen on startup. This
might lead to connection failures (see
SSL_new(3)) for a description of the
The following return values can occur:
SSL_clear() operation could not be performed. Check the error stack to find out the reason.
SSL_clear() operation was successful.
SSL_clear() first appeared in SSLeay
0.4.5b and has been available since OpenBSD 2.4.
SSL_clear() resets the
SSL object to allow for another connection. The reset
operation however keeps several settings of the last sessions (some of these
settings were made automatically during the last handshake). It only makes
sense for a new connection with the exact same peer that shares these
settings, and may fail if that peer changes its settings between
connections. Use the sequence
SSL_free(3) instead to avoid such
failures (or simply SSL_free(3);
SSL_new(3) if session reuse is not
|March 27, 2018||OpenBSD-current|