manipulate shutdown state of an SSL
sets the shutdown state of ssl to
returns the shutdown mode of ssl.
The shutdown state of an ssl connection is a bitmask of:
- No shutdown setting, yet.
- A “close notify” shutdown alert was sent to the peer; the connection is being considered closed and the session is closed and correct.
- A shutdown alert was received form the peer, either a normal “close notify” or a fatal error.
SSL_RECEIVED_SHUTDOWN can be set at the same
The shutdown state of the connection is
used to determine the state of the ssl session. If the
session is still open when
SSL_free(3) is called, it is considered bad and removed according to
RFC 2246. The actual condition for a correctly closed session is
SSL_SENT_SHUTDOWN (according to the TLS RFC, it is
acceptable to only send the “close notify” alert but to not
wait for the peer's answer when the underlying connection is closed).
can be used to set this state without sending a close alert to the peer (see
If a “close notify” was
SSL_RECEIVED_SHUTDOWN will be set, but to
SSL_SENT_SHUTDOWN the application must still
call SSL_shutdown(3) or
SSL_get_shutdown() returns the current
ssl(3), SSL_clear(3), SSL_CTX_set_quiet_shutdown(3), SSL_free(3), SSL_shutdown(3)
SSL_get_shutdown() first appeared in SSLeay 0.8.0
and have been available since OpenBSD 2.4.