1 .\" $NetBSD: libcrypto.pl,v 1.3 2007/11/27 22:16:03 christos Exp $
3 .\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05)
6 .\" ========================================================================
7 .de Sh \" Subsection heading
15 .de Sp \" Vertical space (when we can't use .PP)
19 .de Vb \" Begin verbatim text
24 .de Ve \" End verbatim text
28 .\" Set up some character translations and predefined strings. \*(-- will
29 .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
30 .\" double quote, and \*(R" will give a right double quote. \*(C+ will
31 .\" give a nicer C++. Capital omega is used to do unbreakable dashes and
32 .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
33 .\" nothing in troff, for use with C<>.
35 .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
39 . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
40 . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
53 .\" Escape single quotes in literal strings from groff's Unicode transform.
57 .\" If the F register is turned on, we'll generate index entries on stderr for
58 .\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index
59 .\" entries marked with X<> in POD. Of course, you'll have to process the
60 .\" output yourself in some meaningful fashion.
63 . tm Index:\\$1\t\\n%\t"\\$2"
73 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
74 .\" Fear. Run. Save yourself. No user-serviceable parts.
75 . \" fudge factors for nroff and troff
84 . ds #H ((1u-(\\\\n(.fu%2u))*.13m)
90 . \" simple accents for nroff and troff
100 . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
101 . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
102 . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
103 . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
104 . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
105 . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
107 . \" troff and (daisy-wheel) nroff accents
108 .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
109 .ds 8 \h'\*(#H'\(*b\h'-\*(#H'
110 .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
111 .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
112 .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
113 .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
114 .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
115 .ds ae a\h'-(\w'a'u*4/10)'e
116 .ds Ae A\h'-(\w'A'u*4/10)'E
117 . \" corrections for vroff
118 .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
119 .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
120 . \" for low resolution devices (crt and lpr)
121 .if \n(.H>23 .if \n(.V>19 \
134 .\" ========================================================================
136 .IX Title "SSL_get_error 3"
137 .TH SSL_get_error 3 "2005-03-30" "1.1.0-dev" "OpenSSL"
138 .\" For nroff, turn off justification. Always turn off hyphenation; it makes
139 .\" way too many mistakes in technical documents.
143 SSL_get_error \- obtain result code for TLS/SSL I/O operation
147 .IX Header "SYNOPSIS"
149 \& #include <openssl/ssl.h>
151 \& int SSL_get_error(const SSL *ssl, int ret);
154 .IX Header "DESCRIPTION"
155 \&\fISSL_get_error()\fR returns a result code (suitable for the C \*(L"switch\*(R"
156 statement) for a preceding call to \fISSL_connect()\fR, \fISSL_accept()\fR, \fISSL_do_handshake()\fR,
157 \&\fISSL_read()\fR, \fISSL_peek()\fR, or \fISSL_write()\fR on \fBssl\fR. The value returned by
158 that \s-1TLS/SSL\s0 I/O function must be passed to \fISSL_get_error()\fR in parameter
161 In addition to \fBssl\fR and \fBret\fR, \fISSL_get_error()\fR inspects the
162 current thread's OpenSSL error queue. Thus, \fISSL_get_error()\fR must be
163 used in the same thread that performed the \s-1TLS/SSL\s0 I/O operation, and no
164 other OpenSSL function calls should appear in between. The current
165 thread's error queue must be empty before the \s-1TLS/SSL\s0 I/O operation is
166 attempted, or \fISSL_get_error()\fR will not work reliably.
168 .IX Header "RETURN VALUES"
169 The following return values can currently occur:
170 .IP "\s-1SSL_ERROR_NONE\s0" 4
171 .IX Item "SSL_ERROR_NONE"
172 The \s-1TLS/SSL\s0 I/O operation completed. This result code is returned
173 if and only if \fBret > 0\fR.
174 .IP "\s-1SSL_ERROR_ZERO_RETURN\s0" 4
175 .IX Item "SSL_ERROR_ZERO_RETURN"
176 The \s-1TLS/SSL\s0 connection has been closed. If the protocol version is \s-1SSL\s0 3.0
177 or \s-1TLS\s0 1.0, this result code is returned only if a closure
178 alert has occurred in the protocol, i.e. if the connection has been
179 closed cleanly. Note that in this case \fB\s-1SSL_ERROR_ZERO_RETURN\s0\fR
180 does not necessarily indicate that the underlying transport
182 .IP "\s-1SSL_ERROR_WANT_READ\s0, \s-1SSL_ERROR_WANT_WRITE\s0" 4
183 .IX Item "SSL_ERROR_WANT_READ, SSL_ERROR_WANT_WRITE"
184 The operation did not complete; the same \s-1TLS/SSL\s0 I/O function should be
185 called again later. If, by then, the underlying \fB\s-1BIO\s0\fR has data
186 available for reading (if the result code is \fB\s-1SSL_ERROR_WANT_READ\s0\fR)
187 or allows writing data (\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR), then some \s-1TLS/SSL\s0
188 protocol progress will take place, i.e. at least part of an \s-1TLS/SSL\s0
189 record will be read or written. Note that the retry may again lead to
190 a \fB\s-1SSL_ERROR_WANT_READ\s0\fR or \fB\s-1SSL_ERROR_WANT_WRITE\s0\fR condition.
191 There is no fixed upper limit for the number of iterations that
192 may be necessary until progress becomes visible at application
195 For socket \fB\s-1BIO\s0\fRs (e.g. when \fISSL_set_fd()\fR was used), \fIselect()\fR or
196 \&\fIpoll()\fR on the underlying socket can be used to find out when the
197 \&\s-1TLS/SSL\s0 I/O function should be retried.
199 Caveat: Any \s-1TLS/SSL\s0 I/O function can lead to either of
200 \&\fB\s-1SSL_ERROR_WANT_READ\s0\fR and \fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. In particular,
201 \&\fISSL_read()\fR or \fISSL_peek()\fR may want to write data and \fISSL_write()\fR may want
202 to read data. This is mainly because \s-1TLS/SSL\s0 handshakes may occur at any
203 time during the protocol (initiated by either the client or the server);
204 \&\fISSL_read()\fR, \fISSL_peek()\fR, and \fISSL_write()\fR will handle any pending handshakes.
205 .IP "\s-1SSL_ERROR_WANT_CONNECT\s0, \s-1SSL_ERROR_WANT_ACCEPT\s0" 4
206 .IX Item "SSL_ERROR_WANT_CONNECT, SSL_ERROR_WANT_ACCEPT"
207 The operation did not complete; the same \s-1TLS/SSL\s0 I/O function should be
208 called again later. The underlying \s-1BIO\s0 was not connected yet to the peer
209 and the call would block in \fIconnect()\fR/\fIaccept()\fR. The \s-1SSL\s0 function should be
210 called again when the connection is established. These messages can only
211 appear with a \fIBIO_s_connect()\fR or \fIBIO_s_accept()\fR \s-1BIO\s0, respectively.
212 In order to find out, when the connection has been successfully established,
213 on many platforms \fIselect()\fR or \fIpoll()\fR for writing on the socket file descriptor
215 .IP "\s-1SSL_ERROR_WANT_X509_LOOKUP\s0" 4
216 .IX Item "SSL_ERROR_WANT_X509_LOOKUP"
217 The operation did not complete because an application callback set by
218 \&\fISSL_CTX_set_client_cert_cb()\fR has asked to be called again.
219 The \s-1TLS/SSL\s0 I/O function should be called again later.
220 Details depend on the application.
221 .IP "\s-1SSL_ERROR_SYSCALL\s0" 4
222 .IX Item "SSL_ERROR_SYSCALL"
223 Some I/O error occurred. The OpenSSL error queue may contain more
224 information on the error. If the error queue is empty
225 (i.e. \fIERR_get_error()\fR returns 0), \fBret\fR can be used to find out more
226 about the error: If \fBret == 0\fR, an \s-1EOF\s0 was observed that violates
227 the protocol. If \fBret == \-1\fR, the underlying \fB\s-1BIO\s0\fR reported an
228 I/O error (for socket I/O on Unix systems, consult \fBerrno\fR for details).
229 .IP "\s-1SSL_ERROR_SSL\s0" 4
230 .IX Item "SSL_ERROR_SSL"
231 A failure in the \s-1SSL\s0 library occurred, usually a protocol error. The
232 OpenSSL error queue contains more information on the error.
234 .IX Header "SEE ALSO"
235 \&\fIssl\fR\|(3), \fIopenssl_err\fR\|(3)
238 \&\fISSL_get_error()\fR was added in SSLeay 0.8.