Hi!
as the topic just popped up on openssl-users, I have clarified that
SSL_read()/write() must be called with the same arguments when
they have to be repeated. I also added a manual page for SSL_pending.
I have further changed some to the "NOTES" style recommended by Richard
Levitte and added SSL_CTX_set_ssl_version.
Best,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
diff -r -u --new-file
openssl-SNAP-20000920-vanilla/doc/ssl/SSL_CTX_set_ssl_version.pod
openssl-SNAP-20000920/doc/ssl/SSL_CTX_set_ssl_version.pod
--- openssl-SNAP-20000920-vanilla/doc/ssl/SSL_CTX_set_ssl_version.pod Thu Jan 1
01:00:00 1970
+++ openssl-SNAP-20000920/doc/ssl/SSL_CTX_set_ssl_version.pod Wed Sep 20 20:49:46
+2000
@@ -0,0 +1,60 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_set_ssl_version, SSL_set_ssl_method, SSL_get_ssl_method
+- choose a new TLS/SSL method
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_CTX_set_ssl_version(SSL_CTX *ctx, SSL_METHOD *method);
+ int SSL_set_ssl_method(SSL *s, SSL_METHOD *method);
+ SSL_METHOD *SSL_get_ssl_method(SSL *ssl);
+
+=head1 DESCRIPTION
+
+SSL_CTX_set_ssl_version() sets a new default TLS/SSL B<method> for SSL objects
+newly created from this B<ctx>. SSL objects already created with
+L<SSL_new(3)|SSL_new(3)> are not affected, except when SSL_clear() is
+being called.
+
+SSL_set_ssl_method() sets a new TLS/SSL B<method> for a particular B<ssl>
+object. It may be reset, when SSL_clear() is called.
+
+SSL_get_ssl_method() returns a function pointer to the TLS/SSL method
+set in B<ssl>.
+
+=head1 NOTES
+
+The available B<method> choices are described in
+L<SSL_CTX_new(3)|SSL_CTX_new(3)>.
+
+When SSL_clear() is called and no session is connected to an SSL object,
+the method of the SSL object is reset to the method currently set in
+the corresponding SSL_CTX object.
+
+=head1 RETURN VALUES
+
+The following return values can occur for SSL_CTX_set_ssl_version()
+and SSL_set_ssl_method():
+
+=over 4
+
+=item 0
+
+The new choice failed, check the error stack to find out the reason.
+
+=item 1
+
+The operation succeeded.
+
+=back
+
+=head1 SEE ALSO
+
+L<SSL_CTX_new(3)|SSL_CTX_new(3)>, L<SSL_new(3)|SSL_new(3)>,
+L<SSL_clear(3)|SSL_clear(3)>, L<ssl(3)|ssl(3)>
+
+=cut
diff -r -u --new-file openssl-SNAP-20000920-vanilla/doc/ssl/SSL_accept.pod
openssl-SNAP-20000920/doc/ssl/SSL_accept.pod
--- openssl-SNAP-20000920-vanilla/doc/ssl/SSL_accept.pod Sat Sep 16 18:01:01
2000
+++ openssl-SNAP-20000920/doc/ssl/SSL_accept.pod Wed Sep 20 21:04:38 2000
@@ -14,8 +14,11 @@
SSL_accept() waits for a TLS/SSL client to initiate the TLS/SSL handshake.
The communication channel must already have been set and assigned to the
-B<ssl> by setting an underlying B<BIO>. The behaviour of SSL_accept() depends
-on the underlying BIO.
+B<ssl> by setting an underlying B<BIO>.
+
+=head1 NOTES
+
+The behaviour of SSL_accept() depends on the underlying BIO.
If the underlying BIO is B<blocking>, SSL_accept() will only return once the
handshake has been finished or an error occurred, except for SGC (Server
diff -r -u --new-file openssl-SNAP-20000920-vanilla/doc/ssl/SSL_connect.pod
openssl-SNAP-20000920/doc/ssl/SSL_connect.pod
--- openssl-SNAP-20000920-vanilla/doc/ssl/SSL_connect.pod Sat Sep 16 19:00:30
2000
+++ openssl-SNAP-20000920/doc/ssl/SSL_connect.pod Wed Sep 20 21:04:59 2000
@@ -14,8 +14,11 @@
SSL_connect() initiates the TLS/SSL handshake with a server. The communication
channel must already have been set and assigned to the B<ssl> by setting an
-underlying B<BIO>. The behaviour of SSL_connect() depends on the underlying
-BIO.
+underlying B<BIO>.
+
+=head1 NOTES
+
+The behaviour of SSL_connect() depends on the underlying BIO.
If the underlying BIO is B<blocking>, SSL_connect() will only return once the
handshake has been finished or an error occurred.
diff -r -u --new-file openssl-SNAP-20000920-vanilla/doc/ssl/SSL_pending.pod
openssl-SNAP-20000920/doc/ssl/SSL_pending.pod
--- openssl-SNAP-20000920-vanilla/doc/ssl/SSL_pending.pod Thu Jan 1 01:00:00
1970
+++ openssl-SNAP-20000920/doc/ssl/SSL_pending.pod Wed Sep 20 21:12:39 2000
@@ -0,0 +1,30 @@
+=pod
+
+=head1 NAME
+
+SSL_pending - obtain number of readable bytes buffered in an SSL object
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_pending(SSL *ssl);
+
+=head1 DESCRIPTION
+
+SSL_pending() returns the number of bytes which are available inside
+B<ssl> for immediate read.
+
+=head1 NOTES
+
+Data are received in blocks from the peer. Therefore data can be buffered
+inside B<ssl> and are ready for immediate retrieval with
+L<SSL_read(3)|SSL_read(3)>.
+
+=head1 RETURN VALUES
+
+The number of bytes pending is returned.
+
+L<SSL_read(3)|SSL_read(3)>, L<ssl(3)|ssl(3)>
+
+=cut
diff -r -u --new-file openssl-SNAP-20000920-vanilla/doc/ssl/SSL_read.pod
openssl-SNAP-20000920/doc/ssl/SSL_read.pod
--- openssl-SNAP-20000920-vanilla/doc/ssl/SSL_read.pod Sat Sep 16 18:01:02 2000
+++ openssl-SNAP-20000920/doc/ssl/SSL_read.pod Wed Sep 20 21:02:45 2000
@@ -13,7 +13,11 @@
=head1 DESCRIPTION
SSL_read() tries to read B<num> bytes from the specified B<ssl> into the
-buffer B<buf>. If necessary, SSL_read() will negotiate a TLS/SSL session, if
+buffer B<buf>.
+
+=head1 NOTES
+
+If necessary, SSL_read() will negotiate a TLS/SSL session, if
not already explicitly performed by SSL_connect() or SSL_accept(). If the
peer requests a re-negotiation, it will be performed transparently during
the SSL_read() operation. The behaviour of SSL_read() depends on the
@@ -33,6 +37,12 @@
non-blocking socket, nothing is to be done, but select() can be used to check
for the required condition. When using a buffering BIO, like a BIO pair, data
must be written into or retrieved out of the BIO before being able to continue.
+
+=head1 IMPORTANT
+
+When an SSL_read() operation has to be repeated because of
+B<SSL_ERROR_WANT_READ> or B<SSL_ERROR_WANT_WRITE>, it must be repeated
+with the same arguments.
=head1 RETURN VALUES
diff -r -u --new-file openssl-SNAP-20000920-vanilla/doc/ssl/SSL_write.pod
openssl-SNAP-20000920/doc/ssl/SSL_write.pod
--- openssl-SNAP-20000920-vanilla/doc/ssl/SSL_write.pod Sat Sep 16 18:01:02 2000
+++ openssl-SNAP-20000920/doc/ssl/SSL_write.pod Wed Sep 20 21:03:54 2000
@@ -13,7 +13,11 @@
=head1 DESCRIPTION
SSL_write() writes B<num> bytes from the buffer B<buf> into the specified
-B<ssl>. If necessary, SSL_write() will negotiate a TLS/SSL session, if
+B<ssl> connection.
+
+=head1 NOTES
+
+If necessary, SSL_write() will negotiate a TLS/SSL session, if
not already explicitly performed by SSL_connect() or SSL_accept(). If the
peer requests a re-negotiation, it will be performed transparently during
the SSL_write() operation. The behaviour of SSL_write() depends on the
@@ -33,6 +37,12 @@
non-blocking socket, nothing is to be done, but select() can be used to check
for the required condition. When using a buffering BIO, like a BIO pair, data
must be written into or retrieved out of the BIO before being able to continue.
+
+=head1 IMPORTANT
+
+When an SSL_write() operation has to be repeated because of
+B<SSL_ERROR_WANT_READ> or B<SSL_ERROR_WANT_WRITE>, it must be repeated
+with the same arguments.
=head1 RETURN VALUES
