NAME
SSL_clear — reset SSL object to allow another connection
Synopsis
#include <openssl/ssl.h>
int
SSL_clear(SSL *ssl);
DESCRIPTION
Reset ssl to allow another connection. All settings (method,
ciphers, BIOs) are kept.
NOTES
SSL_clear is used to prepare an SSL object for a new connection.
While all settings are kept, a side effect is the handling of the
current SSL session. If a session is still open, it is considered
bad and will be removed from the session cache, as required by RFC2246.
A session is considered open, if SSL_shutdown(3) was not called for the connection
or at least SSL_set_shutdown(3) was used to set the SSL_SENT_SHUTDOWN state.
If a session was closed cleanly, the session object will be
kept and all settings corresponding. This explicitly means, that
e.g. the special method used during the session will be kept for
the next handshake. So if the session was a TLSv1 session, a SSL
client object will use a TLSv1 client method for the next handshake
and a SSL server object will use a TLSv1 server method, even if
SSLv23_*_methods were chosen on startup. This will might lead to
connection failures (see SSL_new(3)) for a description of the
method's properties.
WARNINGS
SSL_clear() resets the SSL object to allow for another connection.
The reset operation however keeps several settings of the last sessions
(some of these settings were made automatically during the last
handshake). It only makes sense when opening a new session (or reusing
an old one) with the same peer that shares these settings. SSL_clear()
is not a short form for the sequence SSL_free(3); SSL_new(3); .
RETURN VALUES
The following return values can occur:
0
The SSL_clear() operation could not be performed. Check the
error stack to find out the reason.
1
The SSL_clear() operation was successful.
SEE ALSO
SSL_new(3), SSL_free(3), SSL_shutdown(3), SSL_set_shutdown(3), SSL_CTX_set_options(3), ssl(3), SSL_CTX_set_client_cert_cb(3)