SSL_CTX_set_mode(3) OpenSSL SSL_CTX_set_mode(3)
SSL_CTX_set_mode, SSL_set_mode, SSL_CTX_get_mode, SSL_get_mode - manipulate SSL engine
long SSL_CTX_set_mode(SSL_CTX *ctx, long mode);
long SSL_set_mode(SSL *ssl, long mode);
long SSL_CTX_get_mode(SSL_CTX *ctx);
long SSL_get_mode(SSL *ssl);
SSL_CTX_set_mode() adds the mode set via bitmask in mode to ctx. Options already set
before are not cleared.
SSL_set_mode() adds the mode set via bitmask in mode to ssl. Options already set before
are not cleared.
SSL_CTX_get_mode() returns the mode set for ctx.
SSL_get_mode() returns the mode set for ssl.
The following mode changes are available:
Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success when just a
single record has been written). When not set (the default), SSL_write() will only
report success once the complete chunk was written. Once SSL_write() returns with r,
r bytes have been successfully written and the next call to SSL_write() must only send
the n-r bytes left, imitating the behaviour of write().
Make it possible to retry SSL_write() with changed buffer location (the buffer
contents must stay the same). This is not the default to avoid the misconception that
non-blocking SSL_write() behaves like non-blocking write().
Never bother the application with retries if the transport is blocking. If a
renegotiation take place during normal operation, a SSL_read(3) or SSL_write(3) would
return with -1 and indicate the need to retry with SSL_ERROR_WANT_READ. In a non-
blocking environment applications must be prepared to handle incomplete read/write
operations. In a blocking environment, applications are not always prepared to deal
with read/write operations returning without success report. The flag
SSL_MODE_AUTO_RETRY will cause read/write operations to only return after the
handshake and successful completion.
When we no longer need a read buffer or a write buffer for a given SSL, then release
the memory we were using to hold it. Released memory is either appended to a list of
unused RAM chunks on the SSL_CTX, or simply freed if the list of unused chunks would
become longer than SSL_CTX->freelist_max_len, which defaults to 32. Using this flag
can save around 34k per idle SSL connection. This flag has no effect on SSL v2
connections, or on DTLS connections.
SSL_CTX_set_mode() and SSL_set_mode() return the new mode bitmask after adding mode.
SSL_CTX_get_mode() and SSL_get_mode() return the current bitmask.
ssl(3), SSL_read(3), SSL_write(3)
SSL_MODE_AUTO_RETRY as been added in OpenSSL 0.9.6.
1.0.1e 2013-02-11 SSL_CTX_set_mode(3)