SSL_accept - wait for a TLS/SSL client to initiate a TLS/SSL handshake
#include <openssl/ssl.h>
int SSL_accept(SSL *ssl);
SSL_accept()
waits for a TLS/SSL client to initiate the TLS/SSL handshake.
The communication channel must already have been set and assigned to the
ssl by setting an underlying BIO.
The behaviour of SSL_accept()
depends on the underlying BIO.
If the underlying BIO is blocking, SSL_accept()
will only return once the
handshake has been finished or an error occurred.
If the underlying BIO is non-blocking, SSL_accept()
will also return
when the underlying BIO could not satisfy the needs of SSL_accept()
to continue the handshake, indicating the problem by the return value -1.
In this case a call to SSL_get_error()
with the
return value of SSL_accept()
will yield SSL_ERROR_WANT_READ or
SSL_ERROR_WANT_WRITE. The calling process then must repeat the call after
taking appropriate action to satisfy the needs of SSL_accept()
.
The action depends on the underlying BIO. When using a non-blocking socket,
nothing is to be done, but select()
can be used to check for the required
condition. When using a buffering BIO, like a BIO pair, data must be written
into or retrieved out of the BIO before being able to continue.
The following return values can occur:
The TLS/SSL handshake was not successful but was shut down controlled and
by the specifications of the TLS/SSL protocol. Call SSL_get_error()
with the
return value ret to find out the reason.
The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been established.
The TLS/SSL handshake was not successful because a fatal error occurred either
at the protocol level or a connection failure occurred. The shutdown was
not clean. It can also occur of action is need to continue the operation
for non-blocking BIOs. Call SSL_get_error()
with the return value ret
to find out the reason.
SSL_get_error(3), SSL_connect(3), SSL_shutdown(3), ssl(7), bio(7), SSL_set_connect_state(3), SSL_do_handshake(3), SSL_CTX_new(3)
Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.