SSL_clear - reset SSL object to allow another connection
#include <openssl/ssl.h> int SSL_clear(SSL *ssl);
SSL_clear(3openssl) OpenSSL SSL_clear(3openssl)
NAME
SSL_clear - reset SSL object to allow another connection
SYNOPSIS
#include <openssl/ssl.h>
int SSL_clear(SSL *ssl);
DESCRIPTION
Reset ssl to allow another connection. All settings (method, ciphers,
BIOs) are kept.
ATTRIBUTES
See attributes(7) for descriptions of the following attributes:
+---------------+--------------------------+
|ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+---------------+--------------------------+
|Availability | library/security/openssl |
+---------------+--------------------------+
|Stability | Pass-through uncommitted |
+---------------+--------------------------+
NOTES
SSL_clear is used to prepare an SSL object for a new connection. While
all settings are kept, a side effect is the handling of the current SSL
session. If a session is still open, it is considered bad and will be
removed from the session cache, as required by RFC2246. A session is
considered open, if SSL_shutdown(3) was not called for the connection
or at least SSL_set_shutdown(3) was used to set the SSL_SENT_SHUTDOWN
state.
If a session was closed cleanly, the session object will be kept and
all settings corresponding. This explicitly means, that e.g. the
special method used during the session will be kept for the next
handshake. So if the session was a TLSv1 session, a SSL client object
will use a TLSv1 client method for the next handshake and a SSL server
object will use a TLSv1 server method, even if SSLv23_*_methods were
chosen on startup. This will might lead to connection failures (see
SSL_new(3)) for a description of the method's properties.
Source code for open source software components in Oracle Solaris can
be found at https://www.oracle.com/downloads/opensource/solaris-source-
code-downloads.html.
This software was built from source available at
https://github.com/oracle/solaris-userland. The original community
source was downloaded from
https://www.openssl.org/source/openssl-1.0.2ze.tar.gz.
Further information about this software can be found on the open source
community website at https://www.openssl.org/.
WARNINGS
SSL_clear() resets the SSL object to allow for another connection. The
reset operation however keeps several settings of the last sessions
(some of these settings were made automatically during the last
handshake). It only makes sense for a new connection with the exact
same peer that shares these settings, and may fail if that peer changes
its settings between connections. Use the sequence SSL_get_session(3);
SSL_new(3); SSL_set_session(3); SSL_free(3) instead to avoid such
failures (or simply SSL_free(3); SSL_new(3) if session reuse is not
desired).
RETURN VALUES
The following return values can occur:
0 The SSL_clear() operation could not be performed. Check the error
stack to find out the reason.
1 The SSL_clear() operation was successful.
SSL_new(3), SSL_free(3), SSL_shutdown(3), SSL_set_shutdown(3),
SSL_CTX_set_options(3), ssl(3), SSL_CTX_set_client_cert_cb(3)
1.0.2ze 2022-05-03 SSL_clear(3openssl)