path: root/doc/man3/SSL_pending.pod
diff options
authorJung-uk Kim <jkim@FreeBSD.org>2018-09-13 19:18:07 +0000
committerJung-uk Kim <jkim@FreeBSD.org>2018-09-13 19:18:07 +0000
commita43ce912fc025d11e1395506111f75fc194d7ba5 (patch)
tree9794cf7720d75938ed0ea4f499c0dcd4b6eacdda /doc/man3/SSL_pending.pod
parent02be298e504b8554caca6dc85af450e1ea44d19d (diff)
Import OpenSSL 1.1.1.vendor/openssl/1.1.1
Notes: svn path=/vendor-crypto/openssl/dist/; revision=338658 svn path=/vendor-crypto/openssl/1.1.1/; revision=338659; tag=vendor/openssl/1.1.1
Diffstat (limited to 'doc/man3/SSL_pending.pod')
1 files changed, 69 insertions, 0 deletions
diff --git a/doc/man3/SSL_pending.pod b/doc/man3/SSL_pending.pod
new file mode 100644
index 000000000000..c077a318c20e
--- /dev/null
+++ b/doc/man3/SSL_pending.pod
@@ -0,0 +1,69 @@
+=head1 NAME
+SSL_pending, SSL_has_pending - check for readable bytes buffered in an
+SSL object
+=head1 SYNOPSIS
+ #include <openssl/ssl.h>
+ int SSL_pending(const SSL *ssl);
+ int SSL_has_pending(const SSL *s);
+Data is received in whole blocks known as records from the peer. A whole record
+is processed (e.g. decrypted) in one go and is buffered by OpenSSL until it is
+read by the application via a call to L<SSL_read_ex(3)> or L<SSL_read(3)>.
+SSL_pending() returns the number of bytes which have been processed, buffered
+and are available inside B<ssl> for immediate read.
+If the B<SSL> object's I<read_ahead> flag is set (see
+L<SSL_CTX_set_read_ahead(3)>), additional protocol bytes (beyond the current
+record) may have been read containing more TLS/SSL records. This also applies to
+DTLS and pipelining (see L<SSL_CTX_set_split_send_fragment(3)>). These
+additional bytes will be buffered by OpenSSL but will remain unprocessed until
+they are needed. As these bytes are still in an unprocessed state SSL_pending()
+will ignore them. Therefore it is possible for no more bytes to be readable from
+the underlying BIO (because OpenSSL has already read them) and for SSL_pending()
+to return 0, even though readable application data bytes are available (because
+the data is in unprocessed buffered records).
+SSL_has_pending() returns 1 if B<s> has buffered data (whether processed or
+unprocessed) and 0 otherwise. Note that it is possible for SSL_has_pending() to
+return 1, and then a subsequent call to SSL_read_ex() or SSL_read() to return no
+data because the unprocessed buffered data when processed yielded no application
+data (for example this can happen during renegotiation). It is also possible in
+this scenario for SSL_has_pending() to continue to return 1 even after an
+SSL_read_ex() or SSL_read() call because the buffered and unprocessed data is
+not yet processable (e.g. because OpenSSL has only received a partial record so
+SSL_pending() returns the number of buffered and processed application data
+bytes that are pending and are available for immediate read. SSL_has_pending()
+returns 1 if there is buffered record data in the SSL object and 0 otherwise.
+=head1 SEE ALSO
+L<SSL_read_ex(3)>, L<SSL_read(3)>, L<SSL_CTX_set_read_ahead(3)>,
+L<SSL_CTX_set_split_send_fragment(3)>, L<ssl(7)>
+=head1 HISTORY
+The SSL_has_pending() function was added in OpenSSL 1.1.0.
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+Licensed under the OpenSSL license (the "License"). You may not use
+this file except in compliance with the License. You can obtain a copy
+in the file LICENSE in the source distribution or at