path: root/doc/ssl
diff options
authorJung-uk Kim <jkim@FreeBSD.org>2015-03-20 15:28:40 +0000
committerJung-uk Kim <jkim@FreeBSD.org>2015-03-20 15:28:40 +0000
commit3d2030852da420b820a661e7b19bb757487e2599 (patch)
tree787cdff35e35be75e53f378b098bba3237a8deb7 /doc/ssl
parent8f5086671f06c811be16442eb6d6fe68e5ba71fc (diff)
Import OpenSSL 1.0.1m.vendor/openssl/1.0.1m
Notes: svn path=/vendor-crypto/openssl/dist/; revision=280288 svn path=/vendor-crypto/openssl/1.0.1m/; revision=280289; tag=vendor/openssl/1.0.1m
Diffstat (limited to 'doc/ssl')
3 files changed, 63 insertions, 3 deletions
diff --git a/doc/ssl/SSL_CTX_set_read_ahead.pod b/doc/ssl/SSL_CTX_set_read_ahead.pod
new file mode 100644
index 000000000000..527164b0723f
--- /dev/null
+++ b/doc/ssl/SSL_CTX_set_read_ahead.pod
@@ -0,0 +1,51 @@
+=head1 NAME
+SSL_CTX_set_read_ahead, SSL_CTX_set_default_read_ahead, SSL_CTX_get_read_ahead,
+SSL_CTX_get_default_read_ahead, SSL_set_read_ahead, SSL_get_read_ahead
+- manage whether to read as many input bytes as possible
+=head1 SYNOPSIS
+ #include <openssl/ssl.h>
+ int SSL_get_read_ahead(const SSL *s);
+ void SSL_set_read_ahead(SSL *s, int yes);
+ #define SSL_CTX_get_default_read_ahead(ctx)
+ #define SSL_CTX_set_default_read_ahead(ctx,m)
+ #define SSL_CTX_get_read_ahead(ctx)
+ #define SSL_CTX_set_read_ahead(ctx,m)
+SSL_CTX_set_read_ahead() and SSL_set_read_ahead() set whether we should read as
+many input bytes as possible (for non-blocking reads) or not. For example if
+B<x> bytes are currently required by OpenSSL, but B<y> bytes are available from
+the underlying BIO (where B<y> > B<x>), then OpenSSL will read all B<y> bytes
+into its buffer (providing that the buffer is large enough) if reading ahead is
+on, or B<x> bytes otherwise. The parameter B<yes> or B<m> should be 0 to ensure
+reading ahead is off, or non zero otherwise.
+SSL_CTX_set_default_read_ahead is a synonym for SSL_CTX_set_read_ahead, and
+SSL_CTX_get_default_read_ahead is a synonym for SSL_CTX_get_read_ahead.
+SSL_CTX_get_read_ahead() and SSL_get_read_ahead() indicate whether reading
+ahead has been set or not.
+=head1 NOTES
+These functions have no impact when used with DTLS. The return values for
+SSL_CTX_get_read_head() and SSL_get_read_ahead() are undefined for DTLS.
+SSL_get_read_ahead and SSL_CTX_get_read_ahead return 0 if reading ahead is off,
+and non zero otherwise.
+=head1 SEE ALSO
diff --git a/doc/ssl/SSL_pending.pod b/doc/ssl/SSL_pending.pod
index 43f2874e8b6a..9dd071b62567 100644
--- a/doc/ssl/SSL_pending.pod
+++ b/doc/ssl/SSL_pending.pod
@@ -29,8 +29,9 @@ The number of bytes pending is returned.
SSL_pending() takes into account only bytes from the TLS/SSL record
that is currently being processed (if any). If the B<SSL> object's
-I<read_ahead> flag is set, additional protocol bytes may have been
-read containing more TLS/SSL records; these are ignored by
+I<read_ahead> flag is set (see
+L<SSL_CTX_set_read_ahead(3)|SSL_CTX_set_read_ahead(3)>), additional protocol
+bytes may have been read containing more TLS/SSL records; these are ignored by
Up to OpenSSL 0.9.6, SSL_pending() does not check if the record type
@@ -38,6 +39,7 @@ of pending data is application data.
=head1 SEE ALSO
-L<SSL_read(3)|SSL_read(3)>, L<ssl(3)|ssl(3)>
+L<SSL_CTX_set_read_ahead(3)|SSL_CTX_set_read_ahead(3)>, L<ssl(3)|ssl(3)>
diff --git a/doc/ssl/ssl.pod b/doc/ssl/ssl.pod
index 6d3ee24e4e47..660489a22243 100644
--- a/doc/ssl/ssl.pod
+++ b/doc/ssl/ssl.pod
@@ -229,6 +229,8 @@ protocol context defined in the B<SSL_CTX> structure.
=item int (*B<SSL_CTX_get_client_cert_cb>(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
+=item void B<SSL_CTX_get_default_read_ahead>(SSL_CTX *ctx);
=item char *B<SSL_CTX_get_ex_data>(const SSL_CTX *s, int idx);
=item int B<SSL_CTX_get_ex_new_index>(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))
@@ -237,6 +239,8 @@ protocol context defined in the B<SSL_CTX> structure.
=item int B<SSL_CTX_get_quiet_shutdown>(const SSL_CTX *ctx);
+=item void B<SSL_CTX_get_read_ahead>(SSL_CTX *ctx);
=item int B<SSL_CTX_get_session_cache_mode>(SSL_CTX *ctx);
=item long B<SSL_CTX_get_timeout>(const SSL_CTX *ctx);
@@ -325,6 +329,8 @@ protocol context defined in the B<SSL_CTX> structure.
=item void B<SSL_CTX_set_quiet_shutdown>(SSL_CTX *ctx, int mode);
+=item void B<SSL_CTX_set_read_ahead>(SSL_CTX *ctx, int m);
=item void B<SSL_CTX_set_session_cache_mode>(SSL_CTX *ctx, int mode);
=item int B<SSL_CTX_set_ssl_version>(SSL_CTX *ctx, const SSL_METHOD *meth);
@@ -703,6 +709,7 @@ L<SSL_CTX_set_mode(3)|SSL_CTX_set_mode(3)>,