summaryrefslogtreecommitdiffstats
path: root/doc/man3/SSL_new.pod
blob: 6dfe021ec715a4f56d213a8c466f04cebe51f784 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
=pod

=head1 NAME

SSL_dup, SSL_new, SSL_up_ref - create an SSL structure for a connection

=head1 SYNOPSIS

 #include <openssl/ssl.h>

 SSL *SSL_dup(SSL *s);
 SSL *SSL_new(SSL_CTX *ctx);
 int SSL_up_ref(SSL *s);

=head1 DESCRIPTION

SSL_new() creates a new B<SSL> structure which is needed to hold the
data for a TLS/SSL connection. The new structure inherits the settings
of the underlying context B<ctx>: connection method,
options, verification settings, timeout settings. An B<SSL> structure is
reference counted. Creating an B<SSL> structure for the first time increments
the reference count. Freeing it (using SSL_free) decrements it. When the
reference count drops to zero, any memory or resources allocated to the B<SSL>
structure are freed.

SSL_up_ref() increments the reference count for an
existing B<SSL> structure.

SSL_dup() duplicates an existing B<SSL> structure into a new allocated one
or just increments the reference count if the connection is active. All
settings are inherited from the original B<SSL> structure. Dynamic data (i.e.
existing connection details) are not copied, the new B<SSL> is set into an
initial accept (server) or connect (client) state.

SSL_dup() allows applications to configure an SSL handle for use in multiple
SSL connections, and then duplicate it prior to initiating each connection
with the duplicated handle.  Use of SSL_dup() avoids the need to repeat
the configuration of the handles for each connection.

For SSL_dup() to work, the connection MUST be in its initial state and
MUST NOT have not yet have started the SSL handshake.  For connections
that are not in their initial state SSL_dup() just increments an internal
reference count and returns the I<same> handle.  It may be possible to
use L<SSL_clear(3)> to recycle an SSL handle that is not in its initial
state for re-use, but this is best avoided.  Instead, save and restore
the session, if desired, and construct a fresh handle for each connection.

=head1 RETURN VALUES

The following return values can occur:

=over 4

=item NULL

The creation of a new SSL structure failed. Check the error stack to
find out the reason.

=item Pointer to an SSL structure

The return value points to an allocated SSL structure.

SSL_up_ref() returns 1 for success and 0 for failure.

=back

=head1 SEE ALSO

L<SSL_free(3)>, L<SSL_clear(3)>,
L<SSL_CTX_set_options(3)>,
L<SSL_get_SSL_CTX(3)>,
L<ssl(7)>

=head1 COPYRIGHT

Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the Apache License 2.0 (the "License").  You may not use
this file except in compliance with the License.  You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.

=cut