mirrors/openssl
0
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-12-14 12:34:02 +08:00
Code Issues Packages Projects Releases Wiki Activity

Consolidate doc of BIO_do_connect() and its alias BIO_do_handshake()

Browse Source 
Also documents that they meanwhile try all IP addresses resolved for a given domain name

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12017)
This commit is contained in:
Dr. David von Oheimb 2020-06-02 13:02:42 +02:00
parent f5e23fe889
commit 591315297e
3 changed files with 24 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CHANGES.md
View File

@ -172,6 +172,12 @@ OpenSSL 3.0
*David von Oheimb*
* BIO_do_connect and BIO_do_handshake have been extended:
If domain name resolution yields multiple IP addresses all of them are tried
after connect() failures.
*David von Oheimb*
* All of the low level RSA functions have been deprecated including:
RSA_new_method, RSA_size, RSA_security_bits, RSA_get0_pss_params,

15
doc/man3/BIO_f_ssl.pod
View File

@ -96,12 +96,15 @@ chain and calling SSL_shutdown() on its internal SSL
pointer.
BIO_do_handshake() attempts to complete an SSL handshake on the
supplied BIO and establish the SSL connection. It returns 1
if the connection was established successfully. A zero or negative
value is returned if the connection could not be established, the
call BIO_should_retry() should be used for non blocking connect BIOs
to determine if the call should be retried. If an SSL connection has
already been established this call has no effect.
-supplied BIO and establish the SSL connection.
For non-SSL BIOs the connection is done typically at TCP level.
If domain name resolution yields multiple IP addresses all of them are tried
after connect() failures.
The function returns 1 if the connection was established successfully.
A zero or negative value is returned if the connection could not be established.
The call BIO_should_retry() should be used for non-blocking connect BIOs
to determine if the call should be retried.
If a connection has already been established this call has no effect.
=head1 NOTES

13
doc/man3/BIO_s_connect.pod
View File

@ -94,11 +94,16 @@ non blocking I/O is set during the connect process.
BIO_new_connect() combines BIO_new() and BIO_set_conn_hostname() into
a single call: that is it creates a new connect BIO with B<name>.
BIO_do_connect() attempts to connect the supplied BIO. It returns 1
if the connection was established successfully. A zero or negative
value is returned if the connection could not be established, the
call BIO_should_retry() should be used for non blocking connect BIOs
BIO_do_connect() attempts to connect the supplied BIO.
This performs an SSL/TLS handshake as far as supported by the BIO.
For non-SSL BIOs the connection is done typically at TCP level.
If domain name resolution yields multiple IP addresses all of them are tried
after connect() failures.
The function returns 1 if the connection was established successfully.
A zero or negative value is returned if the connection could not be established.
The call BIO_should_retry() should be used for non blocking connect BIOs
to determine if the call should be retried.
If a connection has already been established this call has no effect.
=head1 NOTES