SSL_want.3ossl - Man Page

obtain state information TLS/SSL I/O operation

Synopsis

 #include <openssl/ssl.h>

 int SSL_want(const SSL *ssl);
 int SSL_want_nothing(const SSL *ssl);
 int SSL_want_read(const SSL *ssl);
 int SSL_want_write(const SSL *ssl);
 int SSL_want_x509_lookup(const SSL *ssl);
 int SSL_want_retry_verify(const SSL *ssl);
 int SSL_want_async(const SSL *ssl);
 int SSL_want_async_job(const SSL *ssl);
 int SSL_want_client_hello_cb(const SSL *ssl);

Description

SSL_want() returns state information for the SSL object ssl.

The other SSL_want_*() calls are shortcuts for the possible states returned by SSL_want().

Notes

SSL_want() examines the internal state information of the SSL object. Its return values are similar to that of SSL_get_error(3). Unlike SSL_get_error(3), which also evaluates the error queue, the results are obtained by examining an internal state flag only. The information must therefore only be used for normal operation under nonblocking I/O. Error conditions are not handled and must be treated using SSL_get_error(3).

The result returned by SSL_want() should always be consistent with the result of SSL_get_error(3).

Return Values

The following return values can currently occur for SSL_want():

SSL_NOTHING

There is no data to be written or to be read.

SSL_WRITING

There are data in the SSL buffer that must be written to the underlying BIO layer in order to complete the actual SSL_*() operation. A call to SSL_get_error(3) should return SSL_ERROR_WANT_WRITE.

SSL_READING

More data must be read from the underlying BIO layer in order to complete the actual SSL_*() operation. A call to SSL_get_error(3) should return SSL_ERROR_WANT_READ.

SSL_X509_LOOKUP

The operation did not complete because an application callback set by SSL_CTX_set_client_cert_cb() has asked to be called again. A call to SSL_get_error(3) should return SSL_ERROR_WANT_X509_LOOKUP.

SSL_RETRY_VERIFY

The operation did not complete because a certificate verification callback has asked to be called again via SSL_set_retry_verify(3). A call to SSL_get_error(3) should return SSL_ERROR_WANT_RETRY_VERIFY.

SSL_ASYNC_PAUSED

An asynchronous operation partially completed and was then paused. See SSL_get_all_async_fds(3). A call to SSL_get_error(3) should return SSL_ERROR_WANT_ASYNC.

SSL_ASYNC_NO_JOBS

The asynchronous job could not be started because there were no async jobs available in the pool (see ASYNC_init_thread(3)). A call to SSL_get_error(3) should return SSL_ERROR_WANT_ASYNC_JOB.

SSL_CLIENT_HELLO_CB

The operation did not complete because an application callback set by SSL_CTX_set_client_hello_cb() has asked to be called again. A call to SSL_get_error(3) should return SSL_ERROR_WANT_CLIENT_HELLO_CB.

SSL_want_nothing(), SSL_want_read(), SSL_want_write(), SSL_want_x509_lookup(), SSL_want_retry_verify(), SSL_want_async(), SSL_want_async_job(), and SSL_want_client_hello_cb() return 1 when the corresponding condition is true or 0 otherwise.

Quic-Specific Considerations

For QUIC, these functions relate only to the TLS handshake layer.

See Also

ssl(7), SSL_get_error(3)

History

The SSL_want_client_hello_cb() function and the SSL_CLIENT_HELLO_CB return value were added in OpenSSL 1.1.1.

Referenced By

openssl-quic.7ossl(7).

The man pages SSL_want_async.3ossl(3), SSL_want_async_job.3ossl(3), SSL_want_client_hello_cb.3ossl(3), SSL_want_nothing.3ossl(3), SSL_want_read.3ossl(3), SSL_want_retry_verify.3ossl(3), SSL_want_write.3ossl(3) and SSL_want_x509_lookup.3ossl(3) are aliases of SSL_want.3ossl(3).

2024-09-12 3.2.2 OpenSSL