Even though it is not really practical people should know about it.
[openssl.git] / doc / ssl / SSL_clear.pod
index 862fd8291df18dcd4adc19077d3fcdee76e3e1ac..f0aa5e94eb03816e9ba6ef38d31aa0763196ae75 100644 (file)
@@ -13,8 +13,17 @@ SSL_clear - reset SSL object to allow another connection
 =head1 DESCRIPTION
 
 Reset B<ssl> to allow another connection. All settings (method, ciphers,
-BIOs) are kept. A completely negotiated B<SSL_SESSION> is not freed but left
-untouched for the underlying B<SSL_CTX>.
+BIOs) are kept.
+
+=head1 NOTES
+
+SSL_clear is used to prepare an SSL object for a new connection. While all
+settings are kept, a side effect is the handling of the current SSL session.
+If a session is still B<open>, it is considered bad and will be removed
+from the session cache, as required by RFC2246. A session is considered open,
+if L<SSL_shutdown(3)|SSL_shutdown(3)> was not called for the connection
+or at least L<SSL_set_shutdown(3)|SSL_set_shutdown(3)> was used to
+set the SSL_SENT_SHUTDOWN state.
 
 =head1 RETURN VALUES
 
@@ -34,6 +43,8 @@ The SSL_clear() operation was successful.
 =back
 
 L<SSL_new(3)|SSL_new(3)>, L<SSL_free(3)|SSL_free(3)>,
-L<ssl(3)|ssl(3)>
+L<SSL_shutdown(3)|SSL_shutdown(3)>, L<SSL_set_shutdown(3)|SSL_set_shutdown(3)>,
+L<SSL_CTX_set_options(3)|SSL_CTX_set_options(3)>, L<ssl(3)|ssl(3)>,
+L<SSL_CTX_set_client_cert_cb(3)|SSL_CTX_set_client_cert_cb(3)>
 
 =cut