Fix wrong information about SSL_set_connect_state()...

diff --git a/doc/ssl/SSL_CTX_new.pod b/doc/ssl/SSL_CTX_new.pod
index 1dae8b0bdd02e2a1c048bd410bf126cc8734a24b..465220a75c0a8990a6d7166ea13b72712d6f9dab 100644 (file)
--- a/doc/ssl/SSL_CTX_new.pod
+++ b/doc/ssl/SSL_CTX_new.pod
@@ -59,10 +59,6 @@ choice when compatibility is a concern.
 
 =back
 
 
 =back
 

-If a generic method is used, it is necessary to explicitly set client or
-server mode with L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>
-or SSL_set_accept_state().
-

 The list of protocols available can later be limited using the SSL_OP_NO_SSLv2,
 SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1 options of the B<SSL_CTX_set_options()> or
 B<SSL_set_options()> functions. Using these options it is possible to choose
 The list of protocols available can later be limited using the SSL_OP_NO_SSLv2,
 SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1 options of the B<SSL_CTX_set_options()> or
 B<SSL_set_options()> functions. Using these options it is possible to choose

diff --git a/doc/ssl/SSL_accept.pod b/doc/ssl/SSL_accept.pod
index 86f980de41b71103ca354b25d72daef328c20ac5..ac6caf9baafc8cd514bdf2a91d3917202fd6f73f 100644 (file)
--- a/doc/ssl/SSL_accept.pod
+++ b/doc/ssl/SSL_accept.pod
@@ -37,11 +37,6 @@ nothing is to be done, but select() can be used to check for the required
 condition. When using a buffering BIO, like a BIO pair, data must be written
 into or retrieved out of the BIO before being able to continue.
 
 condition. When using a buffering BIO, like a BIO pair, data must be written
 into or retrieved out of the BIO before being able to continue.
 

-When using a generic method (see L<SSL_CTX_new(3)|SSL_CTX_new(3)>), it
-is necessary to call SSL_set_accept_state()
-before calling SSL_accept() to explicitly switch the B<ssl> to server
-mode.
-

 =head1 RETURN VALUES
 
 The following return values can occur:
 =head1 RETURN VALUES
 
 The following return values can occur:

diff --git a/doc/ssl/SSL_connect.pod b/doc/ssl/SSL_connect.pod
index bcc167745b87d0a86bd1a2d09296adb817786d16..766f1876aafc408158232a4f0ece6488bac24c81 100644 (file)
--- a/doc/ssl/SSL_connect.pod
+++ b/doc/ssl/SSL_connect.pod
@@ -34,11 +34,6 @@ nothing is to be done, but select() can be used to check for the required
 condition. When using a buffering BIO, like a BIO pair, data must be written
 into or retrieved out of the BIO before being able to continue.
 
 condition. When using a buffering BIO, like a BIO pair, data must be written
 into or retrieved out of the BIO before being able to continue.
 

-When using a generic method (see L<SSL_CTX_new(3)|SSL_CTX_new(3)>), it
-is necessary to call L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>
-before calling SSL_connect() to explicitly switch the B<ssl> to client
-mode.
-

 =head1 RETURN VALUES
 
 The following return values can occur:
 =head1 RETURN VALUES
 
 The following return values can occur:

diff --git a/doc/ssl/SSL_read.pod b/doc/ssl/SSL_read.pod
index cc7aa1a5476639adcfba3ff8623bafcad12b832b..e9557ba1a1868b0679df6551200ddc3d9c13f950 100644 (file)
--- a/doc/ssl/SSL_read.pod
+++ b/doc/ssl/SSL_read.pod
@@ -25,11 +25,10 @@ the SSL_read() operation. The behaviour of SSL_read() depends on the
 underlying BIO. 
 
 For the transparent negotiation to succeed, the B<ssl> must have been
 underlying BIO. 
 
 For the transparent negotiation to succeed, the B<ssl> must have been

-initialized to client or server mode. This is not the case if a generic
-method is being used (see L<SSL_CTX_new(3)|SSL_CTX_new(3)>, so that
+initialized to client or server mode. This is being done by calling

 L<SSL_set_connect_state(3)|SSL_set_connect_state(3)> or SSL_set_accept_state()
 L<SSL_set_connect_state(3)|SSL_set_connect_state(3)> or SSL_set_accept_state()

-must be used before the first call to an SSL_read() or
-L<SSL_write(3)|SSL_write(3)> function).
+before the first call to an SSL_read() or L<SSL_write(3)|SSL_write(3)>
+function.

 
 SSL_read() works based on the SSL/TLS records. The data are received in
 records (with a maximum record size of 16kB for SSLv3/TLSv1). Only when a
 
 SSL_read() works based on the SSL/TLS records. The data are received in
 records (with a maximum record size of 16kB for SSLv3/TLSv1). Only when a

diff --git a/doc/ssl/SSL_set_connect_state.pod b/doc/ssl/SSL_set_connect_state.pod
index a8c4463c640a22b49588600eb9a00a3950f2772e..adf52a93c23a8068bb589d33bf05c02a7114f186 100644 (file)
--- a/doc/ssl/SSL_set_connect_state.pod
+++ b/doc/ssl/SSL_set_connect_state.pod
@@ -14,9 +14,9 @@ SSL_set_connect_state, SSL_get_accept_state - prepare SSL object to work in clie
 
 =head1 DESCRIPTION
 
 
 =head1 DESCRIPTION
 

-SSL_set_connect_state() B<ssl> to work in client mode.
+SSL_set_connect_state() sets B<ssl> to work in client mode.

 
 

-SSL_set_accept_state() B<ssl> to work in server mode.
+SSL_set_accept_state() sets B<ssl> to work in server mode.

 
 =head1 NOTES
 
 
 =head1 NOTES
 


@@ -27,12 +27,17 @@ server connections. (The method might have been changed with
 L<SSL_CTX_set_ssl_version(3)|SSL_CTX_set_ssl_version(3)> or
 SSL_set_ssl_method().)
 
 L<SSL_CTX_set_ssl_version(3)|SSL_CTX_set_ssl_version(3)> or
 SSL_set_ssl_method().)
 

-In order to successfully accomplish the handshake, the SSL routines need
-to know whether they should act in server or client mode. If the generic
-method was used, this is not clear from the method itself and must be set
-with either SSL_set_connect_state() or SSL_set_accept_state(). If these
-routines are not called, the default value set when L<SSL_new(3)|SSL_new(3)>
-is called is server mode.
+When beginning a new handshake, the SSL engine must know whether it must
+call the connect (client) or accept (server) routines. Even though it may
+be clear from the method chosen, whether client or server mode was
+requested, the handshake routines must be explicitly set.
+
+When using the L<SSL_connect(3)|SSL_connect(3)> or
+L<SSL_accept(3)|SSL_accept(3)> routines, the correct handshake
+routines are automatically set. When performing a transparent negotiation
+using L<SSL_write(3)|SSL_write(3)> or L<SSL_read(3)|SSL_read(3)>, the
+handshake routines must be explicitely set in advance using either
+SSL_set_connect_state() or SSL_set_accept_state().

 
 =head1 RETURN VALUES
 
 
 =head1 RETURN VALUES
 


@@ -42,6 +47,8 @@ information.
 =head1 SEE ALSO
 
 L<ssl(3)|ssl(3)>, L<SSL_new(3)|SSL_new(3)>, L<SSL_CTX_new(3)|SSL_CTX_new(3)>,
 =head1 SEE ALSO
 
 L<ssl(3)|ssl(3)>, L<SSL_new(3)|SSL_new(3)>, L<SSL_CTX_new(3)|SSL_CTX_new(3)>,

+L<SSL_connect(3)|SSL_connect(3)>, L<SSL_accept(3)|SSL_accept(3)>,
+L<SSL_write(3)|SSL_write(3)>, L<SSL_read(3)|SSL_read(3)>,

 L<SSL_CTX_set_ssl_version(3)|SSL_CTX_set_ssl_version(3)>
 
 =cut
 L<SSL_CTX_set_ssl_version(3)|SSL_CTX_set_ssl_version(3)>
 
 =cut

diff --git a/doc/ssl/SSL_write.pod b/doc/ssl/SSL_write.pod
index b0dfefae20dd134c6badf53cb799e16ee67342b1..da66f0f056fc2be2e63b90e7dfea8fc498a2ced1 100644 (file)
--- a/doc/ssl/SSL_write.pod
+++ b/doc/ssl/SSL_write.pod
@@ -25,11 +25,9 @@ the SSL_write() operation. The behaviour of SSL_write() depends on the
 underlying BIO. 
 
 For the transparent negotiation to succeed, the B<ssl> must have been
 underlying BIO. 
 
 For the transparent negotiation to succeed, the B<ssl> must have been

-initialized to client or server mode. This is not the case if a generic
-method is being used (see L<SSL_CTX_new(3)|SSL_CTX_new(3)>, so that
+initialized to client or server mode. This is being done by calling

 L<SSL_set_connect_state(3)|SSL_set_connect_state(3)> or SSL_set_accept_state()
 L<SSL_set_connect_state(3)|SSL_set_connect_state(3)> or SSL_set_accept_state()

-must be used before the first call to an L<SSL_read(3)|SSL_read(3)>
-or SSL_write() function.
+before the first call to an L<SSL_read(3)|SSL_read(3)> or SSL_write() function.

 
 If the underlying BIO is B<blocking>, SSL_write() will only return, once the
 write operation has been finished or an error occurred, except when a
 
 If the underlying BIO is B<blocking>, SSL_write() will only return, once the
 write operation has been finished or an error occurred, except when a