SSL_accept - wait for a TLS/SSL client to initiate a TLS/SSL handshake
int SSL_accept(SSL *ssl);
SSL_accept() waits for a TLS/SSL client to initiate the
TLS/SSL handshake. The communication channel must already have been set and
assigned to the
ssl by setting an underlying BIO.
The behaviour of
SSL_accept() depends on the underlying BIO.
If the underlying BIO is blocking,
SSL_accept() will only return once the handshake has been
finished or an error occurred, except for SGC (Server Gated Cryptography).
SSL_accept() may return with -1, but
SSL_get_error() will yield SSL_ERROR_WANT_READ/WRITE and
SSL_accept() should be called again.
If the underlying BIO is non-blocking,
SSL_accept() will also return when the underlying BIO could
not satisfy the needs of
SSL_accept() to continue the
handshake, indicating the problem by the return value -1. In this case a
SSL_get_error() with the return value of
SSL_accept() will yield SSL_ERROR_WANT_READ or
SSL_ERROR_WANT_WRITE. The calling process then must repeat the call after taking appropriate
action to satisfy the needs of
SSL_accept(). The action
depends on the underlying BIO. When using a non-blocking socket, nothing is
to be done, but
select() can be used to check for the required
condition. When using a buffering BIO, like a BIO pair, data must be
written into or retrieved out of the BIO before being able to continue.
The following return values can occur:
The TLS/SSL handshake was not successful but was shut down controlled and
by the specifications of the TLS/SSL protocol. Call
SSL_get_error() with the return value ret to find out the reason.
The TLS/SSL handshake was successfully completed, a TLS/SSL connection has
The TLS/SSL handshake was not successful because a fatal error occurred
either at the protocol level or a connection failure occurred. The shutdown
was not clean. It can also occur of action is need to continue the
operation for non-blocking BIOs. Call
SSL_get_error() with the
return value ret
to find out the reason.
SSL_shutdown(3), ssl(3), bio(3),