manipulate SSL engine mode
SSL_CTX_set_mode(SSL_CTX *ctx, long mode);long
SSL_set_mode(SSL *ssl, long mode);long
SSL_CTX_set_mode(SSL_CTX *ctx, long mode);
SSL_set_mode(SSL *ssl, long mode);
- Allow SSL_write(..., n) to return r with (i.e., report success when just a single record has been written). When not set (the default), SSL_write(3) will only report success once the complete chunk was written. Once SSL_write(3) returns with r, r bytes have been successfully written and the next call to SSL_write(3) must only send the n − r bytes left, imitating the behaviour of write(2).
- Make it possible to retry SSL_write(3) with changed buffer location (the buffer contents must stay the same). This is not the default to avoid the misconception that non-blocking SSL_write(3) behaves like non-blocking write(2).
- Never bother the application with retries if the transport is blocking. If a renegotiation take place during normal operation, a SSL_read(3) or SSL_write(3) would return with −1 and indicate the need to retry with SSL_ERROR_WANT_READ. In a non-blocking environment applications must be prepared to handle incomplete read/write operations. In a blocking environment, applications are not always prepared to deal with read/write operations returning without success report. The flag SSL_MODE_AUTO_RETRY will cause read/write operations to only return after the handshake and successful completion.
- When we no longer need a read buffer or a write buffer for a given SSL, then release the memory we were using to hold it. Released memory is either appended to a list of unused RAM chunks on the SSL_CTX, or simply freed if the list of unused chunks would become longer than SSL_CTX->freelist_max_len, which defaults to 32. Using this flag can save around 34k per idle SSL connection. This flag has no effect on SSL v2 connections, or on DTLS connections.
SSL_MODE_AUTO_RETRY was added in OpenSSL 0.9.6.