For an SSL
connection, what all can be done with a FD
received from an accept call? Can it be reused?
What I want to know exactly want to know is this :
Once I accept a connection, I get the FD
.
I create an SSL handle (SSL*
) using SSL_new
.
Add the FD
to this handle using SSL_set_fd
.
I do the handshake using SSL_accept
.
Now at this point if I call SSL_shutdown
on SSL*
, will the FD
be closed? What about SSL_free?
If the answer to the above question is no, then can I use the FD
with another SSL*
?
To explain what I want exactly, if we read some data from the connection FD
using handle SSL*
, then we free or shutdown SSL*
, can we read the remaining data from FD
using a new SSL*
?
SSL_shutdown only sends an close notify over the socket. If you want to reuse the socket afterwards as a plain socket you have to make sure, that the other side did also an SSL_shutdown. This information gives you the return code of your SSL_shutdown: if it is 1 the SSL connection is closed, if it is 0 you should call SSL_shutdown again so wait for the close notify from the peer. Please see the SSL_shutdown documentation for more information.
After this is done you can continue to use the socket as a plain socket. This what is done in SSL over FTP (ftps), e.g. with "AUTH TLS" the connection will be upgraded to SSL and with "CCC" it will be downgraded to plain text again.
SSL_free only frees the memory associated with the SSL object, it does not change anything on the socket nor does it send/receive any data.