SSL_do_handshake - perform a TLS/SSL handshake
int SSL_do_handshake(SSL *ssl);
will wait for a SSL/TLS handshake to take place. If
the connection is in client mode, the handshake will be started. The handshake
routines may have to be explicitly set in advance using either
The behaviour of SSL_do_handshake()
depends on the underlying BIO.
If the underlying BIO is blocking
return once the handshake has been finished or an error occurred, except for
SGC (Server Gated Cryptography). For SGC, SSL_do_handshake()
with -1, but SSL_get_error()
If the underlying BIO is non-blocking
also return when the underlying BIO could not satisfy the needs of
to continue the handshake. In this case a call to
with the return value of SSL_do_handshake()
. The calling
process then must repeat the call after taking appropriate action to satisfy
the needs of SSL_do_handshake()
. The action depends on the underlying
BIO. When using a non-blocking socket, nothing is to be done, but
can be used to check for the required condition. When using a
buffering BIO, like a BIO pair, data must be written into or retrieved out of
the BIO before being able to continue.
The following return values can occur:
- The TLS/SSL handshake was not successful but was shut down controlled and
by the specifications of the TLS/SSL protocol. Call SSL_get_error()
with the return value ret to find out the reason.
- The TLS/SSL handshake was successfully completed, a TLS/SSL connection has
- The TLS/SSL handshake was not successful because a fatal error occurred
either at the protocol level or a connection failure occurred. The
shutdown was not clean. It can also occur of action is need to continue
the operation for non-blocking BIOs. Call SSL_get_error() with the
return value ret to find out the reason.