ibm-information-center/dist/eclipse/plugins/i5OS.ic.apis_5.4.0.1/sslread.htm

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Copyright" content="Copyright (c) 2006 by IBM Corporation">
<title>SSL_Read()--Receive Data from an SSL-Enabled Socket Descriptor</title>
<!-- All rights reserved. Licensed Materials Property of IBM          -->
<!-- US Government Users Restricted Rights                            -->
<!-- Use, duplication or disclosure restricted by                     -->
<!-- GSA ADP Schedule Contract with IBM Corp.                         -->
<!-- Begin Header Records  ========================================== -->
<!-- Direct1 SCRIPT J converted by B2H R4.1 (346) (CMS) by V2KEA304   -->
<!-- at RCHVMW2 on 17 Feb 1999 at 11:05:09                            -->
<!--End Header Records -->
<link rel="stylesheet" type="text/css" href="../rzahg/ic.css">
</head>
<body>
<a name="Top_Of_Page"></a> 
<!-- Java sync-link -->
<script type="text/javascript" language="Javascript" src="../rzahg/synch.js">
</script>

<h2>SSL_Read()--Receive Data from an SSL-Enabled Socket Descriptor</h2>

<div class="box" style="width: 60%;">
<br>
&nbsp;&nbsp;Syntax<br>
<pre>
 #include &lt;qsossl.h&gt;

 int SSL_Read(SSLHandle *<em>handle</em>,
              void *<em>buffer</em>,
              int <em>buffer_length</em>)  
</pre>
<br>
&nbsp;&nbsp;Service Program Name: QSOSSLSR<br>
<!-- iddvc RMBR -->
<br>
&nbsp;&nbsp;Default Public Authority: *USE<br>
<!-- iddvc RMBR -->
<br>
&nbsp;&nbsp;Threadsafe: Yes<br>
<!-- iddvc RMBR -->
<br>
</div>

<p>The <strong><em>SSL_Read()</em></strong> function is used by a program to
receive data from an SSL-enabled socket descriptor.</p>

<br>
<h3>Parameters</h3>

<dl>
<dt>SSLHandle* <strong><em>handle</em></strong> &nbsp;(input)&nbsp;</dt>

<dd>The pointer to an <strong><em>SSLHandle</em></strong> for an SSL session.
An <strong><em>SSLHandle</em></strong> is a typedef for a buffer of type struct
<strong><em>SSLHandleStr</em></strong>. In <strong>&lt;qsossl.h&gt;</strong>,
struct <strong><em>SSLHandleStr</em></strong> is defined as the following:<br>
<br>
<table border cellpadding="5">
<tr>
<td>
<pre>
struct SSLHandleStr {                 /* SSLHandleStr                */
   int            fd;                 /* Socket descriptor           */
   int            createFlags;        /* SSL_Create flags value      */
   unsigned       protocol;           /* SSL protocol version        */
   unsigned       timeout;            /* Timeout value in seconds    */
   unsigned char  cipherKind[3];      /* Current 2.0 cipher suite*/
   unsigned short int cipherSuite;    /* Current 3.0 cipher suite    */
   unsigned short int* cipherSuiteList; /* List of cipher suites     */
   unsigned int        cipherSuiteListLen; /* Number of entries in
                                         the cipher suites list      */
   unsigned char* peerCert;           /* Peer certificate            */
   unsigned       peerCertLen;        /* Peer certificate length     */
   int            peerCertValidateRc; /* Return code from
                                         validation of certficate    */
   int            (*exitPgm)(struct SSLHandleStr* sslh);
                                      /* Authentication exit
                                         program called when a
                                         certificate is received
                                         during SSL handshake        */
};
</pre>
</td>
</tr>
</table>

<br>
</dd>

<dt>void *<strong><em>buffer</em></strong> &nbsp;(input)&nbsp;</dt>

<dd>A pointer to the user-supplied buffer in which the data that is received on
the SSL session is to be stored.<br>
<br>
</dd>

<dt>int <strong><em>buffer_length</em></strong> &nbsp;(input)&nbsp;</dt>

<dd>The length of the <em>buffer</em>.</dd>
</dl>

<br>
<h3>Authorities</h3>

<p>No authorization is required.</p>

<br>
<h3>Return Value</h3>

<p>The <em>SSL_Read()</em> API returns an integer. Possible values are:</p>

<dl>
<dt><em>[n]</em> </dt>

<dd>
<p>Successful, where n is the number of bytes read. </p>
</dd>

<dt><em>[SSL_ERROR_BAD_MESSAGE]</em> </dt>

<dd>
<p>SSL received a badly formatted message. </p>
</dd>

<dt><em>[SSL_ERROR_BAD_MAC]</em> </dt>

<dd>
<p>A bad message authentication code was received. </p>
</dd>

<dt><em>[SSL_ERROR_BAD_MALLOC]</em> </dt>

<dd>
<p>Unable to allocate storage required for SSL processing. </p>
</dd>

<dt><em>[SSL_ERROR_BAD_STATE]</em> </dt>

<dd>
<p>SSL detected a bad state in the SSL session. </p>
</dd>

<dt><em>[SSL_ERROR_CLOSED]</em> </dt>

<dd>
<p>The SSL session ended. </p>
</dd>

<dt><em>[SSL_ERROR_IO]</em> </dt>

<dd>
<p>An error occurred in SSL processing; check the <em>errno</em> value. </p>
</dd>

<dt><em>[SSL_ERROR_PERMISSION_DENIED]</em> </dt>

<dd>
<p>Permission was denied to access object. </p>
</dd>

<dt><em>[SSL_ERROR_UNKNOWN]</em> </dt>

<dd>
<p>An unknown or unexpected error occurred during SSL processing. </p>
</dd>

<dt><em>[SSL_ERROR_UNSUPPORTED_CERTIFICATE_TYPE]</em> </dt>

<dd>
<p>i5/OS does not support the certificate's type.</p>
</dd>
</dl>

<br>
<h3>Error Conditions</h3>

<p>When the <em>SSL_Read()</em> API fails with return code [SSL_ERROR_IO],
<em>errno</em> can be set to:</p>

<dl>
<dt><em>[EBADF]</em> </dt>

<dd>
<p>Descriptor not valid. </p>
</dd>

<dt><em>[ECONNRESET]</em> </dt>

<dd>
<p>A connection with a remote socket was reset by that socket. </p>
</dd>

<dt><em>[EFAULT]</em> </dt>

<dd>
<p>Bad address.</p>

<p>One of the following conditions occurred:</p>

<ul>
<li>The system detected an address that was not valid while attempting to
access the <em>buffer</em> parameter.</li>

<li>The system detected an address that was not valid while attempting to
access the <em>handle</em> parameter or one of the address fields in the
<em>handle</em> parameter.</li>
</ul><br>
</dd>

<dt><em>[EINVAL]</em> </dt>

<dd>
<p>Parameter not valid.</p>

<p>This error code indicates one of the following:</p>

<ul>
<li>The <em>socket_descriptor</em> type is not SOCK_STREAM or address family is
not AF_INET or AF_INET6.</li>

<li>One of the parameters passed is not valid or is NULL.</li>

<li>The <em>buffer_length</em> parameter specifies a negative value.</li>
</ul><br>
</dd>

<dt><em>[EIO]</em> </dt>

<dd>
<p>Input/output error.  </p>
</dd>

<dt><em>[ENOTCONN]</em> </dt>

<dd>
<p>Requested operation requires a connection.</p>

<p>This error code indicates one of the following:</p>

<ul>
<li>The <em>socket_descriptor</em> is not for a socket that is in a connected
state.</li>

<li>The <em>socket_descriptor</em> has not had SSL support enabled. This
usually means that an <em>SSL_Create()</em> has not been completed for this
<em>socket_descriptor</em>.</li>
</ul><br>
</dd>

<dt><em>[ENOTSOCK]</em></dt>

<dd>
<p>The specified descriptor does not reference a socket.  </p>
</dd>

<dt><em>[ETIMEDOUT]</em></dt>

<dd>
<p>A remote host did not respond within the timeout period.</p>
</dd>

<dt><em>[EUNATCH]</em></dt>

<dd>
<p>The protocol required to support the specified address family is not
available at this time.</p>
</dd>

<dt><em>[EUNKNOWN]</em></dt>

<dd>
<p>Unknown system state.</p>
</dd>

<dt><em>[EWOULDBLOCK]</em> </dt>

<dd>
<p>Operation would have caused the thread to be suspended.</p>
</dd>
</dl>

<br>
<br>
<h3>Error Messages</h3>

<table width="100%" cellpadding="5">
<tr>
<th align="left" valign="top">Message ID</th>
<th align="left" valign="top">Error Message Text</th>
</tr>

<tr>
<td align="left" valign="top">CPE3418 E</td>
<td align="left" valign="top">Possible APAR condition or hardware failure.</td>
</tr>

<tr>
<td align="left" valign="top">CPF9872 E</td>
<td align="left" valign="top">Program or service program &amp;1 in library
&amp;2 ended. Reason code &amp;3.</td>
</tr>

<tr>
<td align="left" valign="top">CPFA081 E</td>
<td align="left" valign="top">Unable to set return value or error code.</td>
</tr>
</table>
<br><br>
<h3>Usage Notes</h3>

<ol>
<li>The <em>SSL_Read()</em> function is only valid on sockets that have an
address family of <samp>AF_INET</samp> or <samp>AF_INET6</samp> and a socket type of <samp>SOCK_STREAM</samp>. If the descriptor
pointed to by the <em>handle</em> structure parameter does not have the correct
address family and socket type, [SSL_ERROR_IO] is returned and the
<em>errno</em> value is set to EINVAL.<br>
<br>
</li>

<li>The maximum length of data returned will not exceed 32 KB. This is due to
the fact that SSL is a record level protocol and the largest record allowed is
32 KB minus the necessary SSL record headers.<br>
<br>
</li>

<li>If the <em>createFlags</em> field in the <em>SSLHandle</em> specifies a
value that does not include the SSL_ENCRYPT flag, this function will simply
call the sockets <em>read()</em> function.<br>
<br>
</li>

<li>Unpredictable results will occur when attempting to mix invocations to
<em>SSL_Read()</em> and any of the sockets read functions (<em>recv()</em>,
<em>read()</em>, <em>readv()</em>, and so forth). It is strongly suggested that
you do not mix the <em>SSL_Read()</em> API with any of the sockets read
functions.<br>
<br>
</li>

<li>Since SSL is a record-oriented protocol, SSL must receive an entire record
before it can be decrypted and any data returned to the application. Thus, a
<em>select()</em> may indicate that data is available to be read, but a
subsequent <em>SSL_Read()</em> may hang waiting for the remainder of the SSL
record to be received when using blocking I/O.<br>
<br>
</li>

<li>A FIONREAD <em>ioctl()</em> cannot be used to determine the amount of data
available for reading by using <em>SSL_Read()</em>.<br>
<br>
</li>

<li>SSL will ignore the out of band (OOB) data indicator. OOB will not affect
the SSL application. OOB will just be data to the SSL protocol.<br>
<br>
</li>

<li>For an SSL enabled socket, which must use a connection-oriented transport
service (that is, TCP), a returned value of zero indicates one of the
following:<br>
<br>
<ul>
<li>The partner program has issued a close() for the socket.</li>

<li>The partner program has issued a shutdown() to disable writing to the
socket.</li>

<li>The connection is broken and the error was returned on a previously issued
socket function.</li>

<li>A shutdown() to disable reading was previously done on the socket.</li>
</ul>

<br>
</li>

<li>If an SSL_Read() is run on a socket that is set to non-blocking mode, and
there is no data waiting to be read on the SSL enabled socket, the return value
will be equal to -10 and the errno will be set to EWOULDBLOCK.</li>
</ol>

<br>
<h3>Related Information</h3>

<ul>
<li><a href="sslcreat.htm">SSL_Create()</a>--Enable SSL Support for the Specified
Socket Descriptor<br>
<br>
</li>

<li><a href="ssldest.htm">SSL_Destroy()</a>--End SSL Support for the Specified SSL
Session<br>
<br>
</li>

<li><a href="sslhands.htm">SSL_Handshake()</a>--Initiate the SSL Handshake
Protocol<br>
<br>
</li>

<li><a href="sslinit.htm">SSL_Init()</a>--Initialize the Current Job for
SSL<br>
<br>
</li>

<li><a href="sslwrite.htm">SSL_Write()</a>--Write Data to an SSL-Enabled Socket
Descriptor</li>
</ul>

<br>
<hr>
API introduced: V4R3

<hr>
<center>
<table cellpadding="2" cellspacing="2" align="center">
<tr align="center">
<td valign="middle" align="center"><a href="#Top_Of_Page">Top</a> | <a href=
"unix.htm">UNIX-Type APIs</a> | <a href="aplist.htm">APIs by category</a> </td>
</tr>
</table></center>
</body>
</html>