Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) Standard preamble: ========================================================================
NAMEDTLSv1_listen - listen for incoming DTLS connections
#include <openssl/ssl.h> int DTLSv1_listen(SSL *ssl, BIO_ADDR *peer);
DESCRIPTIONDTLSv1_listen() listens for new incoming
NOTESDatagram based protocols can be susceptible to Denial of Service attacks. A
As a counter measure to that
OpenSSL implements this capability via the DTLSv1_listen() function. The ssl parameter should be a newly allocated
When a ClientHello is received that contains a cookie that has been verified, then DTLSv1_listen() will return with the ssl parameter updated into a state where the handshake can be continued by a call to (for example) SSL_accept(). Additionally the
Prior to calling DTLSv1_listen() user code must ensure that cookie generation and verification callbacks have been set up using SSL_CTX_set_cookie_generate_cb() and SSL_CTX_set_cookie_verify_cb() respectively.
Since DTLSv1_listen() operates entirely statelessly whilst processing incoming ClientHellos it is unable to process fragmented messages (since this would require the allocation of state). An implication of this is that DTLSv1_listen() only supports ClientHellos that fit inside a single datagram.
RETURN VALUESFrom OpenSSL 1.1.0 a return value of >= 1 indicates success. In this instance the peer value will be filled in and the ssl object set up ready to continue the handshake.
A return value of 0 indicates a non-fatal error. This could (for example) be because of non-blocking
A return value of <0 indicates a fatal error. This could (for example) be because of a failure to allocate sufficient memory for the operation.
Prior to OpenSSL 1.1.0 fatal and non-fatal errors both produce return codes <= 0 (in typical implementations user code treats all errors as non-fatal), whilst return codes >0 indicate success.
SEE ALSOSSL_get_error(3), SSL_accept(3), ssl(3), bio(3)
HISTORYDTLSv1_listen() return codes were clarified in OpenSSL 1.1.0. The type of ``peer'' also changed in OpenSSL 1.1.0.
COPYRIGHTCopyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the ``License''). You may not use this file except in compliance with the License. You can obtain a copy in the file