SSL Socket free and shutdown

Question

For an SSL connection, what all can be done with a FD received from an accept call? Can it be reused?

What I want to know exactly want to know is this :

Once I accept a connection, I get the FD. I create an SSL handle (SSL*) using SSL_new. Add the FD to this handle using SSL_set_fd. I do the handshake using SSL_accept. Now at this point if I call SSL_shutdown on SSL*, will the FD be closed? What about SSL_free?

If the answer to the above question is no, then can I use the FD with another SSL*?

To explain what I want exactly, if we read some data from the connection FD using handle SSL*, then we free or shutdown SSL*, can we read the remaining data from FD using a new SSL*?

Answer 1

SSL_shutdown only sends an close notify over the socket. If you want to reuse the socket afterwards as a plain socket you have to make sure, that the other side did also an SSL_shutdown. This information gives you the return code of your SSL_shutdown: if it is 1 the SSL connection is closed, if it is 0 you should call SSL_shutdown again so wait for the close notify from the peer. Please see the SSL_shutdown documentation for more information.

After this is done you can continue to use the socket as a plain socket. This what is done in SSL over FTP (ftps), e.g. with "AUTH TLS" the connection will be upgraded to SSL and with "CCC" it will be downgraded to plain text again.

SSL_free only frees the memory associated with the SSL object, it does not change anything on the socket nor does it send/receive any data.