When setting up a connection and during use, it is possible to obtain state information from the SSL/TLS engine. When set, an information callback function is called whenever the state changes, an alert appears, or an error occurs.
The callback function is called as callback(SSL *ssl, int where, int ret). The where argument specifies information about where (in which context) the callback function was called. If ret is 0, an error condition occurred. If an alert is handled, SSL_CB_ALERT is set and ret specifies the alert information.
where is a bitmask made up of the following bits:
SSL_CB_LOOP
Callback has been called to indicate state change inside a loop.
SSL_CB_EXIT
Callback has been called to indicate error exit of a handshake function. (May be soft error with retry option for non-blocking setups.)
SSL_CB_READ
Callback has been called during read operation.
SSL_CB_WRITE
Callback has been called during write operation.
SSL_CB_ALERT
Callback has been called due to an alert being sent or received.
SSL_CB_READ_ALERT (SSL_CB_ALERT|SSL_CB_READ)
SSL_CB_WRITE_ALERT (SSL_CB_ALERT|SSL_CB_WRITE)
SSL_CB_ACCEPT_LOOP (SSL_ST_ACCEPT|SSL_CB_LOOP)
SSL_CB_ACCEPT_EXIT (SSL_ST_ACCEPT|SSL_CB_EXIT)
SSL_CB_CONNECT_LOOP (SSL_ST_CONNECT|SSL_CB_LOOP)
SSL_CB_CONNECT_EXIT (SSL_ST_CONNECT|SSL_CB_EXIT)
SSL_CB_HANDSHAKE_START
Callback has been called because a new handshake is started.
SSL_CB_HANDSHAKE_DONE 0x20
Callback has been called because a handshake is finished.
The current state information can be obtained using the SSL_state_string(3) family of functions.
The ret information can be evaluated using the SSL_alert_type_string(3) family of functions.