SIOCTTLSCTL ioctl return codes

The SIOCTTLSCTL ioctl provides the interface for an application to query and control AT-TLS. Table 1 describes the error codes that can be returned on this ioctl, along with the conditions under which each can occur. Also included for each is an indication of whether the query data fields in the ioctl contain valid returned data.
Table 1. SIOCTTLSCTL error codes
Errno (1) Errnojr IOCTL request specified (2) Condition causing Error Valid Data? (3)
EAcces JrConnDeniedPolicy

INIT_CONNECTION,

RESET_SESSION,

RESET_CIPHER,

STOP_CONNECTION,

RESET_WRITE_CIPHER,

SEND_SESSION_TICKET

Mapped policy indicates that the application cannot request AT-TLS security for the connection (ApplicationControlled Off) Yes
EAlready JrAlreadyActive

INIT_CONNECTION,

STOP_CONNECTION

An INIT_CONNECTION or STOP_CONNECTION request is previously received for the connection Yes
EConnReset JrTTLSHandshakeFailed Any Initial handshake was in progress and socket is a blocking socket. Request blocked for handshake to complete. Handshake failed. No
EInProgress JrOK

INIT_CONNECTION,

STOP_CONNECTION

Initial handshake or stop secure connection is started and socket is a non-blocking socket. (4) Yes
EInval JrInvalidVersion Any Bad ioctl version number specified. No
EInval JrSocketCallParmError Any Length of input data is not length of ioctl structure. No
EInval JrSocketCallParmError Not valid Request type specified is not valid. No
EInval JrSocketCallParmError RETURN_CERTIFICATE Certificate buffer pointer = 0 or certificate buffer length = 0. No
EInval JrSocketCallParmError ! RETURN_CERTIFICATE Certificate buffer pointer != 0 or certificate buffer length != 0 and TTLS_Version is 1. No
EMVSErr JrUnexpectedErr Any Policy was not mapped before ioctl call and an error is encountered upon policy map during ioctl call. No
ENoBufs JrBuffTooSmall RETURN_CERTIFICATE The certificate buffer provided is too small. Yes (5)
ENoBufs JrBuffTooSmall QUERY_ONLY A TTLS_Version 2 request was issued, but the buffer was too small. Yes (6)
ENotConn JrGetConnError Any TCP connection is not yet in established state or is reset. No
EOpNotSupp JrOptNotSupported INIT_CONNECTION, RESET_SESSION, RESET_CIPHER STOP_CONNECTION,RESET_WRITE_CIPHER, SEND_SESSION_TICKET Mapped policy indicates that AT-TLS is not enabled for the connection (TTLSEnabled Off). Yes
EPerm JrSocketCallParmError

INIT_CONNECTION with RESET_SESSION or RESET_CIPHER or STOP_CONNECTION,

STOP_CONNECTION with RESET_SESSION or RESET_CIPHER,

ALLOW_HSTIMEOUT without INIT_CONNECTION,

RESET_WRITE_CIPHER,

SEND_SESSION_TICKET

Combination of requests specified is not permitted. No
EPipe JrUnexpectedErr

INIT_CONNECTION,

RESET_CIPHER,

STOP_CONNECTION

RESET_WRITE_CIPHER

SEND_SESSION_TICKET

TCP connection is no longer in Established state. Two-way communication is not possible. Yes
EProto JrGetConnErr RESET_SESSION, RESET_CIPHER,RESET_WRITE_CIPHER, SEND_SESSION_TICKET An INIT_CONNECTION request is not received for the connection. Yes
EProto JrInvalidVersion

RESET_CIPHER,

STOP_CONNECTION

Connection is secured by using SSL version 2. Yes
EProto JrConnDeniedPolicy ALLOW_HSTIMEOUT The TTLS_ALLOW_HSTIMEOUT option was requested but the HandshakeRole is a client or the HandshakeTimeout value is 0. Yes
EProto JrTTLSStopReadDataPending STOP_CONNECTION A STOP_CONNECTION request is issued on a connection that has unread application data. Yes
EProto JrTTLSStopWriteDataPending STOP_CONNECTION A STOP_CONNECTION request is issued on a connection that has outstanding application write requests. Yes
EProtoType JrSocketTypeNotSupported Any Socket is not a TCP socket. No
EWouldBlock JrOK Any SSL handshake is in progress and socket is a non-blocking socket. (4) Yes
Notes:
  1. For the numeric values of the error codes, see the following topics:
  2. The entry Any indicates that any valid request or valid combination of request types was specified as follows:
    request_type
    The listed request_type value was specified alone or in any valid combination of request_type.
    request_type, request_type[, request_type]
    One of the listed request types was specified alone or in any valid combination of request types.
    request_type with request_type
    The listed pair of request types was specified together.
    ! request_type
    Any valid combination of request types that does not include the listed request_type was specified.
  3. Yes indicates that query data fields in the ioctl control block contain valid returned data. No indicates that the query data fields are unmodified.
  4. For a non-blocking socket, you can wait for the handshake to complete by issuing Select or Poll for Socket Writable.
  5. Certificate is not returned because the buffer was not large enough to hold it.
  6. Output data is returned for output requests which completely fit in the buffer provided.