Import OpenSSL 1.1.1f
This commit is contained in:
Steve Dower
@@ -28,19 +28,19 @@ SSL_CTX_sess_set_new_cb, SSL_CTX_sess_set_remove_cb, SSL_CTX_sess_set_get_cb, SS
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
SSL_CTX_sess_set_new_cb() sets the callback function, which is automatically
|
||||
SSL_CTX_sess_set_new_cb() sets the callback function that is
|
||||
called whenever a new session was negotiated.
|
||||
|
||||
SSL_CTX_sess_set_remove_cb() sets the callback function, which is
|
||||
automatically called whenever a session is removed by the SSL engine,
|
||||
because it is considered faulty or the session has become obsolete because
|
||||
of exceeding the timeout value.
|
||||
SSL_CTX_sess_set_remove_cb() sets the callback function that is
|
||||
called whenever a session is removed by the SSL engine. For example,
|
||||
this can occur because a session is considered faulty or has become obsolete
|
||||
because of exceeding the timeout value.
|
||||
|
||||
SSL_CTX_sess_set_get_cb() sets the callback function which is called,
|
||||
whenever a SSL/TLS client proposed to resume a session but the session
|
||||
SSL_CTX_sess_set_get_cb() sets the callback function that is called
|
||||
whenever a TLS client proposed to resume a session but the session
|
||||
could not be found in the internal session cache (see
|
||||
L<SSL_CTX_set_session_cache_mode(3)>).
|
||||
(SSL/TLS server only.)
|
||||
(TLS server only.)
|
||||
|
||||
SSL_CTX_sess_get_new_cb(), SSL_CTX_sess_get_remove_cb(), and
|
||||
SSL_CTX_sess_get_get_cb() retrieve the function pointers set by the
|
||||
@@ -54,12 +54,19 @@ session cache is realized via callback functions. Inside these callback
|
||||
functions, session can be saved to disk or put into a database using the
|
||||
L<d2i_SSL_SESSION(3)> interface.
|
||||
|
||||
The new_session_cb() is called, whenever a new session has been negotiated
|
||||
and session caching is enabled (see
|
||||
L<SSL_CTX_set_session_cache_mode(3)>).
|
||||
The new_session_cb() is passed the B<ssl> connection and the ssl session
|
||||
B<sess>. If the callback returns B<0>, the session will be immediately
|
||||
removed again. Note that in TLSv1.3, sessions are established after the main
|
||||
The new_session_cb() is called whenever a new session has been negotiated and
|
||||
session caching is enabled (see L<SSL_CTX_set_session_cache_mode(3)>). The
|
||||
new_session_cb() is passed the B<ssl> connection and the nascent
|
||||
ssl session B<sess>.
|
||||
Since sessions are reference-counted objects, the reference count on the
|
||||
session is incremented before the callback, on behalf of the application. If
|
||||
the callback returns B<0>, the session will be immediately removed from the
|
||||
internal cache and the reference count released. If the callback returns B<1>,
|
||||
the application retains the reference (for an entry in the
|
||||
application-maintained "external session cache"), and is responsible for
|
||||
calling SSL_SESSION_free() when the session reference is no longer in use.
|
||||
|
||||
Note that in TLSv1.3, sessions are established after the main
|
||||
handshake has completed. The server decides when to send the client the session
|
||||
information and this may occur some time after the end of the handshake (or not
|
||||
at all). This means that applications should expect the new_session_cb()
|
||||
@@ -72,21 +79,23 @@ In TLSv1.3 it is recommended that each SSL_SESSION object is only used for
|
||||
resumption once. One way of enforcing that is for applications to call
|
||||
L<SSL_CTX_remove_session(3)> after a session has been used.
|
||||
|
||||
The remove_session_cb() is called, whenever the SSL engine removes a session
|
||||
from the internal cache. This happens when the session is removed because
|
||||
The remove_session_cb() is called whenever the SSL engine removes a session
|
||||
from the internal cache. This can happen when the session is removed because
|
||||
it is expired or when a connection was not shutdown cleanly. It also happens
|
||||
for all sessions in the internal session cache when
|
||||
L<SSL_CTX_free(3)> is called. The remove_session_cb() is passed
|
||||
the B<ctx> and the ssl session B<sess>. It does not provide any feedback.
|
||||
|
||||
The get_session_cb() is only called on SSL/TLS servers with the session id
|
||||
proposed by the client. The get_session_cb() is always called, also when
|
||||
The get_session_cb() is only called on SSL/TLS servers, and is given
|
||||
the session id
|
||||
proposed by the client. The get_session_cb() is always called, even when
|
||||
session caching was disabled. The get_session_cb() is passed the
|
||||
B<ssl> connection, the session id of length B<length> at the memory location
|
||||
B<data>. With the parameter B<copy> the callback can require the
|
||||
SSL engine to increment the reference count of the SSL_SESSION object,
|
||||
Normally the reference count is not incremented and therefore the
|
||||
session must not be explicitly freed with
|
||||
B<ssl> connection and the session id of length B<length> at the memory location
|
||||
B<data>. By setting the parameter B<copy> to B<1>, the callback can require the
|
||||
SSL engine to increment the reference count of the SSL_SESSION object;
|
||||
setting B<copy> to B<0> causes the reference count to remain unchanged.
|
||||
If the get_session_cb() does not write to B<copy>, the reference count
|
||||
is incremented and the session must be explicitly freed with
|
||||
L<SSL_SESSION_free(3)>.
|
||||
|
||||
=head1 RETURN VALUES
|
||||
@@ -104,7 +113,7 @@ L<SSL_CTX_free(3)>
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the OpenSSL license (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
||||
Reference in New Issue
Block a user