mirror of
https://github.com/openssl/openssl.git
synced 2024-11-28 04:25:31 +08:00
423b1a840c
sessions in the external session cache might be removed. Submitted by: "Nadav Har'El" <nyh@math.technion.ac.il> PR: 547
88 lines
3.9 KiB
Plaintext
88 lines
3.9 KiB
Plaintext
=pod
|
|
|
|
=head1 NAME
|
|
|
|
SSL_CTX_sess_set_new_cb, SSL_CTX_sess_set_remove_cb, SSL_CTX_sess_set_get_cb, SSL_CTX_sess_get_new_cb, SSL_CTX_sess_get_remove_cb, SSL_CTX_sess_get_get_cb - provide callback functions for server side external session caching
|
|
|
|
=head1 SYNOPSIS
|
|
|
|
#include <openssl/ssl.h>
|
|
|
|
void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,
|
|
int (*new_session_cb)(SSL *, SSL_SESSION *));
|
|
void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx,
|
|
void (*remove_session_cb)(SSL_CTX *ctx, SSL_SESSION *));
|
|
void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx,
|
|
SSL_SESSION (*get_session_cb)(SSL *, unsigned char *, int, int *));
|
|
|
|
int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(struct ssl_st *ssl, SSL_SESSION *sess);
|
|
void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(struct ssl_ctx_st *ctx, SSL_SESSION *sess);
|
|
SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(struct ssl_st *ssl, unsigned char *data, int len, int *copy);
|
|
|
|
int (*new_session_cb)(struct ssl_st *ssl, SSL_SESSION *sess);
|
|
void (*remove_session_cb)(struct ssl_ctx_st *ctx, SSL_SESSION *sess);
|
|
SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, unsigned char *data,
|
|
int len, int *copy);
|
|
|
|
=head1 DESCRIPTION
|
|
|
|
SSL_CTX_sess_set_new_cb() sets the callback function, which is automatically
|
|
called whenever a new session was negotiated.
|
|
|
|
SSL_CTX_sess_set_remove_cb() sets the callback function, which is
|
|
automatically called whenever a session is removed by the SSL engine,
|
|
because it is considered faulty or the session has become obsolete because
|
|
of exceeding the timeout value.
|
|
|
|
SSL_CTX_sess_set_get_cb() sets the callback function which is called,
|
|
whenever a SSL/TLS client proposed to resume a session but the session
|
|
could not be found in the internal session cache (see
|
|
L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>).
|
|
(SSL/TLS server only.)
|
|
|
|
SSL_CTX_sess_get_new_cb(), SSL_CTX_sess_get_remove_cb(), and
|
|
SSL_CTX_sess_get_get_cb() allow to retrieve the function pointers of the
|
|
provided callback functions. If a callback function has not been set,
|
|
the NULL pointer is returned.
|
|
|
|
=head1 NOTES
|
|
|
|
In order to allow external session caching, synchronization with the internal
|
|
session cache is realized via callback functions. Inside these callback
|
|
functions, session can be saved to disk or put into a database using the
|
|
L<d2i_SSL_SESSION(3)|d2i_SSL_SESSION(3)> interface.
|
|
|
|
The new_session_cb() is called, whenever a new session has been negotiated
|
|
and session caching is enabled (see
|
|
L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>).
|
|
The new_session_cb() is passed the B<ssl> connection and the ssl session
|
|
B<sess>. If the callback returns B<0>, the session will be immediately
|
|
removed again.
|
|
|
|
The remove_session_cb() is called, whenever the SSL engine removes a session
|
|
from the internal cache. This happens when the session is removed because
|
|
it is expired or when a connection was not shutdown cleanly. It also happens
|
|
for all sessions in the internal session cache when
|
|
L<SSL_CTX_free(3)|SSL_CTX_free(3)> is called. The remove_session_cb() is passed
|
|
the B<ctx> and the ssl session B<sess>. It does not provide any feedback.
|
|
|
|
The get_session_cb() is only called on SSL/TLS servers with the session id
|
|
proposed by the client. The get_session_cb() is always called, also when
|
|
session caching was disabled. The get_session_cb() is passed the
|
|
B<ssl> connection, the session id of length B<length> at the memory location
|
|
B<data>. With the parameter B<copy> the callback can require the
|
|
SSL engine to increment the reference count of the SSL_SESSION object,
|
|
Normally the reference count is not incremented and therefore the
|
|
session must not be explicitly freed with
|
|
L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>.
|
|
|
|
=head1 SEE ALSO
|
|
|
|
L<ssl(3)|ssl(3)>, L<d2i_SSL_SESSION(3)|d2i_SSL_SESSION(3)>,
|
|
L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>,
|
|
L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)>,
|
|
L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>,
|
|
L<SSL_CTX_free(3)|SSL_CTX_free(3)>
|
|
|
|
=cut
|