openssl/doc/man3/SSL_CTX_sess_set_get_cb.pod

=pod

=head1 NAME

SSL_CTX_sess_set_new_cb, SSL_CTX_sess_set_remove_cb, SSL_CTX_sess_set_get_cb, SSL_CTX_sess_get_new_cb, SSL_CTX_sess_get_remove_cb, SSL_CTX_sess_get_get_cb - provide callback functions for server side external session caching

=head1 SYNOPSIS

 #include <openssl/ssl.h>

 void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,
                              int (*new_session_cb)(SSL *, SSL_SESSION *));
 void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx,
           void (*remove_session_cb)(SSL_CTX *ctx, SSL_SESSION *));
 void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx,
           SSL_SESSION (*get_session_cb)(SSL *, const unsigned char *, int, int *));

 int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(struct ssl_st *ssl, SSL_SESSION *sess);
 void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(struct ssl_ctx_st *ctx, SSL_SESSION *sess);
 SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(struct ssl_st *ssl, const unsigned char *data, int len, int *copy);

 int (*new_session_cb)(struct ssl_st *ssl, SSL_SESSION *sess);
 void (*remove_session_cb)(struct ssl_ctx_st *ctx, SSL_SESSION *sess);
 SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, unsigned char *data,
               int len, int *copy);

=head1 DESCRIPTION

SSL_CTX_sess_set_new_cb() sets the callback function, which is automatically
called whenever a new session was negotiated.

SSL_CTX_sess_set_remove_cb() sets the callback function, which is
automatically called whenever a session is removed by the SSL engine,
because it is considered faulty or the session has become obsolete because
of exceeding the timeout value.

SSL_CTX_sess_set_get_cb() sets the callback function which is called,
whenever a SSL/TLS client proposed to resume a session but the session
could not be found in the internal session cache (see
L<SSL_CTX_set_session_cache_mode(3)>).
(SSL/TLS server only.)

SSL_CTX_sess_get_new_cb(), SSL_CTX_sess_get_remove_cb(), and
SSL_CTX_sess_get_get_cb() allow to retrieve the function pointers of the
provided callback functions. If a callback function has not been set,
the NULL pointer is returned.

=head1 NOTES

In order to allow external session caching, synchronization with the internal
session cache is realized via callback functions. Inside these callback
functions, session can be saved to disk or put into a database using the
L<d2i_SSL_SESSION(3)> interface.

The new_session_cb() is called, whenever a new session has been negotiated
and session caching is enabled (see
L<SSL_CTX_set_session_cache_mode(3)>).
The new_session_cb() is passed the B<ssl> connection and the ssl session
B<sess>. If the callback returns B<0>, the session will be immediately
removed again.

The remove_session_cb() is called, whenever the SSL engine removes a session
from the internal cache. This happens when the session is removed because
it is expired or when a connection was not shutdown cleanly. It also happens
for all sessions in the internal session cache when
L<SSL_CTX_free(3)> is called. The remove_session_cb() is passed
the B<ctx> and the ssl session B<sess>. It does not provide any feedback.

The get_session_cb() is only called on SSL/TLS servers with the session id
proposed by the client. The get_session_cb() is always called, also when
session caching was disabled. The get_session_cb() is passed the
B<ssl> connection, the session id of length B<length> at the memory location
B<data>. With the parameter B<copy> the callback can require the
SSL engine to increment the reference count of the SSL_SESSION object,
Normally the reference count is not incremented and therefore the
session must not be explicitly freed with
L<SSL_SESSION_free(3)>.

=head1 SEE ALSO

L<ssl(7)>, L<d2i_SSL_SESSION(3)>,
L<SSL_CTX_set_session_cache_mode(3)>,
L<SSL_CTX_flush_sessions(3)>,
L<SSL_SESSION_free(3)>,
L<SSL_CTX_free(3)>

=head1 COPYRIGHT

Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the OpenSSL license (the "License").  You may not use
this file except in compliance with the License.  You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.

=cut
Document session caching, first step. 2001-02-02 22:40:52 +08:00			`=pod`

			`=head1 NAME`

			`SSL_CTX_sess_set_new_cb, SSL_CTX_sess_set_remove_cb, SSL_CTX_sess_set_get_cb, SSL_CTX_sess_get_new_cb, SSL_CTX_sess_get_remove_cb, SSL_CTX_sess_get_get_cb - provide callback functions for server side external session caching`

			`=head1 SYNOPSIS`

			`#include <openssl/ssl.h>`

			`void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,`
Fix nits in pod files. Add doc-nit-check to help find future issues. Make podchecker be almost clean. Remove trailing whitespace. Tab expansion Reviewed-by: Richard Levitte <levitte@openssl.org> 2016-05-20 20:11:46 +08:00			`int (new_session_cb)(SSL , SSL_SESSION *));`
Document session caching, first step. 2001-02-02 22:40:52 +08:00			`void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx,`
Fix nits in pod files. Add doc-nit-check to help find future issues. Make podchecker be almost clean. Remove trailing whitespace. Tab expansion Reviewed-by: Richard Levitte <levitte@openssl.org> 2016-05-20 20:11:46 +08:00			`void (remove_session_cb)(SSL_CTX ctx, SSL_SESSION *));`
Document session caching, first step. 2001-02-02 22:40:52 +08:00			`void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx,`
Fix nits in pod files. Add doc-nit-check to help find future issues. Make podchecker be almost clean. Remove trailing whitespace. Tab expansion Reviewed-by: Richard Levitte <levitte@openssl.org> 2016-05-20 20:11:46 +08:00			`SSL_SESSION (get_session_cb)(SSL , const unsigned char , int, int ));`
Document session caching, first step. 2001-02-02 22:40:52 +08:00
			`int (SSL_CTX_sess_get_new_cb(SSL_CTX ctx))(struct ssl_st ssl, SSL_SESSION sess);`
			`void (SSL_CTX_sess_get_remove_cb(SSL_CTX ctx))(struct ssl_ctx_st ctx, SSL_SESSION sess);`
constify PACKET PACKET contents should be read-only. To achieve this, also - constify two user callbacks - constify BUF_reverse. Reviewed-by: Rich Salz <rsalz@openssl.org> 2016-02-01 22:26:18 +08:00			`SSL_SESSION (SSL_CTX_sess_get_get_cb(SSL_CTX ctx))(struct ssl_st ssl, const unsigned char data, int len, int copy);`
Document session caching, first step. 2001-02-02 22:40:52 +08:00
			`int (new_session_cb)(struct ssl_st ssl, SSL_SESSION *sess);`
			`void (remove_session_cb)(struct ssl_ctx_st ctx, SSL_SESSION *sess);`
			`SSL_SESSION (get_session_cb)(struct ssl_st ssl, unsigned char data,`
Fix nits in pod files. Add doc-nit-check to help find future issues. Make podchecker be almost clean. Remove trailing whitespace. Tab expansion Reviewed-by: Richard Levitte <levitte@openssl.org> 2016-05-20 20:11:46 +08:00			`int len, int *copy);`
Document session caching, first step. 2001-02-02 22:40:52 +08:00
			`=head1 DESCRIPTION`

			`SSL_CTX_sess_set_new_cb() sets the callback function, which is automatically`
			`called whenever a new session was negotiated.`

			`SSL_CTX_sess_set_remove_cb() sets the callback function, which is`
			`automatically called whenever a session is removed by the SSL engine,`
			`because it is considered faulty or the session has become obsolete because`
			`of exceeding the timeout value.`

			`SSL_CTX_sess_set_get_cb() sets the callback function which is called,`
			`whenever a SSL/TLS client proposed to resume a session but the session`
			`could not be found in the internal session cache (see`
Fix L<> content in manpages L<foo\|foo> is sub-optimal If the xref is the same as the title, which is what we do, then you only need L<foo>. This fixes all 1457 occurrences in 349 files. Approximately. (And pod used to need both.) Reviewed-by: Richard Levitte <levitte@openssl.org> 2015-08-18 03:21:33 +08:00			`L<SSL_CTX_set_session_cache_mode(3)>).`
Document session caching, first step. 2001-02-02 22:40:52 +08:00			`(SSL/TLS server only.)`

			`SSL_CTX_sess_get_new_cb(), SSL_CTX_sess_get_remove_cb(), and`
Documenting session caching, 2nd step. 2001-02-05 02:05:27 +08:00			`SSL_CTX_sess_get_get_cb() allow to retrieve the function pointers of the`
Document session caching, first step. 2001-02-02 22:40:52 +08:00			`provided callback functions. If a callback function has not been set,`
			`the NULL pointer is returned.`

			`=head1 NOTES`

			`In order to allow external session caching, synchronization with the internal`
			`session cache is realized via callback functions. Inside these callback`
			`functions, session can be saved to disk or put into a database using the`
Fix L<> content in manpages L<foo\|foo> is sub-optimal If the xref is the same as the title, which is what we do, then you only need L<foo>. This fixes all 1457 occurrences in 349 files. Approximately. (And pod used to need both.) Reviewed-by: Richard Levitte <levitte@openssl.org> 2015-08-18 03:21:33 +08:00			`L<d2i_SSL_SESSION(3)> interface.`
Document session caching, first step. 2001-02-02 22:40:52 +08:00
			`The new_session_cb() is called, whenever a new session has been negotiated`
			`and session caching is enabled (see`
Fix L<> content in manpages L<foo\|foo> is sub-optimal If the xref is the same as the title, which is what we do, then you only need L<foo>. This fixes all 1457 occurrences in 349 files. Approximately. (And pod used to need both.) Reviewed-by: Richard Levitte <levitte@openssl.org> 2015-08-18 03:21:33 +08:00			`L<SSL_CTX_set_session_cache_mode(3)>).`
Document session caching, first step. 2001-02-02 22:40:52 +08:00			`The new_session_cb() is passed the B<ssl> connection and the ssl session`
Documenting session caching, 2nd step. 2001-02-05 02:05:27 +08:00			`B<sess>. If the callback returns B<0>, the session will be immediately`
Document session caching, first step. 2001-02-02 22:40:52 +08:00			`removed again.`

			`The remove_session_cb() is called, whenever the SSL engine removes a session`
Add warning about unwanted side effect when calling SSL_CTX_free(): sessions in the external session cache might be removed. Submitted by: "Nadav Har'El" <nyh@math.technion.ac.il> PR: 547 2003-03-28 06:04:05 +08:00			`from the internal cache. This happens when the session is removed because`
			`it is expired or when a connection was not shutdown cleanly. It also happens`
			`for all sessions in the internal session cache when`
Fix L<> content in manpages L<foo\|foo> is sub-optimal If the xref is the same as the title, which is what we do, then you only need L<foo>. This fixes all 1457 occurrences in 349 files. Approximately. (And pod used to need both.) Reviewed-by: Richard Levitte <levitte@openssl.org> 2015-08-18 03:21:33 +08:00			`L<SSL_CTX_free(3)> is called. The remove_session_cb() is passed`
Add warning about unwanted side effect when calling SSL_CTX_free(): sessions in the external session cache might be removed. Submitted by: "Nadav Har'El" <nyh@math.technion.ac.il> PR: 547 2003-03-28 06:04:05 +08:00			`the B<ctx> and the ssl session B<sess>. It does not provide any feedback.`
Document session caching, first step. 2001-02-02 22:40:52 +08:00
			`The get_session_cb() is only called on SSL/TLS servers with the session id`
			`proposed by the client. The get_session_cb() is always called, also when`
			`session caching was disabled. The get_session_cb() is passed the`
			`B<ssl> connection, the session id of length B<length> at the memory location`
			`B<data>. With the parameter B<copy> the callback can require the`
Update information as a partial response to the post From: "Chris D. Peterson" <cpeterson@aventail.com> Subject: Implementation Issues with OpenSSL To: openssl-users@openssl.org Date: Wed, 22 Aug 2001 16:13:17 -0700 The patch included in the original post may improve the internal session list handling (and is therefore worth a seperate investigation). No change to the list handling will however solve the problems of incorrect SSL_SESSION_free() calls. The session list is only one possible point of failure, dangling pointers would also occur for SSL object currently using the session. The correct solution is to only use SSL_SESSION_free() when applicable! 2001-10-12 20:29:16 +08:00			`SSL engine to increment the reference count of the SSL_SESSION object,`
			`Normally the reference count is not incremented and therefore the`
			`session must not be explicitly freed with`
Fix L<> content in manpages L<foo\|foo> is sub-optimal If the xref is the same as the title, which is what we do, then you only need L<foo>. This fixes all 1457 occurrences in 349 files. Approximately. (And pod used to need both.) Reviewed-by: Richard Levitte <levitte@openssl.org> 2015-08-18 03:21:33 +08:00			`L<SSL_SESSION_free(3)>.`
Document session caching, first step. 2001-02-02 22:40:52 +08:00
			`=head1 SEE ALSO`

Fix referenses in section 3 manuals Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1900) 2016-11-11 16:33:09 +08:00			`L<ssl(7)>, L<d2i_SSL_SESSION(3)>,`
Fix L<> content in manpages L<foo\|foo> is sub-optimal If the xref is the same as the title, which is what we do, then you only need L<foo>. This fixes all 1457 occurrences in 349 files. Approximately. (And pod used to need both.) Reviewed-by: Richard Levitte <levitte@openssl.org> 2015-08-18 03:21:33 +08:00			`L<SSL_CTX_set_session_cache_mode(3)>,`
			`L<SSL_CTX_flush_sessions(3)>,`
			`L<SSL_SESSION_free(3)>,`
			`L<SSL_CTX_free(3)>`
Document session caching, first step. 2001-02-02 22:40:52 +08:00
Add copyright to manpages Reviewed-by: Richard Levitte <levitte@openssl.org> 2016-05-18 23:44:05 +08:00			`=head1 COPYRIGHT`

			`Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.`

			`Licensed under the OpenSSL license (the "License"). You may not use`
			`this file except in compliance with the License. You can obtain a copy`
			`in the file LICENSE in the source distribution or at`
			`L<https://www.openssl.org/source/license.html>.`

			`=cut`