openssl/doc/ssl/SSL_get_session.pod
Lutz Jänicke 56fa8e69cf Update information as a partial response to the post
From: "Chris D. Peterson" <cpeterson@aventail.com>
  Subject: Implementation Issues with OpenSSL
  To: openssl-users@openssl.org
  Date: Wed, 22 Aug 2001 16:13:17 -0700
The patch included in the original post may improve the internal session
list handling (and is therefore worth a seperate investigation).
No change to the list handling will however solve the problems of incorrect
SSL_SESSION_free() calls. The session list is only one possible point of
failure, dangling pointers would also occur for SSL object currently
using the session. The correct solution is to only use SSL_SESSION_free()
when applicable!
2001-10-12 12:29:16 +00:00

72 lines
2.1 KiB
Plaintext

=pod
=head1 NAME
SSL_get_session - retrieve TLS/SSL session data
=head1 SYNOPSIS
#include <openssl/ssl.h>
SSL_SESSION *SSL_get_session(SSL *ssl);
SSL_SESSION *SSL_get0_session(SSL *ssl);
SSL_SESSION *SSL_get1_session(SSL *ssl);
=head1 DESCRIPTION
SSL_get_session() returns a pointer to the B<SSL_SESSION> actually used in
B<ssl>. The reference count of the B<SSL_SESSION> is not incremented, so
that the pointer can become invalid by other operations.
SSL_get0_session() is the same as SSL_get_session().
SSL_get1_session() is the same as SSL_get_session(), but the reference
count of the B<SSL_SESSION> is incremented by one.
=head1 NOTES
The ssl session contains all information required to re-establish the
connection without a new handshake.
SSL_get0_session() returns a pointer to the actual session. As the
reference counter is not incremented, the pointer is only valid while
the connection is in use. If L<SSL_clear(3)|SSL_clear(3)> or
L<SSL_free(3)|SSL_free(3)> is called, the session may be removed completely
(if considered bad), and the pointer obtained will become invalid. Even
if the session is valid, it can be removed at any time due to timeout
during L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)>.
If the data is to be kept, SSL_get1_session() will increment the reference
count and the session will stay in memory until explicitly freed with
L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>, regardless of its state.
SSL_SESSION objects keep internal link information about the session cache
list, when being inserted into one SSL_CTX object's session cache.
One SSL_SESSION object, regardless of its reference count, must therefore
only be used with one SSL_CTX object (and the SSL objects created
from this SSL_CTX object).
=head1 RETURN VALUES
The following return values can occur:
=over 4
=item NULL
There is no session available in B<ssl>.
=item Pointer to an SSL
The return value points to the data of an SSL session.
=back
=head1 SEE ALSO
L<ssl(3)|ssl(3)>, L<SSL_free(3)|SSL_free(3)>,
L<SSL_clear(3)|SSL_clear(3)>,
L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>
=cut