1=pod
2
3=head1 NAME
4
5SSL_CTX_set_info_callback,
6SSL_CTX_get_info_callback,
7SSL_set_info_callback,
8SSL_get_info_callback
9- handle information callback for SSL connections
10
11=head1 SYNOPSIS
12
13 #include <openssl/ssl.h>
14
15 void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*callback)());
16 void (*SSL_CTX_get_info_callback(const SSL_CTX *ctx))();
17
18 void SSL_set_info_callback(SSL *ssl, void (*callback)());
19 void (*SSL_get_info_callback(const SSL *ssl))();
20
21=head1 DESCRIPTION
22
23SSL_CTX_set_info_callback() sets the B<callback> function, that can be used to
24obtain state information for SSL objects created from B<ctx> during connection
25setup and use. The setting for B<ctx> is overridden from the setting for
26a specific SSL object, if specified.
27When B<callback> is NULL, no callback function is used.
28
29SSL_set_info_callback() sets the B<callback> function, that can be used to
30obtain state information for B<ssl> during connection setup and use.
31When B<callback> is NULL, the callback setting currently valid for
32B<ctx> is used.
33
34SSL_CTX_get_info_callback() returns a pointer to the currently set information
35callback function for B<ctx>.
36
37SSL_get_info_callback() returns a pointer to the currently set information
38callback function for B<ssl>.
39
40=head1 NOTES
41
42When setting up a connection and during use, it is possible to obtain state
43information from the SSL/TLS engine. When set, an information callback function
44is called whenever a significant event occurs such as: the state changes,
45an alert appears, or an error occurs.
46
47The callback function is called as B<callback(SSL *ssl, int where, int ret)>.
48The B<where> argument specifies information about where (in which context)
49the callback function was called. If B<ret> is 0, an error condition occurred.
50If an alert is handled, SSL_CB_ALERT is set and B<ret> specifies the alert
51information.
52
53B<where> is a bitmask made up of the following bits:
54
55=over 4
56
57=item SSL_CB_LOOP
58
59Callback has been called to indicate state change or some other significant
60state machine event. This may mean that the callback gets invoked more than once
61per state in some situations.
62
63=item SSL_CB_EXIT
64
65Callback has been called to indicate exit of a handshake function. This will
66happen after the end of a handshake, but may happen at other times too such as
67on error or when IO might otherwise block and non-blocking is being used.
68
69=item SSL_CB_READ
70
71Callback has been called during read operation.
72
73=item SSL_CB_WRITE
74
75Callback has been called during write operation.
76
77=item SSL_CB_ALERT
78
79Callback has been called due to an alert being sent or received.
80
81=item SSL_CB_READ_ALERT               (SSL_CB_ALERT|SSL_CB_READ)
82
83=item SSL_CB_WRITE_ALERT              (SSL_CB_ALERT|SSL_CB_WRITE)
84
85=item SSL_CB_ACCEPT_LOOP              (SSL_ST_ACCEPT|SSL_CB_LOOP)
86
87=item SSL_CB_ACCEPT_EXIT              (SSL_ST_ACCEPT|SSL_CB_EXIT)
88
89=item SSL_CB_CONNECT_LOOP             (SSL_ST_CONNECT|SSL_CB_LOOP)
90
91=item SSL_CB_CONNECT_EXIT             (SSL_ST_CONNECT|SSL_CB_EXIT)
92
93=item SSL_CB_HANDSHAKE_START
94
95Callback has been called because a new handshake is started. In TLSv1.3 this is
96also used for the start of post-handshake message exchanges such as for the
97exchange of session tickets, or for key updates. It also occurs when resuming a
98handshake following a pause to handle early data.
99
100=item SSL_CB_HANDSHAKE_DONE           0x20
101
102Callback has been called because a handshake is finished. In TLSv1.3 this is
103also used at the end of an exchange of post-handshake messages such as for
104session tickets or key updates. It also occurs if the handshake is paused to
105allow the exchange of early data.
106
107=back
108
109The current state information can be obtained using the
110L<SSL_state_string(3)> family of functions.
111
112The B<ret> information can be evaluated using the
113L<SSL_alert_type_string(3)> family of functions.
114
115=head1 RETURN VALUES
116
117SSL_set_info_callback() does not provide diagnostic information.
118
119SSL_get_info_callback() returns the current setting.
120
121=head1 EXAMPLES
122
123The following example callback function prints state strings, information
124about alerts being handled and error messages to the B<bio_err> BIO.
125
126 void apps_ssl_info_callback(SSL *s, int where, int ret)
127 {
128     const char *str;
129     int w = where & ~SSL_ST_MASK;
130
131     if (w & SSL_ST_CONNECT)
132         str = "SSL_connect";
133     else if (w & SSL_ST_ACCEPT)
134         str = "SSL_accept";
135     else
136         str = "undefined";
137
138     if (where & SSL_CB_LOOP) {
139         BIO_printf(bio_err, "%s:%s\n", str, SSL_state_string_long(s));
140     } else if (where & SSL_CB_ALERT) {
141         str = (where & SSL_CB_READ) ? "read" : "write";
142         BIO_printf(bio_err, "SSL3 alert %s:%s:%s\n", str,
143                    SSL_alert_type_string_long(ret),
144                    SSL_alert_desc_string_long(ret));
145     } else if (where & SSL_CB_EXIT) {
146         if (ret == 0) {
147             BIO_printf(bio_err, "%s:failed in %s\n",
148                        str, SSL_state_string_long(s));
149         } else if (ret < 0) {
150             BIO_printf(bio_err, "%s:error in %s\n",
151                        str, SSL_state_string_long(s));
152         }
153     }
154 }
155
156=head1 SEE ALSO
157
158L<ssl(7)>, L<SSL_state_string(3)>,
159L<SSL_alert_type_string(3)>
160
161=head1 COPYRIGHT
162
163Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
164
165Licensed under the OpenSSL license (the "License").  You may not use
166this file except in compliance with the License.  You can obtain a copy
167in the file LICENSE in the source distribution or at
168L<https://www.openssl.org/source/license.html>.
169
170=cut
171