Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40)

 Standard preamble:
 ========================================================================
..

..


..
 Set up some character translations and predefined strings. \*(-- will
 give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
 double quote, and \*(R" will give a right double quote. \*(C+ will
 give a nicer C++. Capital omega is used to do unbreakable dashes and
 therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
 nothing in troff, for use with C<>.
.tr \(*W-
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
. ds C`
. ds C'
'br\}

 Escape single quotes in literal strings from groff's Unicode transform.

 If the F register is >0, we'll generate index entries on stderr for
 titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
 entries marked with X<> in POD. Of course, you'll have to process the
 output yourself in some meaningful fashion.

 Avoid warning from groff about undefined register 'F'.
..
.nr rF 0
. if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{\
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF

 Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] 
.\}
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
. \" corrections for vroff
. \" for low resolution devices (crt and lpr)
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
 ========================================================================

 Title "SSL_CTX_SET_PSK_CLIENT_CALLBACK 3" 
 SSL_CTX_SET_PSK_CLIENT_CALLBACK 3 "2023-02-07" "1.1.1t" "OpenSSL"
 For nroff, turn off justification. Always turn off hyphenation; it makes
 way too many mistakes in technical documents.
 "NAME"
SSL_psk_client_cb_func, SSL_psk_use_session_cb_func, SSL_CTX_set_psk_client_callback, SSL_set_psk_client_callback, SSL_CTX_set_psk_use_session_callback, SSL_set_psk_use_session_callback \- set PSK client callback

 "SYNOPSIS"
 Header "SYNOPSIS" .Vb 1
 #include <openssl/ssl.h>
\&
 typedef int (*SSL_psk_use_session_cb_func)(SSL *ssl, const EVP_MD *md,
  const unsigned char **id,
  size_t *idlen,
  SSL_SESSION **sess);
\&
\&
 void SSL_CTX_set_psk_use_session_callback(SSL_CTX *ctx,
  SSL_psk_use_session_cb_func cb);
 void SSL_set_psk_use_session_callback(SSL *s, SSL_psk_use_session_cb_func cb);
\&
\&
 typedef unsigned int (*SSL_psk_client_cb_func)(SSL *ssl,
  const char *hint,
  char *identity,
  unsigned int max_identity_len,
  unsigned char *psk,
  unsigned int max_psk_len);
\&
 void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, SSL_psk_client_cb_func cb);
 void SSL_set_psk_client_callback(SSL *ssl, SSL_psk_client_cb_func cb);
.Ve

 "DESCRIPTION"
 Header "DESCRIPTION" A client application wishing to use TLSv1.3 PSKs should use either
\fBSSL_CTX_set_psk_use_session_callback() or SSL_set_psk_use_session_callback() as
appropriate. These functions cannot be used for TLSv1.2 and below PSKs.


The callback function is given a pointer to the \s-1SSL\s0 connection in ssl.


The first time the callback is called for a connection the md parameter is
\s-1NULL.\s0 In some circumstances the callback will be called a second time. In that
case the server will have specified a ciphersuite to use already and the \s-1PSK\s0
must be compatible with the digest for that ciphersuite. The digest will be
given in md. The \s-1PSK\s0 returned by the callback is allowed to be different
between the first and second time it is called.


On successful completion the callback must store a pointer to an identifier for
the \s-1PSK\s0 in *id. The identifier length in bytes should be stored in *idlen.
The memory pointed to by *id remains owned by the application and should
be freed by it as required at any point after the handshake is complete.


Additionally the callback should store a pointer to an \s-1SSL_SESSION\s0 object in
\fB*sess. This is used as the basis for the \s-1PSK,\s0 and should, at a minimum, have
the following fields set:

 "The master key" 4
 Item "The master key" This can be set via a call to SSL_SESSION_set1_master_key\|(3).

 "A ciphersuite" 4
 Item "A ciphersuite" Only the handshake digest associated with the ciphersuite is relevant for the
\s-1PSK\s0 (the server may go on to negotiate any ciphersuite which is compatible with
the digest). The application can use any TLSv1.3 ciphersuite. If md is
not \s-1NULL\s0 the handshake digest for the ciphersuite should be the same.
The ciphersuite can be set via a call to <SSL_SESSION_set_cipher\|(3)>. The
handshake digest of an \s-1SSL_CIPHER\s0 object can be checked using
<SSL_CIPHER_get_handshake_digest\|(3)>.

 "The protocol version" 4
 Item "The protocol version" This can be set via a call to SSL_SESSION_set_protocol_version\|(3) and should
be \s-1TLS1_3_VERSION.\s0


Additionally the maximum early data value should be set via a call to
\fBSSL_SESSION_set_max_early_data\|(3) if the \s-1PSK\s0 will be used for sending early
data.


Alternatively an \s-1SSL_SESSION\s0 created from a previous non-PSK handshake may also
be used as the basis for a \s-1PSK.\s0


Ownership of the \s-1SSL_SESSION\s0 object is passed to the OpenSSL library and so it
should not be freed by the application.


It is also possible for the callback to succeed but not supply a \s-1PSK.\s0 In this
case no \s-1PSK\s0 will be sent to the server but the handshake will continue. To do
this the callback should return successfully and ensure that *sess is
\s-1NULL.\s0 The contents of *id and *idlen will be ignored.


A client application wishing to use \s-1PSK\s0 ciphersuites for TLSv1.2 and below must
provide a different callback function. This function will be called when the
client is sending the ClientKeyExchange message to the server.


The purpose of the callback function is to select the \s-1PSK\s0 identity and
the pre-shared key to use during the connection setup phase.


The callback is set using functions SSL_CTX_set_psk_client_callback()
or SSL_set_psk_client_callback(). The callback function is given the
connection in parameter ssl, a \s-1NULL\s0-terminated \s-1PSK\s0 identity hint
sent by the server in parameter hint, a buffer identity of
length max_identity_len bytes where the resulting
\fB\s-1NUL\s0-terminated identity is to be stored, and a buffer psk of
length max_psk_len bytes where the resulting pre-shared key is to
be stored.


The callback for use in TLSv1.2 will also work in TLSv1.3 although it is
recommended to use SSL_CTX_set_psk_use_session_callback()
or SSL_set_psk_use_session_callback() for this purpose instead. If TLSv1.3 has
been negotiated then OpenSSL will first check to see if a callback has been set
via SSL_CTX_set_psk_use_session_callback() or SSL_set_psk_use_session_callback()
and it will use that in preference. If no such callback is present then it will
check to see if a callback has been set via SSL_CTX_set_psk_client_callback() or
\fBSSL_set_psk_client_callback() and use that. In this case the hint value will
always be \s-1NULL\s0 and the handshake digest will default to \s-1SHA-256\s0 for any returned
\s-1PSK.\s0 TLSv1.3 early data exchanges are possible in \s-1PSK\s0 connections only with the
\fBSSL_psk_use_session_cb_func callback, and are not possible with the
\fBSSL_psk_client_cb_func callback.

 "NOTES"
 Header "NOTES" Note that parameter hint given to the callback may be \s-1NULL\s0.


A connection established via a TLSv1.3 \s-1PSK\s0 will appear as if session resumption
has occurred so that SSL_session_reused\|(3) will return true.


There are no known security issues with sharing the same \s-1PSK\s0 between TLSv1.2 (or
below) and TLSv1.3. However, the \s-1RFC\s0 has this note of caution:


\*(L"While there is no known way in which the same \s-1PSK\s0 might produce related output
in both versions, only limited analysis has been done. Implementations can
ensure safety from cross-protocol related output by not reusing PSKs between
\s-1TLS 1.3\s0 and \s-1TLS 1.2.\*(R"\s0

 "RETURN VALUES"
 Header "RETURN VALUES" Return values from the SSL_psk_client_cb_func callback are interpreted as
follows:


On success (callback found a \s-1PSK\s0 identity and a pre-shared key to use)
the length (> 0) of psk in bytes is returned.


Otherwise or on errors the callback should return 0. In this case
the connection setup fails.


The SSL_psk_use_session_cb_func callback should return 1 on success or 0 on
failure. In the event of failure the connection setup fails.

 "SEE ALSO"
 Header "SEE ALSO" \fBSSL_CTX_set_psk_find_session_callback\|(3),
\fBSSL_set_psk_find_session_callback\|(3)

 "HISTORY"
 Header "HISTORY" \fBSSL_CTX_set_psk_use_session_callback() and SSL_set_psk_use_session_callback()
were added in OpenSSL 1.1.1.

 "COPYRIGHT"
 Header "COPYRIGHT" Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.


Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file \s-1LICENSE\s0 in the source distribution or at
<https://www.openssl.org/source/license.html>.