1*10e00d17Sschwarze.\"	$OpenBSD: SSL_CTX_add_session.3,v 1.5 2018/03/27 17:35:50 schwarze Exp $
28496b612Sschwarze.\"	OpenSSL SSL_CTX_add_session.pod 1722496f Jun 8 15:18:38 2017 -0400
3f1a3c524Sschwarze.\"
440a95353Sschwarze.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org> and
540a95353Sschwarze.\" Geoff Thorpe <geoff@openssl.org>.
640a95353Sschwarze.\" Copyright (c) 2001, 2002, 2014 The OpenSSL Project.  All rights reserved.
7f1a3c524Sschwarze.\"
840a95353Sschwarze.\" Redistribution and use in source and binary forms, with or without
940a95353Sschwarze.\" modification, are permitted provided that the following conditions
1040a95353Sschwarze.\" are met:
1140a95353Sschwarze.\"
1240a95353Sschwarze.\" 1. Redistributions of source code must retain the above copyright
1340a95353Sschwarze.\"    notice, this list of conditions and the following disclaimer.
1440a95353Sschwarze.\"
1540a95353Sschwarze.\" 2. Redistributions in binary form must reproduce the above copyright
1640a95353Sschwarze.\"    notice, this list of conditions and the following disclaimer in
1740a95353Sschwarze.\"    the documentation and/or other materials provided with the
1840a95353Sschwarze.\"    distribution.
1940a95353Sschwarze.\"
2040a95353Sschwarze.\" 3. All advertising materials mentioning features or use of this
2140a95353Sschwarze.\"    software must display the following acknowledgment:
2240a95353Sschwarze.\"    "This product includes software developed by the OpenSSL Project
2340a95353Sschwarze.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
2440a95353Sschwarze.\"
2540a95353Sschwarze.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
2640a95353Sschwarze.\"    endorse or promote products derived from this software without
2740a95353Sschwarze.\"    prior written permission. For written permission, please contact
2840a95353Sschwarze.\"    openssl-core@openssl.org.
2940a95353Sschwarze.\"
3040a95353Sschwarze.\" 5. Products derived from this software may not be called "OpenSSL"
3140a95353Sschwarze.\"    nor may "OpenSSL" appear in their names without prior written
3240a95353Sschwarze.\"    permission of the OpenSSL Project.
3340a95353Sschwarze.\"
3440a95353Sschwarze.\" 6. Redistributions of any form whatsoever must retain the following
3540a95353Sschwarze.\"    acknowledgment:
3640a95353Sschwarze.\"    "This product includes software developed by the OpenSSL Project
3740a95353Sschwarze.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
3840a95353Sschwarze.\"
3940a95353Sschwarze.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
4040a95353Sschwarze.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
4140a95353Sschwarze.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
4240a95353Sschwarze.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
4340a95353Sschwarze.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
4440a95353Sschwarze.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
4540a95353Sschwarze.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
4640a95353Sschwarze.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
4740a95353Sschwarze.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
4840a95353Sschwarze.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
4940a95353Sschwarze.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
5040a95353Sschwarze.\" OF THE POSSIBILITY OF SUCH DAMAGE.
5140a95353Sschwarze.\"
52*10e00d17Sschwarze.Dd $Mdocdate: March 27 2018 $
53f1a3c524Sschwarze.Dt SSL_CTX_ADD_SESSION 3
54f1a3c524Sschwarze.Os
55f1a3c524Sschwarze.Sh NAME
56f1a3c524Sschwarze.Nm SSL_CTX_add_session ,
578496b612Sschwarze.Nm SSL_CTX_remove_session
58f1a3c524Sschwarze.Nd manipulate session cache
59f1a3c524Sschwarze.Sh SYNOPSIS
60f1a3c524Sschwarze.In openssl/ssl.h
61f1a3c524Sschwarze.Ft int
62f1a3c524Sschwarze.Fn SSL_CTX_add_session "SSL_CTX *ctx" "SSL_SESSION *c"
63f1a3c524Sschwarze.Ft int
64f1a3c524Sschwarze.Fn SSL_CTX_remove_session "SSL_CTX *ctx" "SSL_SESSION *c"
65f1a3c524Sschwarze.Sh DESCRIPTION
66f1a3c524Sschwarze.Fn SSL_CTX_add_session
67f1a3c524Sschwarzeadds the session
68f1a3c524Sschwarze.Fa c
69f1a3c524Sschwarzeto the context
70f1a3c524Sschwarze.Fa ctx .
71f1a3c524SschwarzeThe reference count for session
72f1a3c524Sschwarze.Fa c
73f1a3c524Sschwarzeis incremented by 1.
74f1a3c524SschwarzeIf a session with the same session id already exists,
75f1a3c524Sschwarzethe old session is removed by calling
76f1a3c524Sschwarze.Xr SSL_SESSION_free 3 .
77f1a3c524Sschwarze.Pp
78f1a3c524Sschwarze.Fn SSL_CTX_remove_session
79f1a3c524Sschwarzeremoves the session
80f1a3c524Sschwarze.Fa c
81f1a3c524Sschwarzefrom the context
828496b612Sschwarze.Fa ctx
838496b612Sschwarzeand marks it as non-resumable.
84f1a3c524Sschwarze.Xr SSL_SESSION_free 3
85f1a3c524Sschwarzeis called once for
86f1a3c524Sschwarze.Fa c .
87f1a3c524Sschwarze.Pp
88f1a3c524SschwarzeWhen adding a new session to the internal session cache, it is examined
89f1a3c524Sschwarzewhether a session with the same session id already exists.
90f1a3c524SschwarzeIn this case it is assumed that both sessions are identical.
91f1a3c524SschwarzeIf the same session is stored in a different
92f1a3c524Sschwarze.Vt SSL_SESSION
93f1a3c524Sschwarzeobject, the old session is removed and replaced by the new session.
94f1a3c524SschwarzeIf the session is actually identical (the
95f1a3c524Sschwarze.Vt SSL_SESSION
96f1a3c524Sschwarzeobject is identical),
97f1a3c524Sschwarze.Fn SSL_CTX_add_session
98f1a3c524Sschwarzeis a no-op, and the return value is 0.
99f1a3c524Sschwarze.Pp
100f1a3c524SschwarzeIf a server
101f1a3c524Sschwarze.Vt SSL_CTX
102f1a3c524Sschwarzeis configured with the
103f1a3c524Sschwarze.Dv SSL_SESS_CACHE_NO_INTERNAL_STORE
104f1a3c524Sschwarzeflag then the internal cache will not be populated automatically by new
105f1a3c524Sschwarzesessions negotiated by the SSL/TLS implementation, even though the internal
106f1a3c524Sschwarzecache will be searched automatically for session-resume requests (the
107f1a3c524Sschwarzelatter can be suppressed by
108f1a3c524Sschwarze.Dv SSL_SESS_CACHE_NO_INTERNAL_LOOKUP ) .
109f1a3c524SschwarzeSo the application can use
110f1a3c524Sschwarze.Fn SSL_CTX_add_session
111f1a3c524Sschwarzedirectly to have full control over the sessions that can be resumed if desired.
112f1a3c524Sschwarze.Sh RETURN VALUES
113f1a3c524SschwarzeThe following values are returned by all functions:
114f1a3c524Sschwarze.Bl -tag -width Ds
115f1a3c524Sschwarze.It 0
116f1a3c524SschwarzeThe operation failed.
117f1a3c524SschwarzeIn case of the add operation, it was tried to add the same (identical) session
118f1a3c524Sschwarzetwice.
119f1a3c524SschwarzeIn case of the remove operation, the session was not found in the cache.
120f1a3c524Sschwarze.It 1
121f1a3c524SschwarzeThe operation succeeded.
122f1a3c524Sschwarze.El
123f1a3c524Sschwarze.Sh SEE ALSO
124f1a3c524Sschwarze.Xr ssl 3 ,
125f1a3c524Sschwarze.Xr SSL_CTX_set_session_cache_mode 3 ,
126f1a3c524Sschwarze.Xr SSL_SESSION_free 3
1278fba1ec8Sschwarze.Sh HISTORY
1288fba1ec8Sschwarze.Fn SSL_CTX_add_session
1298fba1ec8Sschwarzeand
1308fba1ec8Sschwarze.Fn SSL_CTX_remove_session
131*10e00d17Sschwarzefirst appeared in SSLeay 0.8.0 and have been available since
1328fba1ec8Sschwarze.Ox 2.4 .
133