1*4bc2832dSnaddy.\" $OpenBSD: SSL_CTX_sess_set_get_cb.3,v 1.7 2022/03/29 18:15:52 naddy Exp $ 2fc3f928fSschwarze.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 3f1a3c524Sschwarze.\" 4fc3f928fSschwarze.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>. 5fc3f928fSschwarze.\" Copyright (c) 2001, 2002, 2003, 2016 The OpenSSL Project. 6fc3f928fSschwarze.\" All rights reserved. 7f1a3c524Sschwarze.\" 8fc3f928fSschwarze.\" Redistribution and use in source and binary forms, with or without 9fc3f928fSschwarze.\" modification, are permitted provided that the following conditions 10fc3f928fSschwarze.\" are met: 11fc3f928fSschwarze.\" 12fc3f928fSschwarze.\" 1. Redistributions of source code must retain the above copyright 13fc3f928fSschwarze.\" notice, this list of conditions and the following disclaimer. 14fc3f928fSschwarze.\" 15fc3f928fSschwarze.\" 2. Redistributions in binary form must reproduce the above copyright 16fc3f928fSschwarze.\" notice, this list of conditions and the following disclaimer in 17fc3f928fSschwarze.\" the documentation and/or other materials provided with the 18fc3f928fSschwarze.\" distribution. 19fc3f928fSschwarze.\" 20fc3f928fSschwarze.\" 3. All advertising materials mentioning features or use of this 21fc3f928fSschwarze.\" software must display the following acknowledgment: 22fc3f928fSschwarze.\" "This product includes software developed by the OpenSSL Project 23fc3f928fSschwarze.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 24fc3f928fSschwarze.\" 25fc3f928fSschwarze.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 26fc3f928fSschwarze.\" endorse or promote products derived from this software without 27fc3f928fSschwarze.\" prior written permission. For written permission, please contact 28fc3f928fSschwarze.\" openssl-core@openssl.org. 29fc3f928fSschwarze.\" 30fc3f928fSschwarze.\" 5. Products derived from this software may not be called "OpenSSL" 31fc3f928fSschwarze.\" nor may "OpenSSL" appear in their names without prior written 32fc3f928fSschwarze.\" permission of the OpenSSL Project. 33fc3f928fSschwarze.\" 34fc3f928fSschwarze.\" 6. Redistributions of any form whatsoever must retain the following 35fc3f928fSschwarze.\" acknowledgment: 36fc3f928fSschwarze.\" "This product includes software developed by the OpenSSL Project 37fc3f928fSschwarze.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" 38fc3f928fSschwarze.\" 39fc3f928fSschwarze.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 40fc3f928fSschwarze.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 41fc3f928fSschwarze.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 42fc3f928fSschwarze.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 43fc3f928fSschwarze.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 44fc3f928fSschwarze.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 45fc3f928fSschwarze.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 46fc3f928fSschwarze.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47fc3f928fSschwarze.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 48fc3f928fSschwarze.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 49fc3f928fSschwarze.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 50fc3f928fSschwarze.\" OF THE POSSIBILITY OF SUCH DAMAGE. 51fc3f928fSschwarze.\" 52*4bc2832dSnaddy.Dd $Mdocdate: March 29 2022 $ 53f1a3c524Sschwarze.Dt SSL_CTX_SESS_SET_GET_CB 3 54f1a3c524Sschwarze.Os 55f1a3c524Sschwarze.Sh NAME 56f1a3c524Sschwarze.Nm SSL_CTX_sess_set_new_cb , 57f1a3c524Sschwarze.Nm SSL_CTX_sess_set_remove_cb , 58f1a3c524Sschwarze.Nm SSL_CTX_sess_set_get_cb , 59f1a3c524Sschwarze.Nm SSL_CTX_sess_get_new_cb , 60f1a3c524Sschwarze.Nm SSL_CTX_sess_get_remove_cb , 61f1a3c524Sschwarze.Nm SSL_CTX_sess_get_get_cb 62f1a3c524Sschwarze.Nd provide callback functions for server side external session caching 63f1a3c524Sschwarze.Sh SYNOPSIS 64f1a3c524Sschwarze.In openssl/ssl.h 65f1a3c524Sschwarze.Ft void 66f1a3c524Sschwarze.Fo SSL_CTX_sess_set_new_cb 67f1a3c524Sschwarze.Fa "SSL_CTX *ctx" 68f1a3c524Sschwarze.Fa "int (*new_session_cb)(SSL *, SSL_SESSION *)" 69f1a3c524Sschwarze.Fc 70f1a3c524Sschwarze.Ft void 71f1a3c524Sschwarze.Fo SSL_CTX_sess_set_remove_cb 72f1a3c524Sschwarze.Fa "SSL_CTX *ctx" 73f1a3c524Sschwarze.Fa "void (*remove_session_cb)(SSL_CTX *ctx, SSL_SESSION *)" 74f1a3c524Sschwarze.Fc 75f1a3c524Sschwarze.Ft void 76f1a3c524Sschwarze.Fo SSL_CTX_sess_set_get_cb 77f1a3c524Sschwarze.Fa "SSL_CTX *ctx" 783d01fbe3Sschwarze.Fa "SSL_SESSION (*get_session_cb)(SSL *, const unsigned char *, int, int *)" 79f1a3c524Sschwarze.Fc 80f1a3c524Sschwarze.Ft int 81f1a3c524Sschwarze.Fo "(*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))" 82c2c8a6d1Sschwarze.Fa "SSL *ssl" 83f1a3c524Sschwarze.Fa "SSL_SESSION *sess" 84f1a3c524Sschwarze.Fc 85f1a3c524Sschwarze.Ft void 86f1a3c524Sschwarze.Fo "(*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))" 87c2c8a6d1Sschwarze.Fa "SSL_CTX *ctx" 88f1a3c524Sschwarze.Fa "SSL_SESSION *sess" 89f1a3c524Sschwarze.Fc 90f1a3c524Sschwarze.Ft SSL_SESSION * 91f1a3c524Sschwarze.Fo "(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))" 92c2c8a6d1Sschwarze.Fa "SSL *ssl" 933d01fbe3Sschwarze.Fa "const unsigned char *data" 94f1a3c524Sschwarze.Fa "int len" 95f1a3c524Sschwarze.Fa "int *copy" 96f1a3c524Sschwarze.Fc 97f1a3c524Sschwarze.Ft int 98f1a3c524Sschwarze.Fo "(*new_session_cb)" 99c2c8a6d1Sschwarze.Fa "SSL *ssl" 100f1a3c524Sschwarze.Fa "SSL_SESSION *sess" 101f1a3c524Sschwarze.Fc 102f1a3c524Sschwarze.Ft void 103f1a3c524Sschwarze.Fo "(*remove_session_cb)" 104c2c8a6d1Sschwarze.Fa "SSL_CTX *ctx" 105f1a3c524Sschwarze.Fa "SSL_SESSION *sess" 106f1a3c524Sschwarze.Fc 107f1a3c524Sschwarze.Ft SSL_SESSION * 108f1a3c524Sschwarze.Fo "(*get_session_cb)" 109c2c8a6d1Sschwarze.Fa "SSL *ssl" 110f1a3c524Sschwarze.Fa "unsigned char *data" 111f1a3c524Sschwarze.Fa "int len" 112f1a3c524Sschwarze.Fa "int *copy" 113f1a3c524Sschwarze.Fc 114f1a3c524Sschwarze.Sh DESCRIPTION 115f1a3c524Sschwarze.Fn SSL_CTX_sess_set_new_cb 116f1a3c524Sschwarzesets the callback function which is automatically called whenever a new session 117f1a3c524Sschwarzewas negotiated. 118f1a3c524Sschwarze.Pp 119f1a3c524Sschwarze.Fn SSL_CTX_sess_set_remove_cb 120f1a3c524Sschwarzesets the callback function which is automatically called whenever a session is 121f1a3c524Sschwarzeremoved by the SSL engine (because it is considered faulty or the session has 122f1a3c524Sschwarzebecome obsolete because of exceeding the timeout value). 123f1a3c524Sschwarze.Pp 124f1a3c524Sschwarze.Fn SSL_CTX_sess_set_get_cb 125f1a3c524Sschwarzesets the callback function which is called whenever a SSL/TLS client proposes 126f1a3c524Sschwarzeto resume a session but the session cannot be found in the internal session 127f1a3c524Sschwarzecache (see 128f1a3c524Sschwarze.Xr SSL_CTX_set_session_cache_mode 3 ) . 129f1a3c524Sschwarze(SSL/TLS server only.) 130f1a3c524Sschwarze.Pp 131f1a3c524Sschwarze.Fn SSL_CTX_sess_get_new_cb , 132f1a3c524Sschwarze.Fn SSL_CTX_sess_get_remove_cb , 133f1a3c524Sschwarzeand 134f1a3c524Sschwarze.Fn SSL_CTX_sess_get_get_cb 135f1a3c524Sschwarzeretrieve the function pointers of the provided callback functions. 136f1a3c524SschwarzeIf a callback function has not been set, the 137f1a3c524Sschwarze.Dv NULL 138f1a3c524Sschwarzepointer is returned. 139fc3f928fSschwarze.Pp 140f1a3c524SschwarzeIn order to allow external session caching, synchronization with the internal 141f1a3c524Sschwarzesession cache is realized via callback functions. 142f1a3c524SschwarzeInside these callback functions, session can be saved to disk or put into a 143f1a3c524Sschwarzedatabase using the 144f1a3c524Sschwarze.Xr d2i_SSL_SESSION 3 145f1a3c524Sschwarzeinterface. 146f1a3c524Sschwarze.Pp 147f1a3c524SschwarzeThe 148f1a3c524Sschwarze.Fn new_session_cb 149f1a3c524Sschwarzefunction is called whenever a new session has been negotiated and session 150f1a3c524Sschwarzecaching is enabled (see 151f1a3c524Sschwarze.Xr SSL_CTX_set_session_cache_mode 3 ) . 152f1a3c524SschwarzeThe 153f1a3c524Sschwarze.Fn new_session_cb 154*4bc2832dSnaddyfunction is passed the 155f1a3c524Sschwarze.Fa ssl 156f1a3c524Sschwarzeconnection and the ssl session 157f1a3c524Sschwarze.Fa sess . 158f1a3c524SschwarzeIf the callback returns 0, the session will be immediately removed again. 159f1a3c524Sschwarze.Pp 160f1a3c524SschwarzeThe 161f1a3c524Sschwarze.Fn remove_session_cb 162*4bc2832dSnaddyfunction is called whenever the SSL engine removes a session from the 163*4bc2832dSnaddyinternal cache. 164f1a3c524SschwarzeThis happens when the session is removed because it is expired or when a 165f1a3c524Sschwarzeconnection was not shut down cleanly. 166f1a3c524SschwarzeIt also happens for all sessions in the internal session cache when 167f1a3c524Sschwarze.Xr SSL_CTX_free 3 168f1a3c524Sschwarzeis called. 169f1a3c524SschwarzeThe 170f1a3c524Sschwarze.Fn remove_session_cb 171f1a3c524Sschwarzefunction is passed the 172f1a3c524Sschwarze.Fa ctx 173f1a3c524Sschwarzeand the 174f1a3c524Sschwarze.Vt ssl 175f1a3c524Sschwarzesession 176f1a3c524Sschwarze.Fa sess . 177f1a3c524SschwarzeIt does not provide any feedback. 178f1a3c524Sschwarze.Pp 179f1a3c524SschwarzeThe 180f1a3c524Sschwarze.Fn get_session_cb 181f1a3c524Sschwarzefunction is only called on SSL/TLS servers with the session id proposed by the 182f1a3c524Sschwarzeclient. 183f1a3c524SschwarzeThe 184f1a3c524Sschwarze.Fn get_session_cb 185f1a3c524Sschwarzefunction is always called, also when session caching was disabled. 186f1a3c524SschwarzeThe 187f1a3c524Sschwarze.Fn get_session_cb 188*4bc2832dSnaddyfunction is passed the 189f1a3c524Sschwarze.Fa ssl 190f1a3c524Sschwarzeconnection, the session id of length 191f1a3c524Sschwarze.Fa length 192f1a3c524Sschwarzeat the memory location 193f1a3c524Sschwarze.Fa data . 194f1a3c524SschwarzeWith the parameter 195f1a3c524Sschwarze.Fa copy 196f1a3c524Sschwarzethe callback can require the SSL engine to increment the reference count of the 197f1a3c524Sschwarze.Vt SSL_SESSION 198f1a3c524Sschwarzeobject, 199f1a3c524SschwarzeNormally the reference count is not incremented and therefore the session must 200f1a3c524Sschwarzenot be explicitly freed with 201f1a3c524Sschwarze.Xr SSL_SESSION_free 3 . 202f1a3c524Sschwarze.Sh SEE ALSO 203f1a3c524Sschwarze.Xr d2i_SSL_SESSION 3 , 204f1a3c524Sschwarze.Xr ssl 3 , 205f1a3c524Sschwarze.Xr SSL_CTX_flush_sessions 3 , 206f1a3c524Sschwarze.Xr SSL_CTX_free 3 , 207f1a3c524Sschwarze.Xr SSL_CTX_set_session_cache_mode 3 , 208f1a3c524Sschwarze.Xr SSL_SESSION_free 3 2098fba1ec8Sschwarze.Sh HISTORY 21010e00d17Sschwarze.Fn SSL_CTX_sess_set_new_cb , 21110e00d17Sschwarze.Fn SSL_CTX_sess_set_get_cb , 21210e00d17Sschwarze.Fn SSL_CTX_sess_get_new_cb , 21310e00d17Sschwarzeand 21410e00d17Sschwarze.Fn SSL_CTX_sess_get_get_cb 21510e00d17Sschwarzefirst appeared in SSLeay 0.6.0. 21610e00d17Sschwarze.Fn SSL_CTX_sess_set_remove_cb 21710e00d17Sschwarzeand 21810e00d17Sschwarze.Fn SSL_CTX_sess_get_remove_cb 21910e00d17Sschwarzefirst appeared in SSLeay 0.8.0. 22010e00d17SschwarzeThese functions have been available since 2218fba1ec8Sschwarze.Ox 2.4 . 222