NAME
SSL_CTX_sess_set_new_cb,
SSL_CTX_sess_set_remove_cb,
SSL_CTX_sess_set_get_cb,
SSL_CTX_sess_get_new_cb,
SSL_CTX_sess_get_remove_cb,
SSL_CTX_sess_get_get_cb —
provide callback functions for server
side external session caching
SYNOPSIS
#include
<openssl/ssl.h>
void
SSL_CTX_sess_set_new_cb(SSL_CTX
*ctx, int (*new_session_cb)(SSL *, SSL_SESSION
*));
void
SSL_CTX_sess_set_remove_cb(SSL_CTX
*ctx, void (*remove_session_cb)(SSL_CTX *ctx,
SSL_SESSION *));
void
SSL_CTX_sess_set_get_cb(SSL_CTX
*ctx, SSL_SESSION (*get_session_cb)(SSL *, const
unsigned char *, int, int *));
int
(*SSL_CTX_sess_get_new_cb(SSL_CTX
*ctx))(SSL *ssl, SSL_SESSION
*sess);
void
(*SSL_CTX_sess_get_remove_cb(SSL_CTX
*ctx))(SSL_CTX *ctx,
SSL_SESSION *sess);
SSL_SESSION *
(*SSL_CTX_sess_get_get_cb(SSL_CTX
*ctx))(SSL *ssl, const unsigned
char *data, int len, int
*copy);
int
(*new_session_cb)(SSL *ssl,
SSL_SESSION *sess);
void
(*remove_session_cb)(SSL_CTX
*ctx, SSL_SESSION *sess);
SSL_SESSION *
(*get_session_cb)(SSL *ssl,
unsigned char *data, int len,
int *copy);
DESCRIPTION
SSL_CTX_sess_set_new_cb()
sets the callback function which is automatically called whenever a new
session was negotiated.
SSL_CTX_sess_set_remove_cb()
sets the callback function which is automatically called whenever a session
is removed by the SSL engine (because it is considered faulty or the session
has become obsolete because of exceeding the timeout value).
SSL_CTX_sess_set_get_cb()
sets the callback function which is called whenever a SSL/TLS client
proposes to resume a session but the session cannot be found in the internal
session cache (see
SSL_CTX_set_session_cache_mode(3)). (SSL/TLS server
only.)
SSL_CTX_sess_get_new_cb(),
SSL_CTX_sess_get_remove_cb(),
and
SSL_CTX_sess_get_get_cb()
retrieve the function pointers of the provided callback functions. If a
callback function has not been set, the NULL pointer
is returned.
In order to allow external session caching, synchronization with the internal session cache is realized via callback functions. Inside these callback functions, session can be saved to disk or put into a database using the d2i_SSL_SESSION(3) interface.
The
new_session_cb()
function is called whenever a new session has been negotiated and session
caching is enabled (see
SSL_CTX_set_session_cache_mode(3)). The
new_session_cb() is passed the
ssl connection and the ssl session
sess. If the callback returns 0, the session will be
immediately removed again.
The
remove_session_cb()
is called whenever the SSL engine removes a session from the internal cache.
This happens when the session is removed because it is expired or when a
connection was not shut down cleanly. It also happens for all sessions in
the internal session cache when
SSL_CTX_free(3) is called. The
remove_session_cb() function is passed the
ctx and the ssl session
sess. It does not provide any feedback.
The
get_session_cb()
function is only called on SSL/TLS servers with the session id proposed by
the client. The get_session_cb() function is always
called, also when session caching was disabled. The
get_session_cb() is passed the
ssl connection, the session id of length
length at the memory location
data. With the parameter copy
the callback can require the SSL engine to increment the reference count of
the SSL_SESSION object, Normally the reference count
is not incremented and therefore the session must not be explicitly freed
with SSL_SESSION_free(3).
SEE ALSO
d2i_SSL_SESSION(3), ssl(3), SSL_CTX_flush_sessions(3), SSL_CTX_free(3), SSL_CTX_set_session_cache_mode(3), SSL_SESSION_free(3)
HISTORY
SSL_CTX_sess_set_new_cb(),
SSL_CTX_sess_set_get_cb(),
SSL_CTX_sess_get_new_cb(), and
SSL_CTX_sess_get_get_cb() first appeared in SSLeay
0.6.0. SSL_CTX_sess_set_remove_cb() and
SSL_CTX_sess_get_remove_cb() first appeared in
SSLeay 0.8.0. These functions have been available since
OpenBSD 2.4.