|
Packit |
c4476c |
=pod
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=head1 NAME
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
SSL_CTX_set_session_id_context, SSL_set_session_id_context - set context within which session can be reused (server side only)
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=head1 SYNOPSIS
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
#include <openssl/ssl.h>
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx,
|
|
Packit |
c4476c |
unsigned int sid_ctx_len);
|
|
Packit |
c4476c |
int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
|
|
Packit |
c4476c |
unsigned int sid_ctx_len);
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=head1 DESCRIPTION
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
SSL_CTX_set_session_id_context() sets the context B<sid_ctx> of length
|
|
Packit |
c4476c |
B<sid_ctx_len> within which a session can be reused for the B<ctx> object.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
SSL_set_session_id_context() sets the context B<sid_ctx> of length
|
|
Packit |
c4476c |
B<sid_ctx_len> within which a session can be reused for the B<ssl> object.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=head1 NOTES
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
Sessions are generated within a certain context. When exporting/importing
|
|
Packit |
c4476c |
sessions with B<i2d_SSL_SESSION>/B<d2i_SSL_SESSION> it would be possible,
|
|
Packit |
c4476c |
to re-import a session generated from another context (e.g. another
|
|
Packit |
c4476c |
application), which might lead to malfunctions. Therefore each application
|
|
Packit |
c4476c |
must set its own session id context B<sid_ctx> which is used to distinguish
|
|
Packit |
c4476c |
the contexts and is stored in exported sessions. The B<sid_ctx> can be
|
|
Packit |
c4476c |
any kind of binary data with a given length, it is therefore possible
|
|
Packit |
c4476c |
to use e.g. the name of the application and/or the hostname and/or service
|
|
Packit |
c4476c |
name ...
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
The session id context becomes part of the session. The session id context
|
|
Packit |
c4476c |
is set by the SSL/TLS server. The SSL_CTX_set_session_id_context() and
|
|
Packit |
c4476c |
SSL_set_session_id_context() functions are therefore only useful on the
|
|
Packit |
c4476c |
server side.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
OpenSSL clients will check the session id context returned by the server
|
|
Packit |
c4476c |
when reusing a session.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
The maximum length of the B<sid_ctx> is limited to
|
|
Packit |
c4476c |
B<SSL_MAX_SID_CTX_LENGTH>.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=head1 WARNINGS
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
If the session id context is not set on an SSL/TLS server and client
|
|
Packit |
c4476c |
certificates are used, stored sessions
|
|
Packit |
c4476c |
will not be reused but a fatal error will be flagged and the handshake
|
|
Packit |
c4476c |
will fail.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
If a server returns a different session id context to an OpenSSL client
|
|
Packit |
c4476c |
when reusing a session, an error will be flagged and the handshake will
|
|
Packit |
c4476c |
fail. OpenSSL servers will always return the correct session id context,
|
|
Packit |
c4476c |
as an OpenSSL server checks the session id context itself before reusing
|
|
Packit |
c4476c |
a session as described above.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=head1 RETURN VALUES
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
SSL_CTX_set_session_id_context() and SSL_set_session_id_context()
|
|
Packit |
c4476c |
return the following values:
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=over 4
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=item Z<>0
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
The length B<sid_ctx_len> of the session id context B<sid_ctx> exceeded
|
|
Packit |
c4476c |
the maximum allowed length of B<SSL_MAX_SID_CTX_LENGTH>. The error
|
|
Packit |
c4476c |
is logged to the error stack.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=item Z<>1
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
The operation succeeded.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=back
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=head1 SEE ALSO
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
L<ssl(7)>
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=head1 COPYRIGHT
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
Licensed under the OpenSSL license (the "License"). You may not use
|
|
Packit |
c4476c |
this file except in compliance with the License. You can obtain a copy
|
|
Packit |
c4476c |
in the file LICENSE in the source distribution or at
|
|
Packit |
c4476c |
L<https://www.openssl.org/source/license.html>.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=cut
|