Home Verkennen Help
Inloggen
OWEALs
/
openssl
spiegel van git://git.openssl.org/openssl.git
2
0
Vork 0
Bestanden Issues 1 Wiki
Boom: 606e0426a1
Aftakkingen Labels
openssl
/
doc
/
man3
/
SSL_get_session.pod

SSL_get_session.pod 4.2 KB
Geschiedenis Ruwe

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113 
  1. =pod
    2. 

  2. 

  3. =head1 NAME
    4. 

  4. 

  5. SSL_get_session, SSL_get0_session, SSL_get1_session - retrieve TLS/SSL session data
    6. 

  6. 

  7. =head1 SYNOPSIS
    8. 

  8. 

  9.  #include <openssl/ssl.h>
    10. 

  10. 

  11.  SSL_SESSION *SSL_get_session(const SSL *ssl);
    12. 

  12.  SSL_SESSION *SSL_get0_session(const SSL *ssl);
    13. 

  13.  SSL_SESSION *SSL_get1_session(SSL *ssl);
    14. 

  14. 

  15. =head1 DESCRIPTION
    16. 

  16. 

  17. SSL_get_session() returns a pointer to the B<SSL_SESSION> actually used in
    18. 

  18. B<ssl>. The reference count of the B<SSL_SESSION> is not incremented, so
    19. 

  19. that the pointer can become invalid by other operations.
    20. 

  20. 

  21. SSL_get0_session() is the same as SSL_get_session().
    22. 

  22. 

  23. SSL_get1_session() is the same as SSL_get_session(), but the reference
    24. 

  24. count of the B<SSL_SESSION> is incremented by one.
    25. 

  25. 

  26. =head1 NOTES
    27. 

  27. 

  28. The ssl session contains all information required to re-establish the
    29. 

  29. connection without a full handshake for SSL versions up to and including
    30. 

  30. TLSv1.2. In TLSv1.3 the same is true, but sessions are established after the
    31. 

  31. main handshake has occurred. The server will send the session information to the
    32. 

  32. client at a time of its choosing, which may be some while after the initial
    33. 

  33. connection is established (or never). Calling these functions on the client side
    34. 

  34. in TLSv1.3 before the session has been established will still return an
    35. 

  35. SSL_SESSION object but that object cannot be used for resuming the session. See
    36. 

  36. L<SSL_SESSION_is_resumable(3)> for information on how to determine whether an
    37. 

  37. SSL_SESSION object can be used for resumption or not.
    38. 

  38. 

  39. Additionally, in TLSv1.3, a server can send multiple messages that establish a
    40. 

  40. session for a single connection. In that case, on the client side, the above
    41. 

  41. functions will only return information on the last session that was received. On
    42. 

  42. the server side they will only return information on the last session that was
    43. 

  43. sent, or if no session tickets were sent then the session for the current
    44. 

  44. connection.
    45. 

  45. 

  46. The preferred way for applications to obtain a resumable SSL_SESSION object is
    47. 

  47. to use a new session callback as described in L<SSL_CTX_sess_set_new_cb(3)>.
    48. 

  48. The new session callback is only invoked when a session is actually established,
    49. 

  49. so this avoids the problem described above where an application obtains an
    50. 

  50. SSL_SESSION object that cannot be used for resumption in TLSv1.3. It also
    51. 

  51. enables applications to obtain information about all sessions sent by the
    52. 

  52. server.
    53. 

  53. 

  54. A session will be automatically removed from the session cache and marked as
    55. 

  55. non-resumable if the connection is not closed down cleanly, e.g. if a fatal
    56. 

  56. error occurs on the connection or L<SSL_shutdown(3)> is not called prior to
    57. 

  57. L<SSL_free(3)>.
    58. 

  58. 

  59. In TLSv1.3 it is recommended that each SSL_SESSION object is only used for
    60. 

  60. resumption once.
    61. 

  61. 

  62. SSL_get0_session() returns a pointer to the actual session. As the
    63. 

  63. reference counter is not incremented, the pointer is only valid while
    64. 

  64. the connection is in use. If L<SSL_clear(3)> or
    65. 

  65. L<SSL_free(3)> is called, the session may be removed completely
    66. 

  66. (if considered bad), and the pointer obtained will become invalid. Even
    67. 

  67. if the session is valid, it can be removed at any time due to timeout
    68. 

  68. during L<SSL_CTX_flush_sessions(3)>.
    69. 

  69. 

  70. If the data is to be kept, SSL_get1_session() will increment the reference
    71. 

  71. count, so that the session will not be implicitly removed by other operations
    72. 

  72. but stays in memory. In order to remove the session
    73. 

  73. L<SSL_SESSION_free(3)> must be explicitly called once
    74. 

  74. to decrement the reference count again.
    75. 

  75. 

  76. SSL_SESSION objects keep internal link information about the session cache
    77. 

  77. list, when being inserted into one SSL_CTX object's session cache.
    78. 

  78. One SSL_SESSION object, regardless of its reference count, must therefore
    79. 

  79. only be used with one SSL_CTX object (and the SSL objects created
    80. 

  80. from this SSL_CTX object).
    81. 

  81. 

  82. =head1 RETURN VALUES
    83. 

  83. 

  84. The following return values can occur:
    85. 

  85. 

  86. =over 4
    87. 

  87. 

  88. =item NULL
    89. 

  89. 

  90. There is no session available in B<ssl>.
    91. 

  91. 

  92. =item Pointer to an SSL_SESSION
    93. 

  93. 

  94. The return value points to the data of an SSL session.
    95. 

  95. 

  96. =back
    97. 

  97. 

  98. =head1 SEE ALSO
    99. 

  99. 

  100. L<ssl(7)>, L<SSL_free(3)>,
    101. 

  101. L<SSL_clear(3)>,
    102. 

  102. L<SSL_SESSION_free(3)>
    103. 

  103. 

  104. =head1 COPYRIGHT
    105. 

  105. 

  106. Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
    107. 

  107. 

  108. Licensed under the Apache License 2.0 (the "License").  You may not use
    109. 

  109. this file except in compliance with the License.  You can obtain a copy
    110. 

  110. in the file LICENSE in the source distribution or at
    111. 

  111. L<https://www.openssl.org/source/license.html>.
    112. 

  112. 

  113. =cut
    114.