Startseite Erkunden Hilfe
Anmelden
OWEALs
/
openssl
Mirror von git://git.openssl.org/openssl.git
2
0
Fork 0
Dateien Issues 1 Wiki
Struktur: 6594baf645
Branches Tags
openssl
/
doc
/
man3
/
SSL_CTX_set_msg_callback.pod

SSL_CTX_set_msg_callback.pod 6.6 KB
Verlauf Originalformat

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191 
  1. =pod
    2. 

  2. 

  3. =head1 NAME
    4. 

  4. 

  5. SSL_CTX_set_msg_callback,
    6. 

  6. SSL_CTX_set_msg_callback_arg,
    7. 

  7. SSL_set_msg_callback,
    8. 

  8. SSL_set_msg_callback_arg,
    9. 

  9. SSL_trace
    10. 

  10. - install callback for observing protocol messages
    11. 

  11. 

  12. =head1 SYNOPSIS
    13. 

  13. 

  14.  #include <openssl/ssl.h>
    15. 

  15. 

  16.  void SSL_CTX_set_msg_callback(SSL_CTX *ctx,
    17. 

  17.                                void (*cb)(int write_p, int version,
    18. 

  18.                                           int content_type, const void *buf,
    19. 

  19.                                           size_t len, SSL *ssl, void *arg));
    20. 

  20.  void SSL_CTX_set_msg_callback_arg(SSL_CTX *ctx, void *arg);
    21. 

  21. 

  22.  void SSL_set_msg_callback(SSL *ssl,
    23. 

  23.                            void (*cb)(int write_p, int version,
    24. 

  24.                                       int content_type, const void *buf,
    25. 

  25.                                       size_t len, SSL *ssl, void *arg));
    26. 

  26.  void SSL_set_msg_callback_arg(SSL *ssl, void *arg);
    27. 

  27. 

  28.  void SSL_trace(int write_p, int version, int content_type,
    29. 

  29.                 const void *buf, size_t len, SSL *ssl, void *arg);
    30. 

  30. 

  31. =head1 DESCRIPTION
    32. 

  32. 

  33. SSL_CTX_set_msg_callback() or SSL_set_msg_callback() can be used to
    34. 

  34. define a message callback function I<cb> for observing all SSL/TLS/QUIC
    35. 

  35. protocol messages (such as handshake messages) that are received or
    36. 

  36. sent, as well as other events that occur during processing.
    37. 

  37. SSL_CTX_set_msg_callback_arg() and SSL_set_msg_callback_arg()
    38. 

  38. can be used to set argument I<arg> to the callback function, which is
    39. 

  39. available for arbitrary application use.
    40. 

  40. 

  41. SSL_CTX_set_msg_callback() and SSL_CTX_set_msg_callback_arg() specify
    42. 

  42. default settings that will be copied to new B<SSL> objects by
    43. 

  43. L<SSL_new(3)>. SSL_set_msg_callback() and
    44. 

  44. SSL_set_msg_callback_arg() modify the actual settings of an B<SSL>
    45. 

  45. object. Using a B<NULL> pointer for I<cb> disables the message callback.
    46. 

  46. 

  47. When I<cb> is called by the SSL/TLS/QUIC library the function arguments have the
    48. 

  48. following meaning:
    49. 

  49. 

  50. =over 4
    51. 

  51. 

  52. =item I<write_p>
    53. 

  53. 

  54. This flag is B<0> when a protocol message has been received and B<1>
    55. 

  55. when a protocol message has been sent.
    56. 

  56. 

  57. =item I<version>
    58. 

  58. 

  59. The protocol version according to which the protocol message is
    60. 

  60. interpreted by the library such as B<TLS1_3_VERSION>, B<TLS1_2_VERSION>,
    61. 

  61. B<OSSL_QUIC1_VERSION> etc. For the SSL3_RT_HEADER pseudo
    62. 

  62. content type (see NOTES below) this value will be the decoded
    63. 

  63. version/legacy_version field of the record header.
    64. 

  64. 

  65. =item I<content_type>
    66. 

  66. 

  67. This is one of the content type values defined in the protocol specification
    68. 

  68. (B<SSL3_RT_CHANGE_CIPHER_SPEC>, B<SSL3_RT_ALERT>, B<SSL3_RT_HANDSHAKE>; but never
    69. 

  69. B<SSL3_RT_APPLICATION_DATA> because the callback will only be called for protocol
    70. 

  70. messages). Alternatively it may be a "pseudo" content type. These pseudo
    71. 

  71. content types are used to signal some other event in the processing of data (see
    72. 

  72. NOTES below).
    73. 

  73. 

  74. =item I<buf>, I<len>
    75. 

  75. 

  76. I<buf> points to a buffer containing the protocol message or other data (in the
    77. 

  77. case of pseudo content types), which consists of I<len> bytes. The buffer is no
    78. 

  78. longer valid after the callback function has returned.
    79. 

  79. 

  80. =item I<ssl>
    81. 

  81. 

  82. The B<SSL> object that received or sent the message.
    83. 

  83. 

  84. =item I<arg>
    85. 

  85. 

  86. The user-defined argument optionally defined by
    87. 

  87. SSL_CTX_set_msg_callback_arg() or SSL_set_msg_callback_arg().
    88. 

  88. 

  89. =back
    90. 

  90. 

  91. The SSL_trace() function can be used as a pre-written callback in a call to
    92. 

  92. SSL_CTX_set_msg_callback() or SSL_set_msg_callback(). It requires a BIO to be
    93. 

  93. set as the callback argument via SSL_CTX_set_msg_callback_arg() or
    94. 

  94. SSL_set_msg_callback_arg(). Setting this callback will cause human readable
    95. 

  95. diagostic tracing information about an SSL/TLS/QUIC connection to be written to
    96. 

  96. the BIO.
    97. 

  97. 

  98. =head1 NOTES
    99. 

  99. 

  100. Protocol messages are passed to the callback function after decryption
    101. 

  101. and fragment collection where applicable. (Thus record boundaries are
    102. 

  102. not visible.)
    103. 

  103. 

  104. If processing a received protocol message results in an error,
    105. 

  105. the callback function may not be called.  For example, the callback
    106. 

  106. function will never see messages that are considered too large to be
    107. 

  107. processed.
    108. 

  108. 

  109. Due to automatic protocol version negotiation, I<version> is not
    110. 

  110. necessarily the protocol version used by the sender of the message: If
    111. 

  111. a TLS 1.0 ClientHello message is received by an SSL 3.0-only server,
    112. 

  112. I<version> will be B<SSL3_VERSION>.
    113. 

  113. 

  114. Pseudo content type values may be sent at various points during the processing
    115. 

  115. of data. The following pseudo content types are currently defined:
    116. 

  116. 

  117. =over 4
    118. 

  118. 

  119. =item B<SSL3_RT_HEADER>
    120. 

  120. 

  121. Used when a TLS record is sent or received. The B<buf> contains the record header
    122. 

  122. bytes only.
    123. 

  123. 

  124. =item B<SSL3_RT_INNER_CONTENT_TYPE>
    125. 

  125. 

  126. Used when an encrypted TLSv1.3 record is sent or received. In encrypted TLSv1.3
    127. 

  127. records the content type in the record header is always
    128. 

  128. SSL3_RT_APPLICATION_DATA. The real content type for the record is contained in
    129. 

  129. an "inner" content type. B<buf> contains the encoded "inner" content type byte.
    130. 

  130. 

  131. =item B<SSL3_RT_QUIC_DATAGRAM>
    132. 

  132. 

  133. Used when a QUIC datagram is sent or received.
    134. 

  134. 

  135. =item B<SSL3_RT_QUIC_PACKET>
    136. 

  136. 

  137. Used when a QUIC packet is sent or received.
    138. 

  138. 

  139. =item B<SSL3_RT_QUIC_FRAME_FULL>
    140. 

  140. 

  141. Used when a QUIC frame is sent or received. This is only used for non-crypto
    142. 

  142. and stream data related frames. The full QUIC frame data is supplied.
    143. 

  143. 

  144. =item B<SSL3_RT_QUIC_FRAME_HEADER>
    145. 

  145. 

  146. Used when a QUIC stream data or crypto frame is sent or received. Only the QUIC
    147. 

  147. frame header data is supplied.
    148. 

  148. 

  149. =item B<SSL3_RT_QUIC_FRAME_PADDING>
    150. 

  150. 

  151. Used when a sequence of one or more QUIC padding frames is sent or received.
    152. 

  152. A padding frame consists of a single byte and it is common to have multiple
    153. 

  153. such frames in a sequence. Rather than supplying each frame individually the
    154. 

  154. callback will supply all the padding frames in one go via this pseudo content
    155. 

  155. type.
    156. 

  156. 

  157. =back
    158. 

  158. 

  159. =head1 RETURN VALUES
    160. 

  160. 

  161. SSL_CTX_set_msg_callback(), SSL_CTX_set_msg_callback_arg(), SSL_set_msg_callback()
    162. 

  162. and SSL_set_msg_callback_arg() do not return values.
    163. 

  163. 

  164. =head1 SEE ALSO
    165. 

  165. 

  166. L<ssl(7)>, L<SSL_new(3)>
    167. 

  167. 

  168. =head1 HISTORY
    169. 

  169. 

  170. The pseudo content type B<SSL3_RT_INNER_CONTENT_TYPE> was added in OpenSSL 1.1.1.
    171. 

  171. 

  172. The pseudo content types B<SSL3_RT_QUIC_DATAGRAM>, B<SSL3_RT_QUIC_PACKET>,
    173. 

  173. B<SSL3_RT_QUIC_FRAME_FULL>, B<SSL3_RT_QUIC_FRAME_HEADER> and
    174. 

  174. B<SSL3_RT_QUIC_FRAME_PADDING> were added in OpenSSL 3.2.
    175. 

  175. 

  176. In versions previous to OpenSSL 3.0 I<cb> was called with 0 as I<version> for
    177. 

  177. the pseudo content type B<SSL3_RT_HEADER> for TLS records.
    178. 

  178. 

  179. In versions previous to OpenSSL 3.2 I<cb> was called with 0 as I<version> for
    180. 

  180. the pseudo content type B<SSL3_RT_HEADER> for DTLS records.
    181. 

  181. 

  182. =head1 COPYRIGHT
    183. 

  183. 

  184. Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved.
    185. 

  185. 

  186. Licensed under the Apache License 2.0 (the "License").  You may not use
    187. 

  187. this file except in compliance with the License.  You can obtain a copy
    188. 

  188. in the file LICENSE in the source distribution or at
    189. 

  189. L<https://www.openssl.org/source/license.html>.
    190. 

  190. 

  191. =cut
    192.