SSL_CTX_set_info_callback.pod 5.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170
  1. =pod
  2. =head1 NAME
  3. SSL_CTX_set_info_callback,
  4. SSL_CTX_get_info_callback,
  5. SSL_set_info_callback,
  6. SSL_get_info_callback
  7. - handle information callback for SSL connections
  8. =head1 SYNOPSIS
  9. #include <openssl/ssl.h>
  10. void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*callback)());
  11. void (*SSL_CTX_get_info_callback(const SSL_CTX *ctx))();
  12. void SSL_set_info_callback(SSL *ssl, void (*callback)());
  13. void (*SSL_get_info_callback(const SSL *ssl))();
  14. =head1 DESCRIPTION
  15. SSL_CTX_set_info_callback() sets the B<callback> function, that can be used to
  16. obtain state information for SSL objects created from B<ctx> during connection
  17. setup and use. The setting for B<ctx> is overridden from the setting for
  18. a specific SSL object, if specified.
  19. When B<callback> is NULL, no callback function is used.
  20. SSL_set_info_callback() sets the B<callback> function, that can be used to
  21. obtain state information for B<ssl> during connection setup and use.
  22. When B<callback> is NULL, the callback setting currently valid for
  23. B<ctx> is used.
  24. SSL_CTX_get_info_callback() returns a pointer to the currently set information
  25. callback function for B<ctx>.
  26. SSL_get_info_callback() returns a pointer to the currently set information
  27. callback function for B<ssl>.
  28. =head1 NOTES
  29. When setting up a connection and during use, it is possible to obtain state
  30. information from the SSL/TLS engine. When set, an information callback function
  31. is called whenever a significant event occurs such as: the state changes,
  32. an alert appears, or an error occurs.
  33. The callback function is called as B<callback(SSL *ssl, int where, int ret)>.
  34. The B<where> argument specifies information about where (in which context)
  35. the callback function was called. If B<ret> is 0, an error condition occurred.
  36. If an alert is handled, SSL_CB_ALERT is set and B<ret> specifies the alert
  37. information.
  38. B<where> is a bitmask made up of the following bits:
  39. =over 4
  40. =item SSL_CB_LOOP
  41. Callback has been called to indicate state change or some other significant
  42. state machine event. This may mean that the callback gets invoked more than once
  43. per state in some situations.
  44. =item SSL_CB_EXIT
  45. Callback has been called to indicate exit of a handshake function. This will
  46. happen after the end of a handshake, but may happen at other times too such as
  47. on error or when IO might otherwise block and non-blocking is being used.
  48. =item SSL_CB_READ
  49. Callback has been called during read operation.
  50. =item SSL_CB_WRITE
  51. Callback has been called during write operation.
  52. =item SSL_CB_ALERT
  53. Callback has been called due to an alert being sent or received.
  54. =item SSL_CB_READ_ALERT (SSL_CB_ALERT|SSL_CB_READ)
  55. =item SSL_CB_WRITE_ALERT (SSL_CB_ALERT|SSL_CB_WRITE)
  56. =item SSL_CB_ACCEPT_LOOP (SSL_ST_ACCEPT|SSL_CB_LOOP)
  57. =item SSL_CB_ACCEPT_EXIT (SSL_ST_ACCEPT|SSL_CB_EXIT)
  58. =item SSL_CB_CONNECT_LOOP (SSL_ST_CONNECT|SSL_CB_LOOP)
  59. =item SSL_CB_CONNECT_EXIT (SSL_ST_CONNECT|SSL_CB_EXIT)
  60. =item SSL_CB_HANDSHAKE_START
  61. Callback has been called because a new handshake is started. In TLSv1.3 this is
  62. also used for the start of post-handshake message exchanges such as for the
  63. exchange of session tickets, or for key updates. It also occurs when resuming a
  64. handshake following a pause to handle early data.
  65. =item SSL_CB_HANDSHAKE_DONE 0x20
  66. Callback has been called because a handshake is finished. In TLSv1.3 this is
  67. also used at the end of an exchange of post-handshake messages such as for
  68. session tickets or key updates. It also occurs if the handshake is paused to
  69. allow the exchange of early data.
  70. =back
  71. The current state information can be obtained using the
  72. L<SSL_state_string(3)> family of functions.
  73. The B<ret> information can be evaluated using the
  74. L<SSL_alert_type_string(3)> family of functions.
  75. =head1 RETURN VALUES
  76. SSL_set_info_callback() does not provide diagnostic information.
  77. SSL_get_info_callback() returns the current setting.
  78. =head1 EXAMPLES
  79. The following example callback function prints state strings, information
  80. about alerts being handled and error messages to the B<bio_err> BIO.
  81. void apps_ssl_info_callback(SSL *s, int where, int ret)
  82. {
  83. const char *str;
  84. int w = where & ~SSL_ST_MASK;
  85. if (w & SSL_ST_CONNECT)
  86. str = "SSL_connect";
  87. else if (w & SSL_ST_ACCEPT)
  88. str = "SSL_accept";
  89. else
  90. str = "undefined";
  91. if (where & SSL_CB_LOOP) {
  92. BIO_printf(bio_err, "%s:%s\n", str, SSL_state_string_long(s));
  93. } else if (where & SSL_CB_ALERT) {
  94. str = (where & SSL_CB_READ) ? "read" : "write";
  95. BIO_printf(bio_err, "SSL3 alert %s:%s:%s\n", str,
  96. SSL_alert_type_string_long(ret),
  97. SSL_alert_desc_string_long(ret));
  98. } else if (where & SSL_CB_EXIT) {
  99. if (ret == 0) {
  100. BIO_printf(bio_err, "%s:failed in %s\n",
  101. str, SSL_state_string_long(s));
  102. } else if (ret < 0) {
  103. BIO_printf(bio_err, "%s:error in %s\n",
  104. str, SSL_state_string_long(s));
  105. }
  106. }
  107. }
  108. =head1 SEE ALSO
  109. L<ssl(7)>, L<SSL_state_string(3)>,
  110. L<SSL_alert_type_string(3)>
  111. =head1 COPYRIGHT
  112. Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
  113. Licensed under the OpenSSL license (the "License"). You may not use
  114. this file except in compliance with the License. You can obtain a copy
  115. in the file LICENSE in the source distribution or at
  116. L<https://www.openssl.org/source/license.html>.
  117. =cut