5 SSL_CTX_set_info_callback,
6 SSL_CTX_get_info_callback,
9 - handle information callback for SSL connections
13 #include <openssl/ssl.h>
15 void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*callback)());
16 void (*SSL_CTX_get_info_callback(const SSL_CTX *ctx))();
18 void SSL_set_info_callback(SSL *ssl, void (*callback)());
19 void (*SSL_get_info_callback(const SSL *ssl))();
23 SSL_CTX_set_info_callback() sets the B<callback> function, that can be used to
24 obtain state information for SSL objects created from B<ctx> during connection
25 setup and use. The setting for B<ctx> is overridden from the setting for
26 a specific SSL object, if specified.
27 When B<callback> is NULL, no callback function is used.
29 SSL_set_info_callback() sets the B<callback> function, that can be used to
30 obtain state information for B<ssl> during connection setup and use.
31 When B<callback> is NULL, the callback setting currently valid for
34 SSL_CTX_get_info_callback() returns a pointer to the currently set information
35 callback function for B<ctx>.
37 SSL_get_info_callback() returns a pointer to the currently set information
38 callback function for B<ssl>.
42 When setting up a connection and during use, it is possible to obtain state
43 information from the SSL/TLS engine. When set, an information callback function
44 is called whenever a significant event occurs such as: the state changes,
45 an alert appears, or an error occurs.
47 The callback function is called as B<callback(SSL *ssl, int where, int ret)>.
48 The B<where> argument specifies information about where (in which context)
49 the callback function was called. If B<ret> is 0, an error condition occurred.
50 If an alert is handled, SSL_CB_ALERT is set and B<ret> specifies the alert
53 B<where> is a bitmask made up of the following bits:
59 Callback has been called to indicate state change or some other significant
60 state machine event. This may mean that the callback gets invoked more than once
61 per state in some situations.
65 Callback has been called to indicate exit of a handshake function. This will
66 happen after the end of a handshake, but may happen at other times too such as
67 on error or when IO might otherwise block and non-blocking is being used.
71 Callback has been called during read operation.
75 Callback has been called during write operation.
79 Callback has been called due to an alert being sent or received.
81 =item SSL_CB_READ_ALERT (SSL_CB_ALERT|SSL_CB_READ)
83 =item SSL_CB_WRITE_ALERT (SSL_CB_ALERT|SSL_CB_WRITE)
85 =item SSL_CB_ACCEPT_LOOP (SSL_ST_ACCEPT|SSL_CB_LOOP)
87 =item SSL_CB_ACCEPT_EXIT (SSL_ST_ACCEPT|SSL_CB_EXIT)
89 =item SSL_CB_CONNECT_LOOP (SSL_ST_CONNECT|SSL_CB_LOOP)
91 =item SSL_CB_CONNECT_EXIT (SSL_ST_CONNECT|SSL_CB_EXIT)
93 =item SSL_CB_HANDSHAKE_START
95 Callback has been called because a new handshake is started. It also occurs when
96 resuming a handshake following a pause to handle early data.
98 =item SSL_CB_HANDSHAKE_DONE
100 Callback has been called because a handshake is finished. It also occurs if the
101 handshake is paused to allow the exchange of early data.
105 The current state information can be obtained using the
106 L<SSL_state_string(3)> family of functions.
108 The B<ret> information can be evaluated using the
109 L<SSL_alert_type_string(3)> family of functions.
113 SSL_set_info_callback() does not provide diagnostic information.
115 SSL_get_info_callback() returns the current setting.
119 The following example callback function prints state strings, information
120 about alerts being handled and error messages to the B<bio_err> BIO.
122 void apps_ssl_info_callback(SSL *s, int where, int ret)
125 int w = where & ~SSL_ST_MASK;
127 if (w & SSL_ST_CONNECT)
129 else if (w & SSL_ST_ACCEPT)
134 if (where & SSL_CB_LOOP) {
135 BIO_printf(bio_err, "%s:%s\n", str, SSL_state_string_long(s));
136 } else if (where & SSL_CB_ALERT) {
137 str = (where & SSL_CB_READ) ? "read" : "write";
138 BIO_printf(bio_err, "SSL3 alert %s:%s:%s\n", str,
139 SSL_alert_type_string_long(ret),
140 SSL_alert_desc_string_long(ret));
141 } else if (where & SSL_CB_EXIT) {
143 BIO_printf(bio_err, "%s:failed in %s\n",
144 str, SSL_state_string_long(s));
145 } else if (ret < 0) {
146 BIO_printf(bio_err, "%s:error in %s\n",
147 str, SSL_state_string_long(s));
154 L<ssl(7)>, L<SSL_state_string(3)>,
155 L<SSL_alert_type_string(3)>
159 Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.
161 Licensed under the OpenSSL license (the "License"). You may not use
162 this file except in compliance with the License. You can obtain a copy
163 in the file LICENSE in the source distribution or at
164 L<https://www.openssl.org/source/license.html>.