=head1 NAME
SSL_CTX_set_tlsext_status_cb,
+SSL_CTX_get_tlsext_status_cb,
SSL_CTX_set_tlsext_status_arg,
+SSL_CTX_get_tlsext_status_arg,
SSL_CTX_set_tlsext_status_type,
SSL_CTX_get_tlsext_status_type,
SSL_set_tlsext_status_type,
long SSL_CTX_set_tlsext_status_cb(SSL_CTX *ctx,
int (*callback)(SSL *, void *));
+ long SSL_CTX_get_tlsext_status_cb(SSL_CTX *ctx,
+ int (**callback)(SSL *, void *));
+
long SSL_CTX_set_tlsext_status_arg(SSL_CTX *ctx, void *arg);
+ long SSL_CTX_get_tlsext_status_arg(SSL_CTX *ctx, void **arg);
long SSL_CTX_set_tlsext_status_type(SSL_CTX *ctx, int type);
long SSL_CTX_get_tlsext_status_type(SSL_CTX *ctx);
previously set via a call to SSL_CTX_set_tlsext_status_arg(). Note that the
callback will not be called in the event of a handshake where session resumption
occurs (because there are no Certificates exchanged in such a handshake).
+The callback previously set via SSL_CTX_set_tlsext_status_cb() can be retrieved
+by calling SSL_CTX_get_tlsext_status_cb(), and the argument by calling
+SSL_CTX_get_tlsext_status_arg().
On the client side SSL_get_tlsext_status_type() can be used to determine whether
the client has previously called SSL_set_tlsext_status_type(). It will return
--- /dev/null
+=pod
+
+=head1 NAME
+
+SSL_SESSION_get0_id_context - get the SSL ID context associated with a session
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *s,
+ unsigned int *len)
+
+=head1 DESCRIPTION
+
+SSL_SESSION_get0_id_context() returns the ID context associated with
+the SSL/TLS session B<s>. The length of the ID context is written to
+B<*len> if B<len> is not NULL.
+
+The value returned is a pointer to an object maintained within B<s> and
+should not be released.
+
+=head1 SEE ALSO
+
+L<ssl(3)>,
+L<SSL_set_session_id_context(3)>
+
+=head1 HISTORY
+
+SSL_SESSION_get0_id_context() was first added to OpenSSL 1.1.0
+
+=head1 COPYRIGHT
+
+Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License"). You may not use
+this file except in compliance with the License. You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
--- /dev/null
+=pod
+
+=head1 NAME
+
+SSL_SESSION_set1_id - set the SSL session ID
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid,
+ unsigned int sid_len);
+
+=head1 DESCRIPTION
+
+SSL_SESSION_set1_id() sets the the session ID for the B<ssl> SSL/TLS session
+to B<sid> of length B<sid_len>.
+
+=head1 RETURN VALUES
+
+SSL_SESSION_set1_id() returns 1 for success and 0 for failure, for example
+if the supplied session ID length exceeds B<SSL_MAX_SSL_SESSION_ID_LENGTH>.
+
+=head1 SEE ALSO
+
+L<ssl(3)>
+
+=head1 HISTORY
+
+SSL_SESSION_set1_id() was first added to OpenSSL 1.1.0
+
+=head1 COPYRIGHT
+
+Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License"). You may not use
+this file except in compliance with the License. You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
# define SSL_CTRL_SET_SPLIT_SEND_FRAGMENT 125
# define SSL_CTRL_SET_MAX_PIPELINES 126
# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE 127
+# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB 128
+# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG 129
# define SSL_CERT_SET_FIRST 1
# define SSL_CERT_SET_NEXT 2
# define SSL_CERT_SET_SERVER 3
__owur X509 *SSL_SESSION_get0_peer(SSL_SESSION *s);
__owur int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx,
unsigned int sid_ctx_len);
+__owur int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid,
+ unsigned int sid_len);
__owur SSL_SESSION *SSL_SESSION_new(void);
const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s,
unsigned int *len);
+const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *s,
+ unsigned int *len);
__owur unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s);
# ifndef OPENSSL_NO_STDIO
int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *ses);
# define SSL_F_SSL_SESSION_DUP 348
# define SSL_F_SSL_SESSION_NEW 189
# define SSL_F_SSL_SESSION_PRINT_FP 190
+# define SSL_F_SSL_SESSION_SET1_ID 423
# define SSL_F_SSL_SESSION_SET1_ID_CONTEXT 312
# define SSL_F_SSL_SET_ALPN_PROTOS 344
# define SSL_F_SSL_SET_CERT 191
# define SSL_R_SSL_SECTION_NOT_FOUND 136
# define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED 301
# define SSL_R_SSL_SESSION_ID_CONFLICT 302
+# define SSL_R_SSL_SESSION_ID_TOO_LONG 408
# define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG 273
# define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH 303
# define SSL_R_SSL_SESSION_VERSION_MISMATCH 210
# define SSL_CTX_set_tlsext_ticket_keys(ctx, keys, keylen) \
SSL_CTX_ctrl((ctx),SSL_CTRL_SET_TLSEXT_TICKET_KEYS,(keylen),(keys))
+# define SSL_CTX_get_tlsext_status_cb(ssl, cb) \
+SSL_CTX_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB,0, (void (**)(void))cb)
# define SSL_CTX_set_tlsext_status_cb(ssl, cb) \
SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,(void (*)(void))cb)
+# define SSL_CTX_get_tlsext_status_arg(ssl, arg) \
+SSL_CTX_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg
# define SSL_CTX_set_tlsext_status_arg(ssl, arg) \
SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg)
ctx->tlsext_status_arg = parg;
return 1;
+ case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG:
+ *(void**)parg = ctx->tlsext_status_arg;
+ break;
+
+ case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB:
+ *(int (**)(SSL*, void*))parg = ctx->tlsext_status_cb;
+ break;
+
#ifndef OPENSSL_NO_SRP
case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME:
ctx->srp_ctx.srp_Mask |= SSL_kSRP;
{ERR_FUNC(SSL_F_SSL_SESSION_DUP), "ssl_session_dup"},
{ERR_FUNC(SSL_F_SSL_SESSION_NEW), "SSL_SESSION_new"},
{ERR_FUNC(SSL_F_SSL_SESSION_PRINT_FP), "SSL_SESSION_print_fp"},
+ {ERR_FUNC(SSL_F_SSL_SESSION_SET1_ID), "SSL_SESSION_set1_id"},
{ERR_FUNC(SSL_F_SSL_SESSION_SET1_ID_CONTEXT),
"SSL_SESSION_set1_id_context"},
{ERR_FUNC(SSL_F_SSL_SET_ALPN_PROTOS), "SSL_set_alpn_protos"},
{ERR_REASON(SSL_R_SSL_SESSION_ID_CONFLICT), "ssl session id conflict"},
{ERR_REASON(SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG),
"ssl session id context too long"},
+ {ERR_REASON(SSL_R_SSL_SESSION_ID_TOO_LONG),
+ "ssl session id too long"},
{ERR_REASON(SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH),
"ssl session id has bad length"},
{ERR_REASON(SSL_R_SSL_SESSION_VERSION_MISMATCH),
*len = s->session_id_length;
return s->session_id;
}
+const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *s,
+ unsigned int *len)
+{
+ if (len != NULL)
+ *len = s->sid_ctx_length;
+ return s->sid_ctx;
+}
unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s)
{
return 1;
}
+int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid,
+ unsigned int sid_len)
+{
+ if (sid_len > SSL_MAX_SSL_SESSION_ID_LENGTH) {
+ SSLerr(SSL_F_SSL_SESSION_SET1_ID,
+ SSL_R_SSL_SESSION_ID_TOO_LONG);
+ return 0;
+ }
+ s->session_id_length = sid_len;
+ memcpy(s->session_id, sid, sid_len);
+ return 1;
+}
+
long SSL_SESSION_set_timeout(SSL_SESSION *s, long t)
{
if (s == NULL)
SSL_CTX_dane_clear_flags 402 1_1_0 EXIST::FUNCTION:
SSL_dane_clear_flags 403 1_1_0 EXIST::FUNCTION:
SSL_SESSION_get0_cipher 404 1_1_0 EXIST::FUNCTION:
+SSL_SESSION_get0_id_context 405 1_1_0 EXIST::FUNCTION:
+SSL_SESSION_set1_id 406 1_1_0 EXIST::FUNCTION: