125 lines
4.6 KiB
HTML
Executable File
125 lines
4.6 KiB
HTML
Executable File
<?xml version="1.0" ?>
|
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
|
|
<html xmlns="http://www.w3.org/1999/xhtml">
|
|
<head>
|
|
<title>SSL_CTX_set_session_id_context</title>
|
|
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
|
|
<link rev="made" href="mailto:root@localhost" />
|
|
</head>
|
|
|
|
<body style="background-color: white">
|
|
|
|
|
|
<!-- INDEX BEGIN -->
|
|
<div name="index">
|
|
<p><a name="__index__"></a></p>
|
|
|
|
<ul>
|
|
|
|
<li><a href="#name">NAME</a></li>
|
|
<li><a href="#synopsis">SYNOPSIS</a></li>
|
|
<li><a href="#description">DESCRIPTION</a></li>
|
|
<li><a href="#notes">NOTES</a></li>
|
|
<li><a href="#warnings">WARNINGS</a></li>
|
|
<li><a href="#return_values">RETURN VALUES</a></li>
|
|
<li><a href="#see_also">SEE ALSO</a></li>
|
|
<li><a href="#copyright">COPYRIGHT</a></li>
|
|
</ul>
|
|
|
|
<hr name="index" />
|
|
</div>
|
|
<!-- INDEX END -->
|
|
|
|
<p>
|
|
</p>
|
|
<hr />
|
|
<h1><a name="name">NAME</a></h1>
|
|
<p>SSL_CTX_set_session_id_context, SSL_set_session_id_context - set context within which session can be reused (server side only)</p>
|
|
<p>
|
|
</p>
|
|
<hr />
|
|
<h1><a name="synopsis">SYNOPSIS</a></h1>
|
|
<pre>
|
|
#include <openssl/ssl.h></pre>
|
|
<pre>
|
|
int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx,
|
|
unsigned int sid_ctx_len);
|
|
int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
|
|
unsigned int sid_ctx_len);</pre>
|
|
<p>
|
|
</p>
|
|
<hr />
|
|
<h1><a name="description">DESCRIPTION</a></h1>
|
|
<p><code>SSL_CTX_set_session_id_context()</code> sets the context <strong>sid_ctx</strong> of length
|
|
<strong>sid_ctx_len</strong> within which a session can be reused for the <strong>ctx</strong> object.</p>
|
|
<p><code>SSL_set_session_id_context()</code> sets the context <strong>sid_ctx</strong> of length
|
|
<strong>sid_ctx_len</strong> within which a session can be reused for the <strong>ssl</strong> object.</p>
|
|
<p>
|
|
</p>
|
|
<hr />
|
|
<h1><a name="notes">NOTES</a></h1>
|
|
<p>Sessions are generated within a certain context. When exporting/importing
|
|
sessions with <strong>i2d_SSL_SESSION</strong>/<strong>d2i_SSL_SESSION</strong> it would be possible,
|
|
to re-import a session generated from another context (e.g. another
|
|
application), which might lead to malfunctions. Therefore each application
|
|
must set its own session id context <strong>sid_ctx</strong> which is used to distinguish
|
|
the contexts and is stored in exported sessions. The <strong>sid_ctx</strong> can be
|
|
any kind of binary data with a given length, it is therefore possible
|
|
to use e.g. the name of the application and/or the hostname and/or service
|
|
name ...</p>
|
|
<p>The session id context becomes part of the session. The session id context
|
|
is set by the SSL/TLS server. The <code>SSL_CTX_set_session_id_context()</code> and
|
|
<code>SSL_set_session_id_context()</code> functions are therefore only useful on the
|
|
server side.</p>
|
|
<p>OpenSSL clients will check the session id context returned by the server
|
|
when reusing a session.</p>
|
|
<p>The maximum length of the <strong>sid_ctx</strong> is limited to
|
|
<strong>SSL_MAX_SID_CTX_LENGTH</strong>.</p>
|
|
<p>
|
|
</p>
|
|
<hr />
|
|
<h1><a name="warnings">WARNINGS</a></h1>
|
|
<p>If the session id context is not set on an SSL/TLS server and client
|
|
certificates are used, stored sessions
|
|
will not be reused but a fatal error will be flagged and the handshake
|
|
will fail.</p>
|
|
<p>If a server returns a different session id context to an OpenSSL client
|
|
when reusing a session, an error will be flagged and the handshake will
|
|
fail. OpenSSL servers will always return the correct session id context,
|
|
as an OpenSSL server checks the session id context itself before reusing
|
|
a session as described above.</p>
|
|
<p>
|
|
</p>
|
|
<hr />
|
|
<h1><a name="return_values">RETURN VALUES</a></h1>
|
|
<p><code>SSL_CTX_set_session_id_context()</code> and <code>SSL_set_session_id_context()</code>
|
|
return the following values:</p>
|
|
<ol>
|
|
<li>
|
|
<p>The length <strong>sid_ctx_len</strong> of the session id context <strong>sid_ctx</strong> exceeded
|
|
the maximum allowed length of <strong>SSL_MAX_SID_CTX_LENGTH</strong>. The error
|
|
is logged to the error stack.</p>
|
|
</li>
|
|
<li>
|
|
<p>The operation succeeded.</p>
|
|
</li>
|
|
</ol>
|
|
<p>
|
|
</p>
|
|
<hr />
|
|
<h1><a name="see_also">SEE ALSO</a></h1>
|
|
<p><em>ssl(7)</em></p>
|
|
<p>
|
|
</p>
|
|
<hr />
|
|
<h1><a name="copyright">COPYRIGHT</a></h1>
|
|
<p>Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.</p>
|
|
<p>Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
this file except in compliance with the License. You can obtain a copy
|
|
in the file LICENSE in the source distribution or at
|
|
<a href="https://www.openssl.org/source/license.html">https://www.openssl.org/source/license.html</a>.</p>
|
|
|
|
</body>
|
|
|
|
</html>
|