1 files changed, 156 insertions, 0 deletions
diff --git a/src/lib/libssl/doc/SSL_CTX_sess_set_get_cb.3 b/src/lib/libssl/doc/SSL_CTX_sess_set_get_cb.3
new file mode 100644
index 0000000000..d5c506cec8
--- /dev/null
+++ b/src/lib/libssl/doc/SSL_CTX_sess_set_get_cb.3
@@ -0,0 +1,156 @@
+.Dd $Mdocdate: October 12 2014 $
+.Dt SSL_CTX_SESS_SET_GET_CB 3
+.Os
+.Sh NAME
+.Nm SSL_CTX_sess_set_new_cb ,
+.Nm SSL_CTX_sess_set_remove_cb ,
+.Nm SSL_CTX_sess_set_get_cb ,
+.Nm SSL_CTX_sess_get_new_cb ,
+.Nm SSL_CTX_sess_get_remove_cb ,
+.Nm SSL_CTX_sess_get_get_cb
+.Nd provide callback functions for server side external session caching
+.Sh SYNOPSIS
+.In openssl/ssl.h
+.Ft void
+.Fo SSL_CTX_sess_set_new_cb
+.Fa "SSL_CTX *ctx"
+.Fa "int (*new_session_cb)(SSL *, SSL_SESSION *)"
+.Fc
+.Ft void
+.Fo SSL_CTX_sess_set_remove_cb
+.Fa "SSL_CTX *ctx"
+.Fa "void (*remove_session_cb)(SSL_CTX *ctx, SSL_SESSION *)"
+.Fc
+.Ft void
+.Fo SSL_CTX_sess_set_get_cb
+.Fa "SSL_CTX *ctx"
+.Fa "SSL_SESSION (*get_session_cb)(SSL *, unsigned char *, int, int *)"
+.Fc
+.Ft int
+.Fo "(*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))"
+.Fa "struct ssl_st *ssl"
+.Fa "SSL_SESSION *sess"
+.Fc
+.Ft void
+.Fo "(*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))"
+.Fa "struct ssl_ctx_st *ctx"
+.Fa "SSL_SESSION *sess"
+.Fc
+.Ft SSL_SESSION *
+.Fo "(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))"
+.Fa "struct ssl_st *ssl"
+.Fa "unsigned char *data"
+.Fa "int len"
+.Fa "int *copy"
+.Fc
+.Ft int
+.Fo "(*new_session_cb)"
+.Fa "struct ssl_st *ssl"
+.Fa "SSL_SESSION *sess"
+.Fc
+.Ft void
+.Fo "(*remove_session_cb)"
+.Fa "struct ssl_ctx_st *ctx"
+.Fa "SSL_SESSION *sess"
+.Fc
+.Ft SSL_SESSION *
+.Fo "(*get_session_cb)"
+.Fa "struct ssl_st *ssl"
+.Fa "unsigned char *data"
+.Fa "int len"
+.Fa "int *copy"
+.Fc
+.Sh DESCRIPTION
+.Fn SSL_CTX_sess_set_new_cb
+sets the callback function which is automatically called whenever a new session
+was negotiated.
+.Pp
+.Fn SSL_CTX_sess_set_remove_cb
+sets the callback function which is automatically called whenever a session is
+removed by the SSL engine (because it is considered faulty or the session has
+become obsolete because of exceeding the timeout value).
+.Pp
+.Fn SSL_CTX_sess_set_get_cb
+sets the callback function which is called whenever a SSL/TLS client proposes
+to resume a session but the session cannot be found in the internal session
+cache (see
+.Xr SSL_CTX_set_session_cache_mode 3 ) .
+(SSL/TLS server only.)
+.Pp
+.Fn SSL_CTX_sess_get_new_cb ,
+.Fn SSL_CTX_sess_get_remove_cb ,
+and
+.Fn SSL_CTX_sess_get_get_cb
+retrieve the function pointers of the provided callback functions.
+If a callback function has not been set, the
+.Dv NULL
+pointer is returned.
+.Sh NOTES
+In order to allow external session caching, synchronization with the internal
+session cache is realized via callback functions.
+Inside these callback functions, session can be saved to disk or put into a
+database using the
+.Xr d2i_SSL_SESSION 3
+interface.
+.Pp
+The
+.Fn new_session_cb
+function is called whenever a new session has been negotiated and session
+caching is enabled (see
+.Xr SSL_CTX_set_session_cache_mode 3 ) .
+The
+.Fn new_session_cb
+is passed the
+.Fa ssl
+connection and the ssl session
+.Fa sess .
+If the callback returns 0, the session will be immediately removed again.
+.Pp
+The
+.Fn remove_session_cb
+is called whenever the SSL engine removes a session from the internal cache.
+This happens when the session is removed because it is expired or when a
+connection was not shut down cleanly.
+It also happens for all sessions in the internal session cache when
+.Xr SSL_CTX_free 3
+is called.
+The
+.Fn remove_session_cb
+function is passed the
+.Fa ctx
+and the
+.Vt ssl
+session
+.Fa sess .
+It does not provide any feedback.
+.Pp
+The
+.Fn get_session_cb
+function is only called on SSL/TLS servers with the session id proposed by the
+client.
+The
+.Fn get_session_cb
+function is always called, also when session caching was disabled.
+The
+.Fn get_session_cb
+is passed the
+.Fa ssl
+connection, the session id of length
+.Fa length
+at the memory location
+.Fa data .
+With the parameter
+.Fa copy
+the callback can require the SSL engine to increment the reference count of the
+.Vt SSL_SESSION
+object,
+Normally the reference count is not incremented and therefore the session must
+not be explicitly freed with
+.Xr SSL_SESSION_free 3 .
+.Sh SEE ALSO
+.Xr d2i_SSL_SESSION 3 ,
+.Xr ssl 3 ,
+.Xr SSL_CTX_flush_sessions 3 ,
+.Xr SSL_CTX_free 3 ,
+.Xr SSL_CTX_set_session_cache_mode 3 ,
+.Xr SSL_SESSION_free 3

diff --git a/src/lib/libssl/doc/SSL_CTX_sess_set_get_cb.3 b/src/lib/libssl/doc/SSL_CTX_sess_set_get_cb.3 new file mode 100644 index 0000000000..d5c506cec8 --- /dev/null +++ b/src/lib/libssl/doc/SSL_CTX_sess_set_get_cb.3
@@ -0,0 +1,156 @@
	1	.Dd $Mdocdate: October 12 2014 $
	2	.Dt SSL_CTX_SESS_SET_GET_CB 3
	3	.Os
	4	.Sh NAME
	5	.Nm SSL_CTX_sess_set_new_cb ,
	6	.Nm SSL_CTX_sess_set_remove_cb ,
	7	.Nm SSL_CTX_sess_set_get_cb ,
	8	.Nm SSL_CTX_sess_get_new_cb ,
	9	.Nm SSL_CTX_sess_get_remove_cb ,
	10	.Nm SSL_CTX_sess_get_get_cb
	11	.Nd provide callback functions for server side external session caching
	12	.Sh SYNOPSIS
	13	.In openssl/ssl.h
	14	.Ft void
	15	.Fo SSL_CTX_sess_set_new_cb
	16	.Fa "SSL_CTX *ctx"
	17	.Fa "int (new_session_cb)(SSL , SSL_SESSION *)"
	18	.Fc
	19	.Ft void
	20	.Fo SSL_CTX_sess_set_remove_cb
	21	.Fa "SSL_CTX *ctx"
	22	.Fa "void (remove_session_cb)(SSL_CTX ctx, SSL_SESSION *)"
	23	.Fc
	24	.Ft void
	25	.Fo SSL_CTX_sess_set_get_cb
	26	.Fa "SSL_CTX *ctx"
	27	.Fa "SSL_SESSION (get_session_cb)(SSL , unsigned char , int, int )"
	28	.Fc
	29	.Ft int
	30	.Fo "(SSL_CTX_sess_get_new_cb(SSL_CTX ctx))"
	31	.Fa "struct ssl_st *ssl"
	32	.Fa "SSL_SESSION *sess"
	33	.Fc
	34	.Ft void
	35	.Fo "(SSL_CTX_sess_get_remove_cb(SSL_CTX ctx))"
	36	.Fa "struct ssl_ctx_st *ctx"
	37	.Fa "SSL_SESSION *sess"
	38	.Fc
	39	.Ft SSL_SESSION *
	40	.Fo "(SSL_CTX_sess_get_get_cb(SSL_CTX ctx))"
	41	.Fa "struct ssl_st *ssl"
	42	.Fa "unsigned char *data"
	43	.Fa "int len"
	44	.Fa "int *copy"
	45	.Fc
	46	.Ft int
	47	.Fo "(*new_session_cb)"
	48	.Fa "struct ssl_st *ssl"
	49	.Fa "SSL_SESSION *sess"
	50	.Fc
	51	.Ft void
	52	.Fo "(*remove_session_cb)"
	53	.Fa "struct ssl_ctx_st *ctx"
	54	.Fa "SSL_SESSION *sess"
	55	.Fc
	56	.Ft SSL_SESSION *
	57	.Fo "(*get_session_cb)"
	58	.Fa "struct ssl_st *ssl"
	59	.Fa "unsigned char *data"
	60	.Fa "int len"
	61	.Fa "int *copy"
	62	.Fc
	63	.Sh DESCRIPTION
	64	.Fn SSL_CTX_sess_set_new_cb
	65	sets the callback function which is automatically called whenever a new session
	66	was negotiated.
	67	.Pp
	68	.Fn SSL_CTX_sess_set_remove_cb
	69	sets the callback function which is automatically called whenever a session is
	70	removed by the SSL engine (because it is considered faulty or the session has
	71	become obsolete because of exceeding the timeout value).
	72	.Pp
	73	.Fn SSL_CTX_sess_set_get_cb
	74	sets the callback function which is called whenever a SSL/TLS client proposes
	75	to resume a session but the session cannot be found in the internal session
	76	cache (see
	77	.Xr SSL_CTX_set_session_cache_mode 3 ) .
	78	(SSL/TLS server only.)
	79	.Pp
	80	.Fn SSL_CTX_sess_get_new_cb ,
	81	.Fn SSL_CTX_sess_get_remove_cb ,
	82	and
	83	.Fn SSL_CTX_sess_get_get_cb
	84	retrieve the function pointers of the provided callback functions.
	85	If a callback function has not been set, the
	86	.Dv NULL
	87	pointer is returned.
	88	.Sh NOTES
	89	In order to allow external session caching, synchronization with the internal
	90	session cache is realized via callback functions.
	91	Inside these callback functions, session can be saved to disk or put into a
	92	database using the
	93	.Xr d2i_SSL_SESSION 3
	94	interface.
	95	.Pp
	96	The
	97	.Fn new_session_cb
	98	function is called whenever a new session has been negotiated and session
	99	caching is enabled (see
	100	.Xr SSL_CTX_set_session_cache_mode 3 ) .
	101	The
	102	.Fn new_session_cb
	103	is passed the
	104	.Fa ssl
	105	connection and the ssl session
	106	.Fa sess .
	107	If the callback returns 0, the session will be immediately removed again.
	108	.Pp
	109	The
	110	.Fn remove_session_cb
	111	is called whenever the SSL engine removes a session from the internal cache.
	112	This happens when the session is removed because it is expired or when a
	113	connection was not shut down cleanly.
	114	It also happens for all sessions in the internal session cache when
	115	.Xr SSL_CTX_free 3
	116	is called.
	117	The
	118	.Fn remove_session_cb
	119	function is passed the
	120	.Fa ctx
	121	and the
	122	.Vt ssl
	123	session
	124	.Fa sess .
	125	It does not provide any feedback.
	126	.Pp
	127	The
	128	.Fn get_session_cb
	129	function is only called on SSL/TLS servers with the session id proposed by the
	130	client.
	131	The
	132	.Fn get_session_cb
	133	function is always called, also when session caching was disabled.
	134	The
	135	.Fn get_session_cb
	136	is passed the
	137	.Fa ssl
	138	connection, the session id of length
	139	.Fa length
	140	at the memory location
	141	.Fa data .
	142	With the parameter
	143	.Fa copy
	144	the callback can require the SSL engine to increment the reference count of the
	145	.Vt SSL_SESSION
	146	object,
	147	Normally the reference count is not incremented and therefore the session must
	148	not be explicitly freed with
	149	.Xr SSL_SESSION_free 3 .
	150	.Sh SEE ALSO
	151	.Xr d2i_SSL_SESSION 3 ,
	152	.Xr ssl 3 ,
	153	.Xr SSL_CTX_flush_sessions 3 ,
	154	.Xr SSL_CTX_free 3 ,
	155	.Xr SSL_CTX_set_session_cache_mode 3 ,
	156	.Xr SSL_SESSION_free 3