1 files changed, 97 insertions, 0 deletions
diff --git a/src/lib/libssl/man/SSL_get_session.3 b/src/lib/libssl/man/SSL_get_session.3
new file mode 100644
index 0000000000..03e47c59c2
--- /dev/null
+++ b/src/lib/libssl/man/SSL_get_session.3
@@ -0,0 +1,97 @@
+.\"
+.\"     $OpenBSD: SSL_get_session.3,v 1.1 2016/11/05 15:32:20 schwarze Exp $
+.\"
+.Dd $Mdocdate: November 5 2016 $
+.Dt SSL_GET_SESSION 3
+.Os
+.Sh NAME
+.Nm SSL_get_session ,
+.Nm SSL_get0_session ,
+.Nm SSL_get1_session
+.Nd retrieve TLS/SSL session data
+.Sh SYNOPSIS
+.In openssl/ssl.h
+.Ft SSL_SESSION *
+.Fn SSL_get_session "const SSL *ssl"
+.Ft SSL_SESSION *
+.Fn SSL_get0_session "const SSL *ssl"
+.Ft SSL_SESSION *
+.Fn SSL_get1_session "SSL *ssl"
+.Sh DESCRIPTION
+.Fn SSL_get_session
+returns a pointer to the
+.Vt SSL_SESSION
+actually used in
+.Fa ssl .
+The reference count of the
+.Vt SSL_SESSION
+is not incremented, so that the pointer can become invalid by other operations.
+.Pp
+.Fn SSL_get0_session
+is the same as
+.Fn SSL_get_session .
+.Pp
+.Fn SSL_get1_session
+is the same as
+.Fn SSL_get_session ,
+but the reference count of the
+.Vt SSL_SESSION
+is incremented by one.
+.Sh NOTES
+The
+Fa ssl
+session contains all information required to re-establish the connection
+without a new handshake.
+.Pp
+.Fn SSL_get0_session
+returns a pointer to the actual session.
+As the reference counter is not incremented,
+the pointer is only valid while the connection is in use.
+If
+.Xr SSL_clear 3
+or
+.Xr SSL_free 3
+is called, the session may be removed completely (if considered bad),
+and the pointer obtained will become invalid.
+Even if the session is valid,
+it can be removed at any time due to timeout during
+.Xr SSL_CTX_flush_sessions 3 .
+.Pp
+If the data is to be kept,
+.Fn SSL_get1_session
+will increment the reference count, so that the session will not be implicitly
+removed by other operations but stays in memory.
+In order to remove the session
+.Xr SSL_SESSION_free 3
+must be explicitly called once to decrement the reference count again.
+.Pp
+.Vt SSL_SESSION
+objects keep internal link information about the session cache list when being
+inserted into one
+.Vt SSL_CTX
+object's session cache.
+One
+.Vt SSL_SESSION
+object, regardless of its reference count, must therefore only be used with one
+.Vt SSL_CTX
+object (and the
+.Vt SSL
+objects created from this
+.Vt SSL_CTX
+object).
+.Sh RETURN VALUES
+The following return values can occur:
+.Bl -tag -width Ds
+.It Dv NULL
+There is no session available in
+.Fa ssl .
+.It Pointer to an Vt SSL
+The return value points to the data of an
+.Vt SSL
+session.
+.El
+.Sh SEE ALSO
+.Xr ssl 3 ,
+.Xr SSL_clear 3 ,
+.Xr SSL_free 3 ,
+.Xr SSL_SESSION_free 3

diff --git a/src/lib/libssl/man/SSL_get_session.3 b/src/lib/libssl/man/SSL_get_session.3 new file mode 100644 index 0000000000..03e47c59c2 --- /dev/null +++ b/src/lib/libssl/man/SSL_get_session.3
@@ -0,0 +1,97 @@
	1	.\"
	2	.\" $OpenBSD: SSL_get_session.3,v 1.1 2016/11/05 15:32:20 schwarze Exp $
	3	.\"
	4	.Dd $Mdocdate: November 5 2016 $
	5	.Dt SSL_GET_SESSION 3
	6	.Os
	7	.Sh NAME
	8	.Nm SSL_get_session ,
	9	.Nm SSL_get0_session ,
	10	.Nm SSL_get1_session
	11	.Nd retrieve TLS/SSL session data
	12	.Sh SYNOPSIS
	13	.In openssl/ssl.h
	14	.Ft SSL_SESSION *
	15	.Fn SSL_get_session "const SSL *ssl"
	16	.Ft SSL_SESSION *
	17	.Fn SSL_get0_session "const SSL *ssl"
	18	.Ft SSL_SESSION *
	19	.Fn SSL_get1_session "SSL *ssl"
	20	.Sh DESCRIPTION
	21	.Fn SSL_get_session
	22	returns a pointer to the
	23	.Vt SSL_SESSION
	24	actually used in
	25	.Fa ssl .
	26	The reference count of the
	27	.Vt SSL_SESSION
	28	is not incremented, so that the pointer can become invalid by other operations.
	29	.Pp
	30	.Fn SSL_get0_session
	31	is the same as
	32	.Fn SSL_get_session .
	33	.Pp
	34	.Fn SSL_get1_session
	35	is the same as
	36	.Fn SSL_get_session ,
	37	but the reference count of the
	38	.Vt SSL_SESSION
	39	is incremented by one.
	40	.Sh NOTES
	41	The
	42	Fa ssl
	43	session contains all information required to re-establish the connection
	44	without a new handshake.
	45	.Pp
	46	.Fn SSL_get0_session
	47	returns a pointer to the actual session.
	48	As the reference counter is not incremented,
	49	the pointer is only valid while the connection is in use.
	50	If
	51	.Xr SSL_clear 3
	52	or
	53	.Xr SSL_free 3
	54	is called, the session may be removed completely (if considered bad),
	55	and the pointer obtained will become invalid.
	56	Even if the session is valid,
	57	it can be removed at any time due to timeout during
	58	.Xr SSL_CTX_flush_sessions 3 .
	59	.Pp
	60	If the data is to be kept,
	61	.Fn SSL_get1_session
	62	will increment the reference count, so that the session will not be implicitly
	63	removed by other operations but stays in memory.
	64	In order to remove the session
	65	.Xr SSL_SESSION_free 3
	66	must be explicitly called once to decrement the reference count again.
	67	.Pp
	68	.Vt SSL_SESSION
	69	objects keep internal link information about the session cache list when being
	70	inserted into one
	71	.Vt SSL_CTX
	72	object's session cache.
	73	One
	74	.Vt SSL_SESSION
	75	object, regardless of its reference count, must therefore only be used with one
	76	.Vt SSL_CTX
	77	object (and the
	78	.Vt SSL
	79	objects created from this
	80	.Vt SSL_CTX
	81	object).
	82	.Sh RETURN VALUES
	83	The following return values can occur:
	84	.Bl -tag -width Ds
	85	.It Dv NULL
	86	There is no session available in
	87	.Fa ssl .
	88	.It Pointer to an Vt SSL
	89	The return value points to the data of an
	90	.Vt SSL
	91	session.
	92	.El
	93	.Sh SEE ALSO
	94	.Xr ssl 3 ,
	95	.Xr SSL_clear 3 ,
	96	.Xr SSL_free 3 ,
	97	.Xr SSL_SESSION_free 3