1 files changed, 30 insertions, 159 deletions
diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c
index ee88be2b88..2ba8b9612e 100644
--- a/src/lib/libssl/ssl_sess.c
+++ b/src/lib/libssl/ssl_sess.c
@@ -122,20 +122,10 @@ SSL_SESSION *SSL_SESSION_new(void)
        ss->prev=NULL;
        ss->next=NULL;
        ss->compress_meth=0;
-#ifndef OPENSSL_NO_TLSEXT
-        ss->tlsext_hostname = NULL; 
-#endif
        CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);
        return(ss);
        }
-const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len)
-        {
-        if(len)
-                *len = s->session_id_length;
-        return s->session_id;
-        }
 /* Even with SSLv2, we have 16 bytes (128 bits) of session ID space. SSLv3/TLSv1
 * has 32 bytes (256 bits). As such, filling the ID with random gunk repeatedly
 * until we have no conflict is going to complete in one iteration pretty much
@@ -151,7 +141,7 @@ static int def_generate_session_id(const SSL *ssl, unsigned char *id,
 {
        unsigned int retry = 0;
        do
-                if (RAND_pseudo_bytes(id, *id_len) <= 0)
+                if(RAND_pseudo_bytes(id, *id_len) <= 0)
                        return 0;
        while(SSL_has_matching_session_id(ssl, id, *id_len) &&
                (++retry < MAX_SESS_ID_ATTEMPTS));
@@ -208,25 +198,12 @@ int ssl_get_new_session(SSL *s, int session)
                        ss->ssl_version=TLS1_VERSION;
                        ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
                        }
-                else if (s->version == DTLS1_VERSION)
-                        {
-                        ss->ssl_version=DTLS1_VERSION;
-                        ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
-                        }
                else
                        {
                        SSLerr(SSL_F_SSL_GET_NEW_SESSION,SSL_R_UNSUPPORTED_SSL_VERSION);
                        SSL_SESSION_free(ss);
                        return(0);
                        }
-#ifndef OPENSSL_NO_TLSEXT
-                /* If RFC4507 ticket use empty session ID */
-                if (s->tlsext_ticket_expected)
-                        {
-                        ss->session_id_length = 0;
-                        goto sess_id_done;
-                        }
-#endif
                /* Choose which callback will set the session ID */
                CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
                if(s->generate_session_id)
@@ -268,17 +245,6 @@ int ssl_get_new_session(SSL *s, int session)
                        SSL_SESSION_free(ss);
                        return(0);
                        }
-#ifndef OPENSSL_NO_TLSEXT
-                sess_id_done:
-                if (s->tlsext_hostname) {
-                        ss->tlsext_hostname = BUF_strdup(s->tlsext_hostname);
-                        if (ss->tlsext_hostname == NULL) {
-                                SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR);
-                                SSL_SESSION_free(ss);
-                                return 0;
-                                }
-                        }
-#endif
                }
        else
                {
@@ -300,41 +266,21 @@ int ssl_get_new_session(SSL *s, int session)
        return(1);
        }
-int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
+int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len)
-                        const unsigned char *limit)
        {
        /* This is used only by servers. */
-        SSL_SESSION *ret=NULL;
+        SSL_SESSION *ret=NULL,data;
        int fatal = 0;
-#ifndef OPENSSL_NO_TLSEXT
-        int r;
+        data.ssl_version=s->version;
-#endif
+        data.session_id_length=len;
-  
        if (len > SSL_MAX_SSL_SESSION_ID_LENGTH)
                goto err;
-#ifndef OPENSSL_NO_TLSEXT
+        memcpy(data.session_id,session_id,len);
-        r = tls1_process_ticket(s, session_id, len, limit, &ret);
-        if (r == -1)
-                {
-                fatal = 1;
-                goto err;
-                }
-        else if (r == 0 || (!ret && !len))
-                goto err;
-        else if (!ret && !(s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP))
-#else
-        if (len == 0)
-                goto err;
        if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP))
-#endif
                {
-                SSL_SESSION data;
-                data.ssl_version=s->version;
-                data.session_id_length=len;
-                if (len == 0)
-                        return 0;
-                memcpy(data.session_id,session_id,len);
                CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
                ret=(SSL_SESSION *)lh_retrieve(s->ctx->sessions,&data);
                if (ret != NULL)
@@ -376,35 +322,33 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
        /* Now ret is non-NULL, and we own one of its reference counts. */
-        if (ret->sid_ctx_length != s->sid_ctx_length
+        if((s->verify_mode&SSL_VERIFY_PEER)
-            || memcmp(ret->sid_ctx,s->sid_ctx,ret->sid_ctx_length))
+           && (!s->sid_ctx_length || ret->sid_ctx_length != s->sid_ctx_length
-                {
+               || memcmp(ret->sid_ctx,s->sid_ctx,ret->sid_ctx_length)))
+            {
                /* We've found the session named by the client, but we don't
                 * want to use it in this context. */
+                
+                if (s->sid_ctx_length == 0)
+                        {
+                        /* application should have used SSL[_CTX]_set_session_id_context
+                         * -- we could tolerate this and just pretend we never heard
+                         * of this session, but then applications could effectively
+                         * disable the session cache by accident without anyone noticing */
+                        SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED);
+                        fatal = 1;
+                        goto err;
+                        }
+                else
+                        {
 #if 0 /* The client cannot always know when a session is not appropriate,
-       * so we shouldn't generate an error message. */
+           * so we shouldn't generate an error message. */
-                SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
+                        SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
 #endif
-                goto err; /* treat like cache miss */
+                        goto err; /* treat like cache miss */
-                }
+                        }
-        
-        if((s->verify_mode & SSL_VERIFY_PEER) && s->sid_ctx_length == 0)
-                {
-                /* We can't be sure if this session is being used out of
-                 * context, which is especially important for SSL_VERIFY_PEER.
-                 * The application should have used SSL[_CTX]_set_session_id_context.
-                 *
-                 * For this error case, we generate an error instead of treating
-                 * the event like a cache miss (otherwise it would be easy for
-                 * applications to effectively disable the session cache by
-                 * accident without anyone noticing).
-                 */
-                
-                SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED);
-                fatal = 1;
-                goto err;
                }
        if (ret->cipher == NULL)
@@ -590,10 +534,6 @@ void SSL_SESSION_free(SSL_SESSION *ss)
        if (ss->sess_cert != NULL) ssl_sess_cert_free(ss->sess_cert);
        if (ss->peer != NULL) X509_free(ss->peer);
        if (ss->ciphers != NULL) sk_SSL_CIPHER_free(ss->ciphers);
-#ifndef OPENSSL_NO_TLSEXT
-        if (ss->tlsext_hostname != NULL) OPENSSL_free(ss->tlsext_hostname);
-        if (ss->tlsext_tick != NULL) OPENSSL_free(ss->tlsext_tick);
-#endif
        OPENSSL_cleanse(ss,sizeof(*ss));
        OPENSSL_free(ss);
        }
@@ -628,7 +568,7 @@ int SSL_set_session(SSL *s, SSL_SESSION *session)
                if (s->kssl_ctx && !s->kssl_ctx->client_princ &&
                    session->krb5_client_princ_len > 0)
                {
-                    s->kssl_ctx->client_princ = (char *)OPENSSL_malloc(session->krb5_client_princ_len + 1);
+                    s->kssl_ctx->client_princ = (char *)malloc(session->krb5_client_princ_len + 1);
                    memcpy(s->kssl_ctx->client_princ,session->krb5_client_princ,
                            session->krb5_client_princ_len);
                    s->kssl_ctx->client_princ[session->krb5_client_princ_len] = '\0';
@@ -813,72 +753,3 @@ static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s)
                }
        }
-void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,
-        int (*cb)(struct ssl_st *ssl,SSL_SESSION *sess))
-        {
-        ctx->new_session_cb=cb;
-        }
-int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(SSL *ssl, SSL_SESSION *sess)
-        {
-        return ctx->new_session_cb;
-        }
-void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx,
-        void (*cb)(SSL_CTX *ctx,SSL_SESSION *sess))
-        {
-        ctx->remove_session_cb=cb;
-        }
-void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(SSL_CTX * ctx,SSL_SESSION *sess)
-        {
-        return ctx->remove_session_cb;
-        }
-void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx,
-        SSL_SESSION *(*cb)(struct ssl_st *ssl,
-                 unsigned char *data,int len,int *copy))
-        {
-        ctx->get_session_cb=cb;
-        }
-SSL_SESSION * (*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(SSL *ssl,
-                 unsigned char *data,int len,int *copy)
-        {
-        return ctx->get_session_cb;
-        }
-void SSL_CTX_set_info_callback(SSL_CTX *ctx, 
-        void (*cb)(const SSL *ssl,int type,int val))
-        {
-        ctx->info_callback=cb;
-        }
-void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int val)
-        {
-        return ctx->info_callback;
-        }
-void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx,
-        int (*cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey))
-        {
-        ctx->client_cert_cb=cb;
-        }
-int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL * ssl, X509 ** x509 , EVP_PKEY **pkey)
-        {
-        return ctx->client_cert_cb;
-        }
-void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx,
-        int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len))
-        {
-        ctx->app_gen_cookie_cb=cb;
-        }
-void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx,
-        int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len))
-        {
-        ctx->app_verify_cookie_cb=cb;
-        }

diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c index ee88be2b88..2ba8b9612e 100644 --- a/src/lib/libssl/ssl_sess.c +++ b/src/lib/libssl/ssl_sess.c
@@ -122,20 +122,10 @@ SSL_SESSION *SSL_SESSION_new(void)
122	ss->prev=NULL;	122	ss->prev=NULL;
123	ss->next=NULL;	123	ss->next=NULL;
124	ss->compress_meth=0;	124	ss->compress_meth=0;
125	#ifndef OPENSSL_NO_TLSEXT
126	ss->tlsext_hostname = NULL;
127	#endif
128	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);	125	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);
129	return(ss);	126	return(ss);
130	}	127	}
131		128
132	const unsigned char SSL_SESSION_get_id(const SSL_SESSION s, unsigned int *len)
133	{
134	if(len)
135	*len = s->session_id_length;
136	return s->session_id;
137	}
138
139	/* Even with SSLv2, we have 16 bytes (128 bits) of session ID space. SSLv3/TLSv1	129	/* Even with SSLv2, we have 16 bytes (128 bits) of session ID space. SSLv3/TLSv1
140	* has 32 bytes (256 bits). As such, filling the ID with random gunk repeatedly	130	* has 32 bytes (256 bits). As such, filling the ID with random gunk repeatedly
141	* until we have no conflict is going to complete in one iteration pretty much	131	* until we have no conflict is going to complete in one iteration pretty much
@@ -151,7 +141,7 @@ static int def_generate_session_id(const SSL ssl, unsigned char id,
151	{	141	{
152	unsigned int retry = 0;	142	unsigned int retry = 0;
153	do	143	do
154	if (RAND_pseudo_bytes(id, *id_len) <= 0)	144	if(RAND_pseudo_bytes(id, *id_len) <= 0)
155	return 0;	145	return 0;
156	while(SSL_has_matching_session_id(ssl, id, *id_len) &&	146	while(SSL_has_matching_session_id(ssl, id, *id_len) &&
157	(++retry < MAX_SESS_ID_ATTEMPTS));	147	(++retry < MAX_SESS_ID_ATTEMPTS));
@@ -208,25 +198,12 @@ int ssl_get_new_session(SSL *s, int session)
208	ss->ssl_version=TLS1_VERSION;	198	ss->ssl_version=TLS1_VERSION;
209	ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;	199	ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
210	}	200	}
211	else if (s->version == DTLS1_VERSION)
212	{
213	ss->ssl_version=DTLS1_VERSION;
214	ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
215	}
216	else	201	else
217	{	202	{
218	SSLerr(SSL_F_SSL_GET_NEW_SESSION,SSL_R_UNSUPPORTED_SSL_VERSION);	203	SSLerr(SSL_F_SSL_GET_NEW_SESSION,SSL_R_UNSUPPORTED_SSL_VERSION);
219	SSL_SESSION_free(ss);	204	SSL_SESSION_free(ss);
220	return(0);	205	return(0);
221	}	206	}
222	#ifndef OPENSSL_NO_TLSEXT
223	/* If RFC4507 ticket use empty session ID */
224	if (s->tlsext_ticket_expected)
225	{
226	ss->session_id_length = 0;
227	goto sess_id_done;
228	}
229	#endif
230	/* Choose which callback will set the session ID */	207	/* Choose which callback will set the session ID */
231	CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);	208	CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
232	if(s->generate_session_id)	209	if(s->generate_session_id)
@@ -268,17 +245,6 @@ int ssl_get_new_session(SSL *s, int session)
268	SSL_SESSION_free(ss);	245	SSL_SESSION_free(ss);
269	return(0);	246	return(0);
270	}	247	}
271	#ifndef OPENSSL_NO_TLSEXT
272	sess_id_done:
273	if (s->tlsext_hostname) {
274	ss->tlsext_hostname = BUF_strdup(s->tlsext_hostname);
275	if (ss->tlsext_hostname == NULL) {
276	SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR);
277	SSL_SESSION_free(ss);
278	return 0;
279	}
280	}
281	#endif
282	}	248	}
283	else	249	else
284	{	250	{
@@ -300,41 +266,21 @@ int ssl_get_new_session(SSL *s, int session)
300	return(1);	266	return(1);
301	}	267	}
302		268
303	int ssl_get_prev_session(SSL s, unsigned char session_id, int len,	269	int ssl_get_prev_session(SSL s, unsigned char session_id, int len)
304	const unsigned char *limit)
305	{	270	{
306	/* This is used only by servers. */	271	/* This is used only by servers. */
307		272
308	SSL_SESSION *ret=NULL;	273	SSL_SESSION *ret=NULL,data;
309	int fatal = 0;	274	int fatal = 0;
310	#ifndef OPENSSL_NO_TLSEXT	275
311	int r;	276	data.ssl_version=s->version;
312	#endif	277	data.session_id_length=len;
313
314	if (len > SSL_MAX_SSL_SESSION_ID_LENGTH)	278	if (len > SSL_MAX_SSL_SESSION_ID_LENGTH)
315	goto err;	279	goto err;
316	#ifndef OPENSSL_NO_TLSEXT	280	memcpy(data.session_id,session_id,len);
317	r = tls1_process_ticket(s, session_id, len, limit, &ret);	281
318	if (r == -1)
319	{
320	fatal = 1;
321	goto err;
322	}
323	else if (r == 0 \|\| (!ret && !len))
324	goto err;
325	else if (!ret && !(s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP))
326	#else
327	if (len == 0)
328	goto err;
329	if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP))	282	if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP))
330	#endif
331	{	283	{
332	SSL_SESSION data;
333	data.ssl_version=s->version;
334	data.session_id_length=len;
335	if (len == 0)
336	return 0;
337	memcpy(data.session_id,session_id,len);
338	CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);	284	CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
339	ret=(SSL_SESSION *)lh_retrieve(s->ctx->sessions,&data);	285	ret=(SSL_SESSION *)lh_retrieve(s->ctx->sessions,&data);
340	if (ret != NULL)	286	if (ret != NULL)
@@ -376,35 +322,33 @@ int ssl_get_prev_session(SSL s, unsigned char session_id, int len,
376		322
377	/* Now ret is non-NULL, and we own one of its reference counts. */	323	/* Now ret is non-NULL, and we own one of its reference counts. */
378		324
379	if (ret->sid_ctx_length != s->sid_ctx_length	325	if((s->verify_mode&SSL_VERIFY_PEER)
380	\|\| memcmp(ret->sid_ctx,s->sid_ctx,ret->sid_ctx_length))	326	&& (!s->sid_ctx_length \|\| ret->sid_ctx_length != s->sid_ctx_length
381	{	327	\|\| memcmp(ret->sid_ctx,s->sid_ctx,ret->sid_ctx_length)))
		328	{
382	/* We've found the session named by the client, but we don't	329	/* We've found the session named by the client, but we don't
383	* want to use it in this context. */	330	* want to use it in this context. */
		331
		332	if (s->sid_ctx_length == 0)
		333	{
		334	/* application should have used SSL[_CTX]_set_session_id_context
		335	* -- we could tolerate this and just pretend we never heard
		336	* of this session, but then applications could effectively
		337	* disable the session cache by accident without anyone noticing */
384		338
		339	SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED);
		340	fatal = 1;
		341	goto err;
		342	}
		343	else
		344	{
385	#if 0 /* The client cannot always know when a session is not appropriate,	345	#if 0 /* The client cannot always know when a session is not appropriate,
386	* so we shouldn't generate an error message. */	346	* so we shouldn't generate an error message. */
387		347
388	SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);	348	SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
389	#endif	349	#endif
390	goto err; /* treat like cache miss */	350	goto err; /* treat like cache miss */
391	}	351	}
392
393	if((s->verify_mode & SSL_VERIFY_PEER) && s->sid_ctx_length == 0)
394	{
395	/* We can't be sure if this session is being used out of
396	* context, which is especially important for SSL_VERIFY_PEER.
397	* The application should have used SSL[_CTX]_set_session_id_context.
398	*
399	* For this error case, we generate an error instead of treating
400	* the event like a cache miss (otherwise it would be easy for
401	* applications to effectively disable the session cache by
402	* accident without anyone noticing).
403	*/
404
405	SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED);
406	fatal = 1;
407	goto err;
408	}	352	}
409		353
410	if (ret->cipher == NULL)	354	if (ret->cipher == NULL)
@@ -590,10 +534,6 @@ void SSL_SESSION_free(SSL_SESSION *ss)
590	if (ss->sess_cert != NULL) ssl_sess_cert_free(ss->sess_cert);	534	if (ss->sess_cert != NULL) ssl_sess_cert_free(ss->sess_cert);
591	if (ss->peer != NULL) X509_free(ss->peer);	535	if (ss->peer != NULL) X509_free(ss->peer);
592	if (ss->ciphers != NULL) sk_SSL_CIPHER_free(ss->ciphers);	536	if (ss->ciphers != NULL) sk_SSL_CIPHER_free(ss->ciphers);
593	#ifndef OPENSSL_NO_TLSEXT
594	if (ss->tlsext_hostname != NULL) OPENSSL_free(ss->tlsext_hostname);
595	if (ss->tlsext_tick != NULL) OPENSSL_free(ss->tlsext_tick);
596	#endif
597	OPENSSL_cleanse(ss,sizeof(*ss));	537	OPENSSL_cleanse(ss,sizeof(*ss));
598	OPENSSL_free(ss);	538	OPENSSL_free(ss);
599	}	539	}
@@ -628,7 +568,7 @@ int SSL_set_session(SSL s, SSL_SESSION session)
628	if (s->kssl_ctx && !s->kssl_ctx->client_princ &&	568	if (s->kssl_ctx && !s->kssl_ctx->client_princ &&
629	session->krb5_client_princ_len > 0)	569	session->krb5_client_princ_len > 0)
630	{	570	{
631	s->kssl_ctx->client_princ = (char *)OPENSSL_malloc(session->krb5_client_princ_len + 1);	571	s->kssl_ctx->client_princ = (char *)malloc(session->krb5_client_princ_len + 1);
632	memcpy(s->kssl_ctx->client_princ,session->krb5_client_princ,	572	memcpy(s->kssl_ctx->client_princ,session->krb5_client_princ,
633	session->krb5_client_princ_len);	573	session->krb5_client_princ_len);
634	s->kssl_ctx->client_princ[session->krb5_client_princ_len] = '\0';	574	s->kssl_ctx->client_princ[session->krb5_client_princ_len] = '\0';
@@ -813,72 +753,3 @@ static void SSL_SESSION_list_add(SSL_CTX ctx, SSL_SESSION s)
813	}	753	}
814	}	754	}
815		755
816	void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,
817	int (cb)(struct ssl_st ssl,SSL_SESSION *sess))
818	{
819	ctx->new_session_cb=cb;
820	}
821
822	int (SSL_CTX_sess_get_new_cb(SSL_CTX ctx))(SSL ssl, SSL_SESSION sess)
823	{
824	return ctx->new_session_cb;
825	}
826
827	void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx,
828	void (cb)(SSL_CTX ctx,SSL_SESSION *sess))
829	{
830	ctx->remove_session_cb=cb;
831	}
832
833	void (SSL_CTX_sess_get_remove_cb(SSL_CTX ctx))(SSL_CTX * ctx,SSL_SESSION *sess)
834	{
835	return ctx->remove_session_cb;
836	}
837
838	void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx,
839	SSL_SESSION (cb)(struct ssl_st *ssl,
840	unsigned char data,int len,int copy))
841	{
842	ctx->get_session_cb=cb;
843	}
844
845	SSL_SESSION * (SSL_CTX_sess_get_get_cb(SSL_CTX ctx))(SSL *ssl,
846	unsigned char data,int len,int copy)
847	{
848	return ctx->get_session_cb;
849	}
850
851	void SSL_CTX_set_info_callback(SSL_CTX *ctx,
852	void (cb)(const SSL ssl,int type,int val))
853	{
854	ctx->info_callback=cb;
855	}
856
857	void (SSL_CTX_get_info_callback(SSL_CTX ctx))(const SSL *ssl,int type,int val)
858	{
859	return ctx->info_callback;
860	}
861
862	void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx,
863	int (cb)(SSL ssl, X509 x509, EVP_PKEY pkey))
864	{
865	ctx->client_cert_cb=cb;
866	}
867
868	int (SSL_CTX_get_client_cert_cb(SSL_CTX ctx))(SSL * ssl, X509 x509 , EVP_PKEY pkey)
869	{
870	return ctx->client_cert_cb;
871	}
872
873	void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx,
874	int (cb)(SSL ssl, unsigned char cookie, unsigned int cookie_len))
875	{
876	ctx->app_gen_cookie_cb=cb;
877	}
878
879	void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx,
880	int (cb)(SSL ssl, unsigned char *cookie, unsigned int cookie_len))
881	{
882	ctx->app_verify_cookie_cb=cb;
883	}
884