Upgrade to OpenSSL 0.9.8h.
[dragonfly.git] / secure / lib / libssl / man / SSL_CTX_set_session_id_context.3
CommitLineData
aac4ff6f 1.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32
e056f0e0
JR
2.\"
3.\" Standard preamble:
4.\" ========================================================================
5.de Sh \" Subsection heading
984263bc
MD
6.br
7.if t .Sp
8.ne 5
9.PP
10\fB\\$1\fR
11.PP
12..
e056f0e0 13.de Sp \" Vertical space (when we can't use .PP)
984263bc
MD
14.if t .sp .5v
15.if n .sp
16..
e056f0e0 17.de Vb \" Begin verbatim text
984263bc
MD
18.ft CW
19.nf
20.ne \\$1
21..
e056f0e0 22.de Ve \" End verbatim text
984263bc 23.ft R
984263bc
MD
24.fi
25..
e056f0e0
JR
26.\" Set up some character translations and predefined strings. \*(-- will
27.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
aac4ff6f
PA
28.\" double quote, and \*(R" will give a right double quote. | will give a
29.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to
30.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C'
31.\" expand to `' in nroff, nothing in troff, for use with C<>.
32.tr \(*W-|\(bv\*(Tr
e056f0e0 33.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
984263bc 34.ie n \{\
e056f0e0
JR
35. ds -- \(*W-
36. ds PI pi
37. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
38. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
39. ds L" ""
40. ds R" ""
41. ds C` ""
42. ds C' ""
984263bc
MD
43'br\}
44.el\{\
e056f0e0
JR
45. ds -- \|\(em\|
46. ds PI \(*p
47. ds L" ``
48. ds R" ''
984263bc 49'br\}
e056f0e0
JR
50.\"
51.\" If the F register is turned on, we'll generate index entries on stderr for
52.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index
53.\" entries marked with X<> in POD. Of course, you'll have to process the
54.\" output yourself in some meaningful fashion.
55.if \nF \{\
56. de IX
57. tm Index:\\$1\t\\n%\t"\\$2"
984263bc 58..
e056f0e0
JR
59. nr % 0
60. rr F
984263bc 61.\}
e056f0e0 62.\"
aac4ff6f
PA
63.\" For nroff, turn off justification. Always turn off hyphenation; it makes
64.\" way too many mistakes in technical documents.
65.hy 0
66.if n .na
67.\"
e056f0e0
JR
68.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
69.\" Fear. Run. Save yourself. No user-serviceable parts.
70. \" fudge factors for nroff and troff
984263bc 71.if n \{\
e056f0e0
JR
72. ds #H 0
73. ds #V .8m
74. ds #F .3m
75. ds #[ \f1
76. ds #] \fP
984263bc
MD
77.\}
78.if t \{\
e056f0e0
JR
79. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
80. ds #V .6m
81. ds #F 0
82. ds #[ \&
83. ds #] \&
984263bc 84.\}
e056f0e0 85. \" simple accents for nroff and troff
984263bc 86.if n \{\
e056f0e0
JR
87. ds ' \&
88. ds ` \&
89. ds ^ \&
90. ds , \&
91. ds ~ ~
92. ds /
984263bc
MD
93.\}
94.if t \{\
e056f0e0
JR
95. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
96. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
97. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
98. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
99. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
100. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
984263bc 101.\}
e056f0e0 102. \" troff and (daisy-wheel) nroff accents
984263bc
MD
103.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
104.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
105.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
106.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
107.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
108.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
109.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
110.ds ae a\h'-(\w'a'u*4/10)'e
111.ds Ae A\h'-(\w'A'u*4/10)'E
e056f0e0 112. \" corrections for vroff
984263bc
MD
113.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
114.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
e056f0e0 115. \" for low resolution devices (crt and lpr)
984263bc
MD
116.if \n(.H>23 .if \n(.V>19 \
117\{\
e056f0e0
JR
118. ds : e
119. ds 8 ss
120. ds o a
121. ds d- d\h'-1'\(ga
122. ds D- D\h'-1'\(hy
123. ds th \o'bp'
124. ds Th \o'LP'
125. ds ae ae
126. ds Ae AE
984263bc
MD
127.\}
128.rm #[ #] #H #V #F C
e056f0e0
JR
129.\" ========================================================================
130.\"
131.IX Title "SSL_CTX_set_session_id_context 3"
aac4ff6f 132.TH SSL_CTX_set_session_id_context 3 "2008-09-06" "0.9.8h" "OpenSSL"
984263bc
MD
133.SH "NAME"
134SSL_CTX_set_session_id_context, SSL_set_session_id_context \- set context within which session can be reused (server side only)
135.SH "SYNOPSIS"
e056f0e0 136.IX Header "SYNOPSIS"
984263bc
MD
137.Vb 1
138\& #include <openssl/ssl.h>
aac4ff6f
PA
139.Ve
140.PP
141.Vb 4
984263bc
MD
142\& int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx,
143\& unsigned int sid_ctx_len);
144\& int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
145\& unsigned int sid_ctx_len);
146.Ve
147.SH "DESCRIPTION"
e056f0e0
JR
148.IX Header "DESCRIPTION"
149\&\fISSL_CTX_set_session_id_context()\fR sets the context \fBsid_ctx\fR of length
150\&\fBsid_ctx_len\fR within which a session can be reused for the \fBctx\fR object.
984263bc 151.PP
e056f0e0
JR
152\&\fISSL_set_session_id_context()\fR sets the context \fBsid_ctx\fR of length
153\&\fBsid_ctx_len\fR within which a session can be reused for the \fBssl\fR object.
984263bc 154.SH "NOTES"
e056f0e0 155.IX Header "NOTES"
984263bc
MD
156Sessions are generated within a certain context. When exporting/importing
157sessions with \fBi2d_SSL_SESSION\fR/\fBd2i_SSL_SESSION\fR it would be possible,
158to re-import a session generated from another context (e.g. another
159application), which might lead to malfunctions. Therefore each application
160must set its own session id context \fBsid_ctx\fR which is used to distinguish
161the contexts and is stored in exported sessions. The \fBsid_ctx\fR can be
162any kind of binary data with a given length, it is therefore possible
163to use e.g. the name of the application and/or the hostname and/or service
164name ...
165.PP
166The session id context becomes part of the session. The session id context
e056f0e0
JR
167is set by the \s-1SSL/TLS\s0 server. The \fISSL_CTX_set_session_id_context()\fR and
168\&\fISSL_set_session_id_context()\fR functions are therefore only useful on the
984263bc
MD
169server side.
170.PP
171OpenSSL clients will check the session id context returned by the server
172when reusing a session.
173.PP
174The maximum length of the \fBsid_ctx\fR is limited to
e056f0e0 175\&\fB\s-1SSL_MAX_SSL_SESSION_ID_LENGTH\s0\fR.
984263bc 176.SH "WARNINGS"
e056f0e0
JR
177.IX Header "WARNINGS"
178If the session id context is not set on an \s-1SSL/TLS\s0 server and client
179certificates are used, stored sessions
984263bc
MD
180will not be reused but a fatal error will be flagged and the handshake
181will fail.
182.PP
183If a server returns a different session id context to an OpenSSL client
184when reusing a session, an error will be flagged and the handshake will
185fail. OpenSSL servers will always return the correct session id context,
186as an OpenSSL server checks the session id context itself before reusing
187a session as described above.
188.SH "RETURN VALUES"
e056f0e0
JR
189.IX Header "RETURN VALUES"
190\&\fISSL_CTX_set_session_id_context()\fR and \fISSL_set_session_id_context()\fR
984263bc 191return the following values:
e056f0e0 192.IP "0" 4
984263bc
MD
193The length \fBsid_ctx_len\fR of the session id context \fBsid_ctx\fR exceeded
194the maximum allowed length of \fB\s-1SSL_MAX_SSL_SESSION_ID_LENGTH\s0\fR. The error
195is logged to the error stack.
e056f0e0
JR
196.IP "1" 4
197.IX Item "1"
984263bc
MD
198The operation succeeded.
199.SH "SEE ALSO"
a7d27d5a 200.IX Header "SEE ALSO"
e056f0e0 201\&\fIssl\fR\|(3)