OpenSSL: Merge OpenSSL 1.1.1o

[freebsd.git] / secure / lib / libcrypto / man / man3 / SSL_get_session.3

.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.43)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
.    if \nF \{\
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{\
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear.  Run.  Save yourself.  No user-serviceable parts.
.    \" fudge factors for nroff and troff
.if n \{\
.    ds #H 0
.    ds #V .8m
.    ds #F .3m
.    ds #[ \f1
.    ds #] \fP
.\}
.if t \{\
.    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
.    ds #V .6m
.    ds #F 0
.    ds #[ \&
.    ds #] \&
.\}
.    \" simple accents for nroff and troff
.if n \{\
.    ds ' \&
.    ds ` \&
.    ds ^ \&
.    ds , \&
.    ds ~ ~
.    ds /
.\}
.if t \{\
.    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
.    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
.    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
.    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
.    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
.    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
.    \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
.    \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
.    \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
.    ds : e
.    ds 8 ss
.    ds o a
.    ds d- d\h'-1'\(ga
.    ds D- D\h'-1'\(hy
.    ds th \o'bp'
.    ds Th \o'LP'
.    ds ae ae
.    ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "SSL_GET_SESSION 3"
.TH SSL_GET_SESSION 3 "2022-05-03" "1.1.1o" "OpenSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
SSL_get_session, SSL_get0_session, SSL_get1_session \- retrieve TLS/SSL session data
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/ssl.h>
\&
\& SSL_SESSION *SSL_get_session(const SSL *ssl);
\& SSL_SESSION *SSL_get0_session(const SSL *ssl);
\& SSL_SESSION *SSL_get1_session(SSL *ssl);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\fBSSL_get_session()\fR returns a pointer to the \fB\s-1SSL_SESSION\s0\fR actually used in
\&\fBssl\fR. The reference count of the \fB\s-1SSL_SESSION\s0\fR is not incremented, so
that the pointer can become invalid by other operations.
.PP
\&\fBSSL_get0_session()\fR is the same as \fBSSL_get_session()\fR.
.PP
\&\fBSSL_get1_session()\fR is the same as \fBSSL_get_session()\fR, but the reference
count of the \fB\s-1SSL_SESSION\s0\fR is incremented by one.
.SH "NOTES"
.IX Header "NOTES"
The ssl session contains all information required to re-establish the
connection without a full handshake for \s-1SSL\s0 versions up to and including
TLSv1.2. In TLSv1.3 the same is true, but sessions are established after the
main handshake has occurred. The server will send the session information to the
client at a time of its choosing, which may be some while after the initial
connection is established (or never). Calling these functions on the client side
in TLSv1.3 before the session has been established will still return an
\&\s-1SSL_SESSION\s0 object but that object cannot be used for resuming the session. See
\&\fBSSL_SESSION_is_resumable\fR\|(3) for information on how to determine whether an
\&\s-1SSL_SESSION\s0 object can be used for resumption or not.
.PP
Additionally, in TLSv1.3, a server can send multiple messages that establish a
session for a single connection. In that case, on the client side, the above
functions will only return information on the last session that was received. On
the server side they will only return information on the last session that was
sent, or if no session tickets were sent then the session for the current
connection.
.PP
The preferred way for applications to obtain a resumable \s-1SSL_SESSION\s0 object is
to use a new session callback as described in \fBSSL_CTX_sess_set_new_cb\fR\|(3).
The new session callback is only invoked when a session is actually established,
so this avoids the problem described above where an application obtains an
\&\s-1SSL_SESSION\s0 object that cannot be used for resumption in TLSv1.3. It also
enables applications to obtain information about all sessions sent by the
server.
.PP
A session will be automatically removed from the session cache and marked as
non-resumable if the connection is not closed down cleanly, e.g. if a fatal
error occurs on the connection or \fBSSL_shutdown\fR\|(3) is not called prior to
\&\fBSSL_free\fR\|(3).
.PP
In TLSv1.3 it is recommended that each \s-1SSL_SESSION\s0 object is only used for
resumption once.
.PP
\&\fBSSL_get0_session()\fR returns a pointer to the actual session. As the
reference counter is not incremented, the pointer is only valid while
the connection is in use. If \fBSSL_clear\fR\|(3) or
\&\fBSSL_free\fR\|(3) is called, the session may be removed completely
(if considered bad), and the pointer obtained will become invalid. Even
if the session is valid, it can be removed at any time due to timeout
during \fBSSL_CTX_flush_sessions\fR\|(3).
.PP
If the data is to be kept, \fBSSL_get1_session()\fR will increment the reference
count, so that the session will not be implicitly removed by other operations
but stays in memory. In order to remove the session
\&\fBSSL_SESSION_free\fR\|(3) must be explicitly called once
to decrement the reference count again.
.PP
\&\s-1SSL_SESSION\s0 objects keep internal link information about the session cache
list, when being inserted into one \s-1SSL_CTX\s0 object's session cache.
One \s-1SSL_SESSION\s0 object, regardless of its reference count, must therefore
only be used with one \s-1SSL_CTX\s0 object (and the \s-1SSL\s0 objects created
from this \s-1SSL_CTX\s0 object).
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
The following return values can occur:
.IP "\s-1NULL\s0" 4
.IX Item "NULL"
There is no session available in \fBssl\fR.
.IP "Pointer to an \s-1SSL_SESSION\s0" 4
.IX Item "Pointer to an SSL_SESSION"
The return value points to the data of an \s-1SSL\s0 session.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fBssl\fR\|(7), \fBSSL_free\fR\|(3),
\&\fBSSL_clear\fR\|(3),
\&\fBSSL_SESSION_free\fR\|(3)
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the OpenSSL license (the \*(L"License\*(R").  You may not use
this file except in compliance with the License.  You can obtain a copy
in the file \s-1LICENSE\s0 in the source distribution or at
<https://www.openssl.org/source/license.html>.