DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH PRINT BOOK
 

/usr/man/cat.3/SSL_CTX_set_session_id_context.3.Z(/usr/man/cat.3/SSL_CTX_set_session_id_context.3.Z)





NAME

       SSL_CTX_set_session_id_context, SSL_set_session_id_context - set con-
       text within which session can be reused (server side only)


SYNOPSIS

        #include <openssl/ssl.h>

        int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx,
                                           unsigned int sid_ctx_len);
        int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
                                       unsigned int sid_ctx_len);


DESCRIPTION

       SSL_CTX_set_session_id_context() sets the context sid_ctx of length
       sid_ctx_len within which a session can be reused for the ctx object.

       SSL_set_session_id_context() sets the context sid_ctx of length
       sid_ctx_len within which a session can be reused for the ssl object.


NOTES

       Sessions are generated within a certain context. When exporting/import-
       ing sessions with i2d_SSL_SESSION/d2i_SSL_SESSION it would be possible,
       to re-import a session generated from another context (e.g. another
       application), which might lead to malfunctions. Therefore each applica-
       tion must set its own session id context sid_ctx which is used to dis-
       tinguish the contexts and is stored in exported sessions. The sid_ctx
       can be any kind of binary data with a given length, it is therefore
       possible to use e.g. the name of the application and/or the hostname
       and/or service name ...

       The session id context becomes part of the session. The session id con-
       text is set by the SSL/TLS server. The SSL_CTX_set_session_id_context()
       and SSL_set_session_id_context() functions are therefore only useful on
       the server side.

       OpenSSL clients will check the session id context returned by the
       server when reusing a session.

       The maximum length of the sid_ctx is limited to SSL_MAX_SSL_SES-
       SION_ID_LENGTH.


WARNINGS

       If the session id context is not set on an SSL/TLS server and client
       certificates are used, stored sessions will not be reused but a fatal
       error will be flagged and the handshake will fail.

       If a server returns a different session id context to an OpenSSL client
       when reusing a session, an error will be flagged and the handshake will
       fail. OpenSSL servers will always return the correct session id con-
       text, as an OpenSSL server checks the session id context itself before
       reusing a session as described above.


RETURN VALUES

       SSL_CTX_set_session_id_context() and SSL_set_session_id_context()
       return the following values:

       0   The length sid_ctx_len of the session id context sid_ctx exceeded
           the maximum allowed length of SSL_MAX_SSL_SESSION_ID_LENGTH. The
           error is logged to the error stack.

       1   The operation succeeded.


SEE ALSO

       ssl(3)

1.0.2t                            2019-09-10 SSL_CTX_set_session_id_context(3)
See also SSL_set_session_id_context(3)

Man(1) output converted with man2html