openssl/doc/man3/SSL_CTX_set_tlsext_servername_callback.pod

=pod

=head1 NAME

SSL_CTX_set_tlsext_servername_callback, SSL_CTX_set_tlsext_servername_arg,
SSL_get_servername_type, SSL_get_servername - handle server name indication
(SNI)

=head1 SYNOPSIS

 #include <openssl/ssl.h>

 long SSL_CTX_set_tlsext_servername_callback(SSL_CTX *ctx,
                                   int (*cb)(SSL *, int *, void *));
 long SSL_CTX_set_tlsext_servername_arg(SSL_CTX *ctx, void *arg);

 const char *SSL_get_servername(const SSL *s, const int type);
 int SSL_get_servername_type(const SSL *s);

=head1 DESCRIPTION

The functionality provided by the servername callback is superseded by
the early callback, which can be set using SSL_CTX_set_early_cb().
The servername callback is retained for historical compatibility.

SSL_CTX_set_tlsext_servername_callback() sets the application callback B<cb>
used by a server to perform any actions or configuration required based on
the servername extension received in the incoming connection. When B<cb>
is NULL, SNI is not used. The B<arg> value is a pointer which is passed to
the application callback.

SSL_CTX_set_tlsext_servername_arg() sets a context-specific argument to be
passed into the callback for this B<SSL_CTX>.

SSL_get_servername() returns a servername extension value of the specified
type if provided in the Client Hello or NULL.

SSL_get_servername_type() returns the servername type or -1 if no servername
is present. Currently the only supported type (defined in RFC3546) is
B<TLSEXT_NAMETYPE_host_name>.

=head1 NOTES

Several callbacks are executed during ClientHello processing, including
the early, ALPN, and servername callbacks.  The early callback is executed
first, then the servername callback, followed by the ALPN callback.

=head1 RETURN VALUES

SSL_CTX_set_tlsext_servername_callback() and
SSL_CTX_set_tlsext_servername_arg() both always return 1 indicating success.

=head1 SEE ALSO

L<ssl(7)>, L<SSL_CTX_set_alpn_select_cb(3)>,
L<SSL_get0_alpn_selected(3)>, L<SSL_CTX_set_early_cb(3)>

=head1 COPYRIGHT

Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the OpenSSL license (the "License").  You may not use
this file except in compliance with the License.  You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.

=cut
Add documentation for SNI APIs Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3071) 2017-03-28 22:34:37 +00:00			`=pod`

			`=head1 NAME`

			`SSL_CTX_set_tlsext_servername_callback, SSL_CTX_set_tlsext_servername_arg,`
			`SSL_get_servername_type, SSL_get_servername - handle server name indication`
			`(SNI)`

			`=head1 SYNOPSIS`

			`#include <openssl/ssl.h>`

			`long SSL_CTX_set_tlsext_servername_callback(SSL_CTX *ctx,`
			`int (cb)(SSL , int , void ));`
			`long SSL_CTX_set_tlsext_servername_arg(SSL_CTX ctx, void arg);`

			`const char SSL_get_servername(const SSL s, const int type);`
			`int SSL_get_servername_type(const SSL *s);`

			`=head1 DESCRIPTION`

Add some man page cross-references The old/deprecated servername callback should refer back to the new/preferred early callback mechanism, as well as indicate that it is superseded by the early callback. The early callback should also mention the API for turning the raw cipherlist octets from the client into usable data structures. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3338) 2017-05-02 13:08:08 +00:00			`The functionality provided by the servername callback is superseded by`
			`the early callback, which can be set using SSL_CTX_set_early_cb().`
			`The servername callback is retained for historical compatibility.`

Add documentation for SNI APIs Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3071) 2017-03-28 22:34:37 +00:00			`SSL_CTX_set_tlsext_servername_callback() sets the application callback B<cb>`
			`used by a server to perform any actions or configuration required based on`
			`the servername extension received in the incoming connection. When B<cb>`
			`is NULL, SNI is not used. The B<arg> value is a pointer which is passed to`
			`the application callback.`

			`SSL_CTX_set_tlsext_servername_arg() sets a context-specific argument to be`
			`passed into the callback for this B<SSL_CTX>.`

			`SSL_get_servername() returns a servername extension value of the specified`
			`type if provided in the Client Hello or NULL.`

			`SSL_get_servername_type() returns the servername type or -1 if no servername`
			`is present. Currently the only supported type (defined in RFC3546) is`
			`B<TLSEXT_NAMETYPE_host_name>.`

			`=head1 NOTES`

Add some man page cross-references The old/deprecated servername callback should refer back to the new/preferred early callback mechanism, as well as indicate that it is superseded by the early callback. The early callback should also mention the API for turning the raw cipherlist octets from the client into usable data structures. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3338) 2017-05-02 13:08:08 +00:00			`Several callbacks are executed during ClientHello processing, including`
			`the early, ALPN, and servername callbacks. The early callback is executed`
			`first, then the servername callback, followed by the ALPN callback.`
Add documentation for SNI APIs Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3071) 2017-03-28 22:34:37 +00:00
			`=head1 RETURN VALUES`

			`SSL_CTX_set_tlsext_servername_callback() and`
			`SSL_CTX_set_tlsext_servername_arg() both always return 1 indicating success.`

			`=head1 SEE ALSO`

			`L<ssl(7)>, L<SSL_CTX_set_alpn_select_cb(3)>,`
Add some man page cross-references The old/deprecated servername callback should refer back to the new/preferred early callback mechanism, as well as indicate that it is superseded by the early callback. The early callback should also mention the API for turning the raw cipherlist octets from the client into usable data structures. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3338) 2017-05-02 13:08:08 +00:00			`L<SSL_get0_alpn_selected(3)>, L<SSL_CTX_set_early_cb(3)>`
Add documentation for SNI APIs Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3071) 2017-03-28 22:34:37 +00:00
			`=head1 COPYRIGHT`

			`Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.`

			`Licensed under the OpenSSL license (the "License"). You may not use`
			`this file except in compliance with the License. You can obtain a copy`
			`in the file LICENSE in the source distribution or at`
			`L<https://www.openssl.org/source/license.html>.`

			`=cut`