Add warning about unwanted side effect when calling SSL_CTX_free():

sessions in the external session cache might be removed.
Submitted by: "Nadav Har'El" <nyh@math.technion.ac.il>

PR: 547
This commit is contained in:
Lutz Jänicke 2003-03-27 22:04:05 +00:00
parent a47789e849
commit 423b1a840c
2 changed files with 18 additions and 6 deletions

View file

@ -20,12 +20,22 @@ It also calls the free()ing procedures for indirectly affected items, if
applicable: the session cache, the list of ciphers, the list of Client CAs,
the certificates and keys.
=head1 WARNINGS
If a session-remove callback is set (SSL_CTX_sess_set_remove_cb()), this
callback will be called for each session being freed from B<ctx>'s
session cache. This implies, that all corresponding sessions from an
external session cache are removed as well. If this is not desired, the user
should explicitly unset the callback by calling
SSL_CTX_sess_set_remove_cb(B<ctx>, NULL) prior to calling SSL_CTX_free().
=head1 RETURN VALUES
SSL_CTX_free() does not provide diagnostic information.
=head1 SEE ALSO
L<SSL_CTX_new(3)|SSL_CTX_new(3)>, L<ssl(3)|ssl(3)>
L<SSL_CTX_new(3)|SSL_CTX_new(3)>, L<ssl(3)|ssl(3)>,
L<SSL_CTX_sess_set_get_cb(3)|SSL_CTX_sess_set_get_cb(3)>
=cut

View file

@ -60,10 +60,11 @@ B<sess>. If the callback returns B<0>, the session will be immediately
removed again.
The remove_session_cb() is called, whenever the SSL engine removes a session
from the internal cache. This happens if the session is removed because
it is expired or when a connection was not shutdown cleanly. The
remove_session_cb() is passed the B<ctx> and the ssl session B<sess>.
It does not provide any feedback.
from the internal cache. This happens when the session is removed because
it is expired or when a connection was not shutdown cleanly. It also happens
for all sessions in the internal session cache when
L<SSL_CTX_free(3)|SSL_CTX_free(3)> is called. The remove_session_cb() is passed
the B<ctx> and the ssl session B<sess>. It does not provide any feedback.
The get_session_cb() is only called on SSL/TLS servers with the session id
proposed by the client. The get_session_cb() is always called, also when
@ -80,6 +81,7 @@ L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>.
L<ssl(3)|ssl(3)>, L<d2i_SSL_SESSION(3)|d2i_SSL_SESSION(3)>,
L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>,
L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)>,
L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>
L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>,
L<SSL_CTX_free(3)|SSL_CTX_free(3)>
=cut