Add warning about unwanted side effect when calling SSL_CTX_free():
sessions in the external session cache might be removed. Submitted by: "Nadav Har'El" <nyh@math.technion.ac.il> PR: 547
This commit is contained in:
Lutz Jänicke
parent
a47789e849
commit
423b1a840c
2 changed files with 18 additions and 6 deletions
|
|
@ -20,12 +20,22 @@ It also calls the free()ing procedures for indirectly affected items, if
|
|||
applicable: the session cache, the list of ciphers, the list of Client CAs,
|
||||
the certificates and keys.
|
||||
|
||||
=head1 WARNINGS
|
||||
|
||||
If a session-remove callback is set (SSL_CTX_sess_set_remove_cb()), this
|
||||
callback will be called for each session being freed from B<ctx>'s
|
||||
session cache. This implies, that all corresponding sessions from an
|
||||
external session cache are removed as well. If this is not desired, the user
|
||||
should explicitly unset the callback by calling
|
||||
SSL_CTX_sess_set_remove_cb(B<ctx>, NULL) prior to calling SSL_CTX_free().
|
||||
|
||||
=head1 RETURN VALUES
|
||||
|
||||
SSL_CTX_free() does not provide diagnostic information.
|
||||
|
||||
=head1 SEE ALSO
|
||||
|
||||
L<SSL_CTX_new(3)|SSL_CTX_new(3)>, L<ssl(3)|ssl(3)>
|
||||
L<SSL_CTX_new(3)|SSL_CTX_new(3)>, L<ssl(3)|ssl(3)>,
|
||||
L<SSL_CTX_sess_set_get_cb(3)|SSL_CTX_sess_set_get_cb(3)>
|
||||
|
||||
=cut
|
||||
|
|
|
|||
|
|
@ -60,10 +60,11 @@ B<sess>. If the callback returns B<0>, the session will be immediately
|
|||
removed again.
|
||||
|
||||
The remove_session_cb() is called, whenever the SSL engine removes a session
|
||||
from the internal cache. This happens if the session is removed because
|
||||
it is expired or when a connection was not shutdown cleanly. The
|
||||
remove_session_cb() is passed the B<ctx> and the ssl session B<sess>.
|
||||
It does not provide any feedback.
|
||||
from the internal cache. This happens when the session is removed because
|
||||
it is expired or when a connection was not shutdown cleanly. It also happens
|
||||
for all sessions in the internal session cache when
|
||||
L<SSL_CTX_free(3)|SSL_CTX_free(3)> is called. The remove_session_cb() is passed
|
||||
the B<ctx> and the ssl session B<sess>. It does not provide any feedback.
|
||||
|
||||
The get_session_cb() is only called on SSL/TLS servers with the session id
|
||||
proposed by the client. The get_session_cb() is always called, also when
|
||||
|
|
@ -80,6 +81,7 @@ L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>.
|
|||
L<ssl(3)|ssl(3)>, L<d2i_SSL_SESSION(3)|d2i_SSL_SESSION(3)>,
|
||||
L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>,
|
||||
L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)>,
|
||||
L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>
|
||||
L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>,
|
||||
L<SSL_CTX_free(3)|SSL_CTX_free(3)>
|
||||
|
||||
=cut
|
||||
|
|
|
|||
Loading…
Reference in a new issue