| SSL_CTX_ADD_SESSION(3) | Library Functions Manual | SSL_CTX_ADD_SESSION(3) |
SSL_CTX_add_session,
SSL_CTX_remove_session —
manipulate session cache
#include
<openssl/ssl.h>
int
SSL_CTX_add_session(SSL_CTX
*ctx, SSL_SESSION
*c);
int
SSL_CTX_remove_session(SSL_CTX
*ctx, SSL_SESSION
*c);
SSL_CTX_add_session()
adds the session c to the context
ctx. The reference count for session
c is incremented by 1. If a session with the same
session id already exists, the old session is removed by calling
SSL_SESSION_free(3).
SSL_CTX_remove_session()
removes the session c from the context
ctx and marks it as non-resumable.
SSL_SESSION_free(3) is
called once for c.
When adding a new session to the
internal session cache, it is examined whether a session with the same
session id already exists. In this case it is assumed that both sessions are
identical. If the same session is stored in a different
SSL_SESSION object, the old session is removed and
replaced by the new session. If the session is actually identical (the
SSL_SESSION object is identical),
SSL_CTX_add_session()
is a no-op, and the return value is 0.
If a server
SSL_CTX is configured with the
SSL_SESS_CACHE_NO_INTERNAL_STORE flag then the
internal cache will not be populated automatically by new sessions
negotiated by the SSL/TLS implementation, even though the internal cache
will be searched automatically for session-resume requests (the latter can
be suppressed by SSL_SESS_CACHE_NO_INTERNAL_LOOKUP).
So the application can use
SSL_CTX_add_session()
directly to have full control over the sessions that can be resumed if
desired.
The following values are returned by all functions:
ssl(3), SSL_CTX_set_session_cache_mode(3), SSL_SESSION_free(3)
SSL_CTX_add_session() and
SSL_CTX_remove_session() first appeared in SSLeay
0.8.0 and have been available since OpenBSD 2.4.
| March 27, 2018 | openbsd |