SSL_CTX_set_generate_session_id.3 (206048) | SSL_CTX_set_generate_session_id.3 (215698) |
---|---|
1.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.37 | 1.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07) |
2.\" 3.\" Standard preamble: 4.\" ======================================================================== | 2.\" 3.\" Standard preamble: 4.\" ======================================================================== |
5.de Sh \" Subsection heading 6.br 7.if t .Sp 8.ne 5 9.PP 10\fB\\$1\fR 11.PP 12.. | |
13.de Sp \" Vertical space (when we can't use .PP) 14.if t .sp .5v 15.if n .sp 16.. 17.de Vb \" Begin verbatim text 18.ft CW 19.nf 20.ne \\$1 21.. 22.de Ve \" End verbatim text 23.ft R 24.fi 25.. 26.\" Set up some character translations and predefined strings. \*(-- will 27.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left | 5.de Sp \" Vertical space (when we can't use .PP) 6.if t .sp .5v 7.if n .sp 8.. 9.de Vb \" Begin verbatim text 10.ft CW 11.nf 12.ne \\$1 13.. 14.de Ve \" End verbatim text 15.ft R 16.fi 17.. 18.\" Set up some character translations and predefined strings. \*(-- will 19.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left |
28.\" double quote, and \*(R" will give a right double quote. | will give a 29.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to 30.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' 31.\" expand to `' in nroff, nothing in troff, for use with C<>. 32.tr \(*W-|\(bv\*(Tr | 20.\" double quote, and \*(R" will give a right double quote. \*(C+ will 21.\" give a nicer C++. Capital omega is used to do unbreakable dashes and 22.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, 23.\" nothing in troff, for use with C<>. 24.tr \(*W- |
33.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' 34.ie n \{\ 35. ds -- \(*W- 36. ds PI pi 37. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch 38. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch 39. ds L" "" 40. ds R" "" 41. ds C` "" 42. ds C' "" 43'br\} 44.el\{\ 45. ds -- \|\(em\| 46. ds PI \(*p 47. ds L" `` 48. ds R" '' 49'br\} 50.\" | 25.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' 26.ie n \{\ 27. ds -- \(*W- 28. ds PI pi 29. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch 30. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch 31. ds L" "" 32. ds R" "" 33. ds C` "" 34. ds C' "" 35'br\} 36.el\{\ 37. ds -- \|\(em\| 38. ds PI \(*p 39. ds L" `` 40. ds R" '' 41'br\} 42.\" |
43.\" Escape single quotes in literal strings from groff's Unicode transform. 44.ie \n(.g .ds Aq \(aq 45.el .ds Aq ' 46.\" |
|
51.\" If the F register is turned on, we'll generate index entries on stderr for | 47.\" If the F register is turned on, we'll generate index entries on stderr for |
52.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index | 48.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index |
53.\" entries marked with X<> in POD. Of course, you'll have to process the 54.\" output yourself in some meaningful fashion. | 49.\" entries marked with X<> in POD. Of course, you'll have to process the 50.\" output yourself in some meaningful fashion. |
55.if \nF \{\ | 51.ie \nF \{\ |
56. de IX 57. tm Index:\\$1\t\\n%\t"\\$2" 58.. 59. nr % 0 60. rr F 61.\} | 52. de IX 53. tm Index:\\$1\t\\n%\t"\\$2" 54.. 55. nr % 0 56. rr F 57.\} |
58.el \{\ 59. de IX 60.. 61.\} |
|
62.\" | 62.\" |
63.\" For nroff, turn off justification. Always turn off hyphenation; it makes 64.\" way too many mistakes in technical documents. 65.hy 0 66.if n .na 67.\" | |
68.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). 69.\" Fear. Run. Save yourself. No user-serviceable parts. 70. \" fudge factors for nroff and troff 71.if n \{\ 72. ds #H 0 73. ds #V .8m 74. ds #F .3m 75. ds #[ \f1 --- 48 unchanged lines hidden (view full) --- 124. ds Th \o'LP' 125. ds ae ae 126. ds Ae AE 127.\} 128.rm #[ #] #H #V #F C 129.\" ======================================================================== 130.\" 131.IX Title "SSL_CTX_set_generate_session_id 3" | 63.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). 64.\" Fear. Run. Save yourself. No user-serviceable parts. 65. \" fudge factors for nroff and troff 66.if n \{\ 67. ds #H 0 68. ds #V .8m 69. ds #F .3m 70. ds #[ \f1 --- 48 unchanged lines hidden (view full) --- 119. ds Th \o'LP' 120. ds ae ae 121. ds Ae AE 122.\} 123.rm #[ #] #H #V #F C 124.\" ======================================================================== 125.\" 126.IX Title "SSL_CTX_set_generate_session_id 3" |
132.TH SSL_CTX_set_generate_session_id 3 "2010-03-24" "0.9.8n" "OpenSSL" | 127.TH SSL_CTX_set_generate_session_id 3 "2010-11-16" "0.9.8p" "OpenSSL" 128.\" For nroff, turn off justification. Always turn off hyphenation; it makes 129.\" way too many mistakes in technical documents. 130.if n .ad l 131.nh |
133.SH "NAME" 134SSL_CTX_set_generate_session_id, SSL_set_generate_session_id, SSL_has_matching_session_id \- manipulate generation of SSL session IDs (server only) 135.SH "SYNOPSIS" 136.IX Header "SYNOPSIS" 137.Vb 1 138\& #include <openssl/ssl.h> | 132.SH "NAME" 133SSL_CTX_set_generate_session_id, SSL_set_generate_session_id, SSL_has_matching_session_id \- manipulate generation of SSL session IDs (server only) 134.SH "SYNOPSIS" 135.IX Header "SYNOPSIS" 136.Vb 1 137\& #include <openssl/ssl.h> |
139.Ve 140.PP 141.Vb 2 | 138\& |
142\& typedef int (*GEN_SESSION_CB)(const SSL *ssl, unsigned char *id, 143\& unsigned int *id_len); | 139\& typedef int (*GEN_SESSION_CB)(const SSL *ssl, unsigned char *id, 140\& unsigned int *id_len); |
144.Ve 145.PP 146.Vb 4 | 141\& |
147\& int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb); 148\& int SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB, cb); 149\& int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, 150\& unsigned int id_len); 151.Ve 152.SH "DESCRIPTION" 153.IX Header "DESCRIPTION" 154\&\fISSL_CTX_set_generate_session_id()\fR sets the callback function for generating --- 69 unchanged lines hidden (view full) --- 224The callback must return 0 if it cannot generate a session id for whatever 225reason and return 1 on success. 226.SH "EXAMPLES" 227.IX Header "EXAMPLES" 228The callback function listed will generate a session id with the 229server id given, and will fill the rest with pseudo random bytes: 230.PP 231.Vb 1 | 142\& int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb); 143\& int SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB, cb); 144\& int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, 145\& unsigned int id_len); 146.Ve 147.SH "DESCRIPTION" 148.IX Header "DESCRIPTION" 149\&\fISSL_CTX_set_generate_session_id()\fR sets the callback function for generating --- 69 unchanged lines hidden (view full) --- 219The callback must return 0 if it cannot generate a session id for whatever 220reason and return 1 on success. 221.SH "EXAMPLES" 222.IX Header "EXAMPLES" 223The callback function listed will generate a session id with the 224server id given, and will fill the rest with pseudo random bytes: 225.PP 226.Vb 1 |
232\& const char session_id_prefix = "www-18"; 233.Ve 234.PP 235.Vb 6 | 227\& const char session_id_prefix = "www\-18"; 228\& |
236\& #define MAX_SESSION_ID_ATTEMPTS 10 237\& static int generate_session_id(const SSL *ssl, unsigned char *id, 238\& unsigned int *id_len) 239\& { 240\& unsigned int count = 0; 241\& const char *version; | 229\& #define MAX_SESSION_ID_ATTEMPTS 10 230\& static int generate_session_id(const SSL *ssl, unsigned char *id, 231\& unsigned int *id_len) 232\& { 233\& unsigned int count = 0; 234\& const char *version; |
242.Ve 243.PP 244.Vb 3 | 235\& |
245\& version = SSL_get_version(ssl); 246\& if (!strcmp(version, "SSLv2")) 247\& /* we must not change id_len */; | 236\& version = SSL_get_version(ssl); 237\& if (!strcmp(version, "SSLv2")) 238\& /* we must not change id_len */; |
248.Ve 249.PP 250.Vb 17 | 239\& |
251\& do { 252\& RAND_pseudo_bytes(id, *id_len); 253\& /* Prefix the session_id with the required prefix. NB: If our | 240\& do { 241\& RAND_pseudo_bytes(id, *id_len); 242\& /* Prefix the session_id with the required prefix. NB: If our |
254\& * prefix is too long, clip it - but there will be worse effects | 243\& * prefix is too long, clip it \- but there will be worse effects |
255\& * anyway, eg. the server could only possibly create 1 session 256\& * ID (ie. the prefix!) so all future session negotiations will 257\& * fail due to conflicts. */ 258\& memcpy(id, session_id_prefix, 259\& (strlen(session_id_prefix) < *id_len) ? 260\& strlen(session_id_prefix) : *id_len); 261\& } 262\& while(SSL_has_matching_session_id(ssl, id, *id_len) && --- 21 unchanged lines hidden --- | 244\& * anyway, eg. the server could only possibly create 1 session 245\& * ID (ie. the prefix!) so all future session negotiations will 246\& * fail due to conflicts. */ 247\& memcpy(id, session_id_prefix, 248\& (strlen(session_id_prefix) < *id_len) ? 249\& strlen(session_id_prefix) : *id_len); 250\& } 251\& while(SSL_has_matching_session_id(ssl, id, *id_len) && --- 21 unchanged lines hidden --- |