diff options
author | Lutz Jänicke <jaenicke@openssl.org> | 2003-03-27 22:04:05 +0000 |
---|---|---|
committer | Lutz Jänicke <jaenicke@openssl.org> | 2003-03-27 22:04:05 +0000 |
commit | 423b1a840c72423ae20b3dcbfe34f4b204a125bf (patch) | |
tree | 80bec5b1e3dd99bb8e4ee059f328acf7df638db6 /doc | |
parent | a47789e849da9edbe9d0e4a7626f0b55af9e6681 (diff) |
Add warning about unwanted side effect when calling SSL_CTX_free():
sessions in the external session cache might be removed.
Submitted by: "Nadav Har'El" <nyh@math.technion.ac.il>
PR: 547
Diffstat (limited to 'doc')
-rw-r--r-- | doc/ssl/SSL_CTX_free.pod | 12 | ||||
-rw-r--r-- | doc/ssl/SSL_CTX_sess_set_get_cb.pod | 12 |
2 files changed, 18 insertions, 6 deletions
diff --git a/doc/ssl/SSL_CTX_free.pod b/doc/ssl/SSL_CTX_free.pod index 55e592f5f8..51d8676968 100644 --- a/doc/ssl/SSL_CTX_free.pod +++ b/doc/ssl/SSL_CTX_free.pod @@ -20,12 +20,22 @@ It also calls the free()ing procedures for indirectly affected items, if applicable: the session cache, the list of ciphers, the list of Client CAs, the certificates and keys. +=head1 WARNINGS + +If a session-remove callback is set (SSL_CTX_sess_set_remove_cb()), this +callback will be called for each session being freed from B<ctx>'s +session cache. This implies, that all corresponding sessions from an +external session cache are removed as well. If this is not desired, the user +should explicitly unset the callback by calling +SSL_CTX_sess_set_remove_cb(B<ctx>, NULL) prior to calling SSL_CTX_free(). + =head1 RETURN VALUES SSL_CTX_free() does not provide diagnostic information. =head1 SEE ALSO -L<SSL_CTX_new(3)|SSL_CTX_new(3)>, L<ssl(3)|ssl(3)> +L<SSL_CTX_new(3)|SSL_CTX_new(3)>, L<ssl(3)|ssl(3)>, +L<SSL_CTX_sess_set_get_cb(3)|SSL_CTX_sess_set_get_cb(3)> =cut diff --git a/doc/ssl/SSL_CTX_sess_set_get_cb.pod b/doc/ssl/SSL_CTX_sess_set_get_cb.pod index 7c0b2baf6c..b9d54a40a1 100644 --- a/doc/ssl/SSL_CTX_sess_set_get_cb.pod +++ b/doc/ssl/SSL_CTX_sess_set_get_cb.pod @@ -60,10 +60,11 @@ B<sess>. If the callback returns B<0>, the session will be immediately removed again. The remove_session_cb() is called, whenever the SSL engine removes a session -from the internal cache. This happens if the session is removed because -it is expired or when a connection was not shutdown cleanly. The -remove_session_cb() is passed the B<ctx> and the ssl session B<sess>. -It does not provide any feedback. +from the internal cache. This happens when the session is removed because +it is expired or when a connection was not shutdown cleanly. It also happens +for all sessions in the internal session cache when +L<SSL_CTX_free(3)|SSL_CTX_free(3)> is called. The remove_session_cb() is passed +the B<ctx> and the ssl session B<sess>. It does not provide any feedback. The get_session_cb() is only called on SSL/TLS servers with the session id proposed by the client. The get_session_cb() is always called, also when @@ -80,6 +81,7 @@ L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>. L<ssl(3)|ssl(3)>, L<d2i_SSL_SESSION(3)|d2i_SSL_SESSION(3)>, L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>, L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)>, -L<SSL_SESSION_free(3)|SSL_SESSION_free(3)> +L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>, +L<SSL_CTX_free(3)|SSL_CTX_free(3)> =cut |