提交 423b1a84 编写于 作者: L Lutz Jänicke

Add warning about unwanted side effect when calling SSL_CTX_free():

sessions in the external session cache might be removed.
Submitted by: "Nadav Har'El" <nyh@math.technion.ac.il>

PR: 547
上级 a47789e8
...@@ -20,12 +20,22 @@ It also calls the free()ing procedures for indirectly affected items, if ...@@ -20,12 +20,22 @@ It also calls the free()ing procedures for indirectly affected items, if
applicable: the session cache, the list of ciphers, the list of Client CAs, applicable: the session cache, the list of ciphers, the list of Client CAs,
the certificates and keys. the certificates and keys.
=head1 WARNINGS
If a session-remove callback is set (SSL_CTX_sess_set_remove_cb()), this
callback will be called for each session being freed from B<ctx>'s
session cache. This implies, that all corresponding sessions from an
external session cache are removed as well. If this is not desired, the user
should explicitly unset the callback by calling
SSL_CTX_sess_set_remove_cb(B<ctx>, NULL) prior to calling SSL_CTX_free().
=head1 RETURN VALUES =head1 RETURN VALUES
SSL_CTX_free() does not provide diagnostic information. SSL_CTX_free() does not provide diagnostic information.
=head1 SEE ALSO =head1 SEE ALSO
L<SSL_CTX_new(3)|SSL_CTX_new(3)>, L<ssl(3)|ssl(3)> L<SSL_CTX_new(3)|SSL_CTX_new(3)>, L<ssl(3)|ssl(3)>,
L<SSL_CTX_sess_set_get_cb(3)|SSL_CTX_sess_set_get_cb(3)>
=cut =cut
...@@ -60,10 +60,11 @@ B<sess>. If the callback returns B<0>, the session will be immediately ...@@ -60,10 +60,11 @@ B<sess>. If the callback returns B<0>, the session will be immediately
removed again. removed again.
The remove_session_cb() is called, whenever the SSL engine removes a session The remove_session_cb() is called, whenever the SSL engine removes a session
from the internal cache. This happens if the session is removed because from the internal cache. This happens when the session is removed because
it is expired or when a connection was not shutdown cleanly. The it is expired or when a connection was not shutdown cleanly. It also happens
remove_session_cb() is passed the B<ctx> and the ssl session B<sess>. for all sessions in the internal session cache when
It does not provide any feedback. L<SSL_CTX_free(3)|SSL_CTX_free(3)> is called. The remove_session_cb() is passed
the B<ctx> and the ssl session B<sess>. It does not provide any feedback.
The get_session_cb() is only called on SSL/TLS servers with the session id The get_session_cb() is only called on SSL/TLS servers with the session id
proposed by the client. The get_session_cb() is always called, also when proposed by the client. The get_session_cb() is always called, also when
...@@ -80,6 +81,7 @@ L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>. ...@@ -80,6 +81,7 @@ L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>.
L<ssl(3)|ssl(3)>, L<d2i_SSL_SESSION(3)|d2i_SSL_SESSION(3)>, L<ssl(3)|ssl(3)>, L<d2i_SSL_SESSION(3)|d2i_SSL_SESSION(3)>,
L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>, L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>,
L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)>, L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)>,
L<SSL_SESSION_free(3)|SSL_SESSION_free(3)> L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>,
L<SSL_CTX_free(3)|SSL_CTX_free(3)>
=cut =cut
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册