[openssl] OpenSSL_1_1_1-stable update

kaduk at mit.edu kaduk at mit.edu
Thu Jan 16 21:42:05 UTC 2020


The branch OpenSSL_1_1_1-stable has been updated
       via  017015ceecaf2b4464aeeeb9a051dbe91d17f6e2 (commit)
      from  56c59ddd99da05c2f30832cccaffb873a8481555 (commit)


- Log -----------------------------------------------------------------
commit 017015ceecaf2b4464aeeeb9a051dbe91d17f6e2
Author: Benjamin Kaduk <bkaduk at akamai.com>
Date:   Tue Jan 14 16:22:52 2020 -0800

    Update SSL_CTX_sess_set_new_cb(3) docs for refcounts
    
    The existing documentation for the new-session callback was unclear
    about the requirements on the callback with respect to reference-handling
    of the session object being created.  Be more explicit about the
    (non-)requirements on the callback code for "success" (1) and "ignore"
    (0) return values.
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/10848)
    
    (cherry picked from commit 188d4ec82a9b0085ac5841cce3eda95efb94f2b4)

-----------------------------------------------------------------------

Summary of changes:
 doc/man3/SSL_CTX_sess_set_get_cb.pod | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/doc/man3/SSL_CTX_sess_set_get_cb.pod b/doc/man3/SSL_CTX_sess_set_get_cb.pod
index 774c4b120f..11eda7e141 100644
--- a/doc/man3/SSL_CTX_sess_set_get_cb.pod
+++ b/doc/man3/SSL_CTX_sess_set_get_cb.pod
@@ -54,12 +54,18 @@ session cache is realized via callback functions. Inside these callback
 functions, session can be saved to disk or put into a database using the
 L<d2i_SSL_SESSION(3)> interface.
 
-The new_session_cb() is called, whenever a new session has been negotiated
-and session caching is enabled (see
-L<SSL_CTX_set_session_cache_mode(3)>).
-The new_session_cb() is passed the B<ssl> connection and the ssl session
-B<sess>. If the callback returns B<0>, the session will be immediately
-removed again. Note that in TLSv1.3, sessions are established after the main
+The new_session_cb() is called whenever a new session has been negotiated and
+session caching is enabled (see L<SSL_CTX_set_session_cache_mode(3)>).  The
+new_session_cb() is passed the B<ssl> connection and the ssl session B<sess>.
+Since sessions are reference-counted objects, the reference count on the
+session is incremented before the callback, on behalf of the application.  If
+the callback returns B<0>, the session will be immediately removed from the
+internal cache and the reference count released. If the callback returns B<1>,
+the application retains the reference (for an entry in the
+application-maintained "external session cache"), and is responsible for
+calling SSL_SESSION_free() when the session reference is no longer in use.
+
+Note that in TLSv1.3, sessions are established after the main
 handshake has completed. The server decides when to send the client the session
 information and this may occur some time after the end of the handshake (or not
 at all). This means that applications should expect the new_session_cb()


More information about the openssl-commits mailing list