[openssl] master update

tomas at openssl.org tomas at openssl.org
Fri Sep 17 12:33:44 UTC 2021 

The branch master has been updated
       via  9e51f877930dbd4216438a5da3c9612bf4d0a918 (commit)
       via  4603b782e6dbed493d2f38db111abc05df66fb99 (commit)
      from  39a8d4e13219580c8c89a234d6db5d261408cadb (commit)


- Log -----------------------------------------------------------------
commit 9e51f877930dbd4216438a5da3c9612bf4d0a918
Author: Matt Caswell <matt at openssl.org>
Date:   Sat Sep 11 10:02:21 2021 +0100

    Clarify what SSL_get_session() does on the server side in TLSv1.3
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/16582)

commit 4603b782e6dbed493d2f38db111abc05df66fb99
Author: Matt Caswell <matt at openssl.org>
Date:   Sat Sep 11 09:58:52 2021 +0100

    Correct the documentation for SSL_set_num_tickets()
    
    The behaviour for what happens in a resumption connection was not quite
    described correctly.
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/16582)

-----------------------------------------------------------------------

Summary of changes:
 doc/man3/SSL_CTX_set_num_tickets.pod | 8 ++++----
 doc/man3/SSL_get_session.pod         | 7 +++++--
 2 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/doc/man3/SSL_CTX_set_num_tickets.pod b/doc/man3/SSL_CTX_set_num_tickets.pod
index c06583304f..95ed719df7 100644
--- a/doc/man3/SSL_CTX_set_num_tickets.pod
+++ b/doc/man3/SSL_CTX_set_num_tickets.pod
@@ -27,10 +27,10 @@ the client after a full handshake. Set the desired value (which could be 0) in
 the B<num_tickets> argument. Typically these functions should be called before
 the start of the handshake.
 
-The default number of tickets is 2; the default number of tickets sent following
-a resumption handshake is 1 but this cannot be changed using these functions.
-The number of tickets following a resumption handshake can be reduced to 0 using
-custom session ticket callbacks (see L<SSL_CTX_set_session_ticket_cb(3)>).
+The default number of tickets is 2. Following a resumption the number of tickets
+issued will never be more than 1 regardless of the value set via
+SSL_set_num_tickets() or SSL_CTX_set_num_tickets(). If B<num_tickets> is set to
+0 then no tickets will be issued for either a normal connection or a resumption.
 
 Tickets are also issued on receipt of a post-handshake certificate from the
 client following a request by the server using
diff --git a/doc/man3/SSL_get_session.pod b/doc/man3/SSL_get_session.pod
index 967ccea564..6631bdf324 100644
--- a/doc/man3/SSL_get_session.pod
+++ b/doc/man3/SSL_get_session.pod
@@ -37,8 +37,11 @@ L<SSL_SESSION_is_resumable(3)> for information on how to determine whether an
 SSL_SESSION object can be used for resumption or not.
 
 Additionally, in TLSv1.3, a server can send multiple messages that establish a
-session for a single connection. In that case the above functions will only
-return information on the last session that was received.
+session for a single connection. In that case, on the client side, the above
+functions will only return information on the last session that was received. On
+the server side they will only return information on the last session that was
+sent, or if no session tickets were sent then the session for the current
+connection.
 
 The preferred way for applications to obtain a resumable SSL_SESSION object is
 to use a new session callback as described in L<SSL_CTX_sess_set_new_cb(3)>.

More information about the openssl-commits mailing list