Manual Pages for UNIX Operating System command usage for man SSL_set_session_id_context

OpenSSL                  SSL_CTX_set_session_id_context(3openssl)



NNNNAAAAMMMMEEEE
     SSL_CTX_set_session_id_context, SSL_set_session_id_context -
     set context within which session can be reused (server side
     only)

SSSSYYYYNNNNOOOOPPPPSSSSIIIISSSS
      #include 

      int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx,
                                         unsigned int sid_ctx_len);
      int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
                                     unsigned int sid_ctx_len);


DDDDEEEESSSSCCCCRRRRIIIIPPPPTTTTIIIIOOOONNNN
     SSL_CTX_set_session_id_context() sets the context ssssiiiidddd_ccccttttxxxx of
     length ssssiiiidddd_ccccttttxxxx_lllleeeennnn within which a session can be reused for
     the ccccttttxxxx object.

     SSL_set_session_id_context() sets the context ssssiiiidddd_ccccttttxxxx of
     length ssssiiiidddd_ccccttttxxxx_lllleeeennnn within which a session can be reused for
     the ssssssssllll object.

NNNNOOOOTTTTEEEESSSS
     Sessions are generated within a certain context. When
     exporting/importing sessions with
     iiii2222dddd_SSSSSSSSLLLL_SSSSEEEESSSSSSSSIIIIOOOONNNN/dddd2222iiii_SSSSSSSSLLLL_SSSSEEEESSSSSSSSIIIIOOOONNNN it would be possible, to
     re-import a session generated from another context (e.g.
     another application), which might lead to malfunctions.
     Therefore each application must set its own session id
     context ssssiiiidddd_ccccttttxxxx which is used to distinguish the contexts
     and is stored in exported sessions. The ssssiiiidddd_ccccttttxxxx can be any
     kind of binary data with a given length, it is therefore
     possible to use e.g. the name of the application and/or the
     hostname and/or service name ...

     The session id context becomes part of the session. The
     session id context is set by the SSL/TLS server. The
     SSL_CTX_set_session_id_context() and
     SSL_set_session_id_context() functions are therefore only
     useful on the server side.

     OpenSSL clients will check the session id context returned
     by the server when reusing a session.

     The maximum length of the ssssiiiidddd_ccccttttxxxx is limited to
     SSSSSSSSLLLL_MMMMAAAAXXXX_SSSSSSSSLLLL_SSSSEEEESSSSSSSSIIIIOOOONNNN_IIIIDDDD_LLLLEEEENNNNGGGGTTTTHHHH.

WWWWAAAARRRRNNNNIIIINNNNGGGGSSSS
     If the session id context is not set on an SSL/TLS server
     and client certificates are used, stored sessions will not
     be reused but a fatal error will be flagged and the



14/Jun/2004            Last change: 0.9.8o                      1






OpenSSL                  SSL_CTX_set_session_id_context(3openssl)



     handshake will fail.

     If a server returns a different session id context to an
     OpenSSL client when reusing a session, an error will be
     flagged and the handshake will fail. OpenSSL servers will
     always return the correct session id context, as an OpenSSL
     server checks the session id context itself before reusing a
     session as described above.

RRRREEEETTTTUUUURRRRNNNN VVVVAAAALLLLUUUUEEEESSSS
     SSL_CTX_set_session_id_context() and
     SSL_set_session_id_context() return the following values:

     0   The length ssssiiiidddd_ccccttttxxxx_lllleeeennnn of the session id context ssssiiiidddd_ccccttttxxxx
         exceeded the maximum allowed length of
         SSSSSSSSLLLL_MMMMAAAAXXXX_SSSSSSSSLLLL_SSSSEEEESSSSSSSSIIIIOOOONNNN_IIIIDDDD_LLLLEEEENNNNGGGGTTTTHHHH. The error is logged to
         the error stack.

     1   The operation succeeded.

SSSSEEEEEEEE AAAALLLLSSSSOOOO
     ssl(3)

































14/Jun/2004            Last change: 0.9.8o                      2