diff options
| author | Geoff Thorpe <geoff@openssl.org> | 2001-02-21 18:06:26 +0000 |
|---|---|---|
| committer | Geoff Thorpe <geoff@openssl.org> | 2001-02-21 18:06:26 +0000 |
| commit | dc644fe2292a9a7ac674a57d2a4be99d7daeab12 (patch) | |
| tree | a3625fd4742ce60237a9f97a0aa58961009fe5b5 /util | |
| parent | 47ddf355b46eae8c846e411f44531e928e04adf5 (diff) | |
This change allows a callback to be used to override the generation of
SSL/TLS session IDs in a server. According to RFC2246, the session ID is an
arbitrary value chosen by the server. It can be useful to have some control
over this "arbitrary value" so as to choose it in ways that can aid in
things like external session caching and balancing (eg. clustering). The
default session ID generation is to fill the ID with random data.
The callback used by default is built in to ssl_sess.c, but registering a
callback in an SSL_CTX or in a particular SSL overrides this. BTW: SSL
callbacks will override SSL_CTX callbacks, and a new SSL structure inherits
any callback set in its 'parent' SSL_CTX. The header comments describe how
this mechanism ticks, and source code comments describe (hopefully) why it
ticks the way it does.
Man pages are on the way ...
[NB: Lutz was also hacking away and helping me to figure out how best to do
this.]
Diffstat (limited to 'util')
| -rwxr-xr-x | util/ssleay.num | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/util/ssleay.num b/util/ssleay.num index 26d38fb48c..840c92747d 100755 --- a/util/ssleay.num +++ b/util/ssleay.num @@ -208,3 +208,6 @@ kssl_ctx_free 257 EXIST::FUNCTION:KRB5 kssl_krb5_free_data_contents 258 EXIST::FUNCTION:KRB5 print_krb5_data 259 EXIST::FUNCTION:KRB5 kssl_ctx_setstring 260 EXIST::FUNCTION:KRB5 +SSL_CTX_has_matching_session_id 261 EXIST::FUNCTION: +SSL_set_generate_session_id 262 EXIST::FUNCTION: +SSL_CTX_set_generate_session_id 263 EXIST::FUNCTION: |