diff options
| -rw-r--r-- | doc/ssl/SSL_CTX_new.pod | 14 | ||||
| -rw-r--r-- | doc/ssl/SSL_new.pod | 10 | ||||
| -rw-r--r-- | doc/ssl/ssl.pod | 4 | ||||
| -rw-r--r-- | include/openssl/ssl.h | 2 | ||||
| -rw-r--r-- | ssl/ssl_lib.c | 10 | ||||
| -rwxr-xr-x | util/ssleay.num | 2 |
6 files changed, 36 insertions, 6 deletions
diff --git a/doc/ssl/SSL_CTX_new.pod b/doc/ssl/SSL_CTX_new.pod index 53f621685e..259098657f 100644 --- a/doc/ssl/SSL_CTX_new.pod +++ b/doc/ssl/SSL_CTX_new.pod @@ -2,9 +2,9 @@ =head1 NAME -SSL_CTX_new, SSLv3_method, SSLv3_server_method, SSLv3_client_method, -TLSv1_method, TLSv1_server_method, TLSv1_client_method, TLSv1_1_method, -TLSv1_1_server_method, TLSv1_1_client_method, TLS_method, +SSL_CTX_new, SSL_CTX_up_ref, SSLv3_method, SSLv3_server_method, +SSLv3_client_method, TLSv1_method, TLSv1_server_method, TLSv1_client_method, +TLSv1_1_method, TLSv1_1_server_method, TLSv1_1_client_method, TLS_method, TLS_server_method, TLS_client_method, SSLv23_method, SSLv23_server_method, SSLv23_client_method, DTLS_method, DTLS_server_method, DTLS_client_method, DTLSv1_method, DTLSv1_server_method, DTLSv1_client_method, @@ -17,6 +17,7 @@ functions #include <openssl/ssl.h> SSL_CTX *SSL_CTX_new(const SSL_METHOD *method); + void SSL_CTX_up_ref(SSL_CTX *ctx); const SSL_METHOD *TLS_method(void); const SSL_METHOD *TLS_server_method(void); @@ -59,7 +60,12 @@ functions =head1 DESCRIPTION SSL_CTX_new() creates a new B<SSL_CTX> object as framework to -establish TLS/SSL or DTLS enabled connections. +establish TLS/SSL or DTLS enabled connections. An B<SSL_CTX> object is +reference counted. Creating an B<SSL_CTX> object for the first time increments +the reference count. Freeing it (using SSL_CTX_free) decrements it. When the +reference count drops to zero, any memory or resources allocated to the +B<SSL_CTX> object are freed. SSL_CTX_up_ref() increments the reference count for +an existing B<SSL_CTX> structure. =head1 NOTES diff --git a/doc/ssl/SSL_new.pod b/doc/ssl/SSL_new.pod index 4c350c507f..f0e07951e3 100644 --- a/doc/ssl/SSL_new.pod +++ b/doc/ssl/SSL_new.pod @@ -2,20 +2,26 @@ =head1 NAME -SSL_new - create a new SSL structure for a connection +SSL_new, SSL_up_ref - create a new SSL structure for a connection =head1 SYNOPSIS #include <openssl/ssl.h> SSL *SSL_new(SSL_CTX *ctx); + void SSL_up_ref(SSL *s); =head1 DESCRIPTION SSL_new() creates a new B<SSL> structure which is needed to hold the data for a TLS/SSL connection. The new structure inherits the settings of the underlying context B<ctx>: connection method, -options, verification settings, timeout settings. +options, verification settings, timeout settings. An B<SSL> structure is +reference counted. Creating an B<SSL> structure for the first time increments +the reference count. Freeing it (using SSL_free) decrements it. When the +reference count drops to zero, any memory or resources allocated to the B<SSL> +structure are freed. SSL_up_ref() increments the reference count for an +existing B<SSL> structure. =head1 RETURN VALUES diff --git a/doc/ssl/ssl.pod b/doc/ssl/ssl.pod index 33133ff78f..597b88e5f7 100644 --- a/doc/ssl/ssl.pod +++ b/doc/ssl/ssl.pod @@ -234,6 +234,8 @@ protocol context defined in the B<SSL_CTX> structure. =item SSL_CTX *B<SSL_CTX_new>(const SSL_METHOD *meth); +=item void SSL_CTX_up_ref(SSL_CTX *ctx); + =item int B<SSL_CTX_remove_session>(SSL_CTX *ctx, SSL_SESSION *c); =item int B<SSL_CTX_sess_accept>(SSL_CTX *ctx); @@ -562,6 +564,8 @@ fresh handle for each connection. =item SSL *B<SSL_new>(SSL_CTX *ctx); +=item void SSL_up_ref(SSL *s); + =item long B<SSL_num_renegotiations>(SSL *ssl); =item int B<SSL_peek>(SSL *ssl, void *buf, int num); diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index d26b4af1a7..0d36e17a6c 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -1371,6 +1371,7 @@ void BIO_ssl_shutdown(BIO *ssl_bio); __owur int SSL_CTX_set_cipher_list(SSL_CTX *, const char *str); __owur SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth); +void SSL_CTX_up_ref(SSL_CTX *ctx); void SSL_CTX_free(SSL_CTX *); __owur long SSL_CTX_set_timeout(SSL_CTX *ctx, long t); __owur long SSL_CTX_get_timeout(const SSL_CTX *ctx); @@ -1530,6 +1531,7 @@ __owur int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid unsigned int sid_ctx_len); SSL *SSL_new(SSL_CTX *ctx); +void SSL_up_ref(SSL *s); __owur int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx, unsigned int sid_ctx_len); diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 7c99e8d7d4..d29da6dfbf 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -745,6 +745,11 @@ SSL *SSL_new(SSL_CTX *ctx) return (NULL); } +void SSL_up_ref(SSL *s) +{ + CRYPTO_add(&s->references, 1, CRYPTO_LOCK_SSL); +} + int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx, unsigned int sid_ctx_len) { @@ -2348,6 +2353,11 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) return (NULL); } +void SSL_CTX_up_ref(SSL_CTX *ctx) +{ + CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX); +} + void SSL_CTX_free(SSL_CTX *a) { int i; diff --git a/util/ssleay.num b/util/ssleay.num index 103d95f537..89797c5a3d 100755 --- a/util/ssleay.num +++ b/util/ssleay.num @@ -433,3 +433,5 @@ SSL_CTX_get_options 467 1_1_0 EXIST::FUNCTION: SSL_clear_options 468 1_1_0 EXIST::FUNCTION: SSL_set_options 469 1_1_0 EXIST::FUNCTION: SSL_get_options 470 1_1_0 EXIST::FUNCTION: +SSL_up_ref 471 1_1_0 EXIST::FUNCTION: +SSL_CTX_up_ref 472 1_1_0 EXIST::FUNCTION: |