Sortix cross-nightly manual
This manual documents Sortix cross-nightly. You can instead view this document in the latest official manual.
NAME
SSL_CTX_set_generate_session_id, SSL_set_generate_session_id, SSL_has_matching_session_id, GEN_SESSION_CB — manipulate generation of SSL session IDs (server only)SYNOPSIS
#include <openssl/ssl.h>(*GEN_SESSION_CB)(const SSL *ssl, unsigned char *id, unsigned int *id_len);
SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb);
SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb);
SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, unsigned int id_len);
DESCRIPTION
SSL_CTX_set_generate_session_id() sets the callback function for generating new session ids for SSL/TLS sessions for ctx to be cb.RETURN VALUES
SSL_CTX_set_generate_session_id() and SSL_set_generate_session_id() always return 1.EXAMPLES
The callback function listed will generate a session id with the server id given, and will fill the rest with pseudo random bytes:const char session_id_prefix = "www-18"; #define MAX_SESSION_ID_ATTEMPTS 10 static int generate_session_id(const SSL *ssl, unsigned char *id, unsigned int *id_len) { unsigned int count = 0; do { RAND_pseudo_bytes(id, *id_len); /* * Prefix the session_id with the required prefix. NB: If * our prefix is too long, clip it – but there will be * worse effects anyway, e.g., the server could only * possibly create one session ID (the prefix!) so all * future session negotiations will fail due to conflicts. */ memcpy(id, session_id_prefix, (strlen(session_id_prefix) < *id_len) ? strlen(session_id_prefix) : *id_len); } while (SSL_has_matching_session_id(ssl, id, *id_len) && (++count < MAX_SESSION_ID_ATTEMPTS)); if (count >= MAX_SESSION_ID_ATTEMPTS) return 0; return 1; }