NAME

SSL_set_psk_use_session_callback, SSL_psk_use_session_cb_func — set TLS pre-shared key client callback

SYNOPSIS

#include <openssl/ssl.h>

typedef int
(*SSL_psk_use_session_cb_func)(SSL *ssl, const EVP_MD *md, const unsigned char **id, size_t *idlen, SSL_SESSION **session);

void
SSL_set_psk_use_session_callback(SSL *ssl, SSL_psk_use_session_cb_func cb);

DESCRIPTION

LibreSSL provides the stub function SSL_set_psk_use_session_callback() to allow compiling application programs that contain optional support for TLSv1.3 pre-shared keys.

LibreSSL does not support TLS pre-shared keys, and no action occurs when SSL_set_psk_use_session_callback() is called. In particular, both arguments are ignored. During session negotiation, LibreSSL never calls the callback cb and always behaves as if that callback succeeded and set the *session pointer to NULL. That is, LibreSSL never sends a pre-shared key to the server and never aborts the handshake for lack of a pre-shared key.

With OpenSSL, a client application wishing to use TLSv1.3 pre-shared keys can install a callback function cb using SSL_set_psk_use_session_callback(). The OpenSSL library may call cb once or twice during session negotiation. If the callback fails, OpenSSL aborts connection setup. If the callback succeeds but sets the *session pointer to NULL, OpenSSL continues the handshake but does not send a pre-shared key to the server.

RETURN VALUES

The SSL_psk_use_session_cb_func() callback is expected to return 1 on success or 0 on failure.

HISTORY

SSL_set_psk_use_session_callback() and SSL_psk_use_session_cb_func() first appeared in OpenSSL 1.1.1 and have been available since OpenBSD 7.0.