1 .\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
4 .\" ========================================================================
5 .de Sp \" Vertical space (when we can't use .PP)
9 .de Vb \" Begin verbatim text
14 .de Ve \" End verbatim text
18 .\" Set up some character translations and predefined strings. \*(-- will
19 .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
20 .\" double quote, and \*(R" will give a right double quote. \*(C+ will
21 .\" give a nicer C++. Capital omega is used to do unbreakable dashes and
22 .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
23 .\" nothing in troff, for use with C<>.
25 .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
29 . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
30 . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
45 .\" Escape single quotes in literal strings from groff's Unicode transform.
49 .\" If the F register is >0, we'll generate index entries on stderr for
50 .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
51 .\" entries marked with X<> in POD. Of course, you'll have to process the
52 .\" output yourself in some meaningful fashion.
54 .\" Avoid warning from groff about undefined register 'F'.
60 . tm Index:\\$1\t\\n%\t"\\$2"
68 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
69 .\" Fear. Run. Save yourself. No user-serviceable parts.
70 . \" fudge factors for nroff and troff
79 . ds #H ((1u-(\\\\n(.fu%2u))*.13m)
85 . \" simple accents for nroff and troff
95 . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
96 . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
97 . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
98 . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
99 . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
100 . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
102 . \" troff and (daisy-wheel) nroff accents
103 .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
104 .ds 8 \h'\*(#H'\(*b\h'-\*(#H'
105 .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
106 .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
107 .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
108 .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
109 .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
110 .ds ae a\h'-(\w'a'u*4/10)'e
111 .ds Ae A\h'-(\w'A'u*4/10)'E
112 . \" corrections for vroff
113 .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
114 .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
115 . \" for low resolution devices (crt and lpr)
116 .if \n(.H>23 .if \n(.V>19 \
129 .\" ========================================================================
131 .IX Title "SSL_CTX_set_session_id_context 3"
132 .TH SSL_CTX_set_session_id_context 3 "2017-12-07" "1.0.2n" "OpenSSL"
133 .\" For nroff, turn off justification. Always turn off hyphenation; it makes
134 .\" way too many mistakes in technical documents.
138 SSL_CTX_set_session_id_context, SSL_set_session_id_context \- set context within which session can be reused (server side only)
140 .IX Header "SYNOPSIS"
142 \& #include <openssl/ssl.h>
144 \& int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx,
145 \& unsigned int sid_ctx_len);
146 \& int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
147 \& unsigned int sid_ctx_len);
150 .IX Header "DESCRIPTION"
151 \&\fISSL_CTX_set_session_id_context()\fR sets the context \fBsid_ctx\fR of length
152 \&\fBsid_ctx_len\fR within which a session can be reused for the \fBctx\fR object.
154 \&\fISSL_set_session_id_context()\fR sets the context \fBsid_ctx\fR of length
155 \&\fBsid_ctx_len\fR within which a session can be reused for the \fBssl\fR object.
158 Sessions are generated within a certain context. When exporting/importing
159 sessions with \fBi2d_SSL_SESSION\fR/\fBd2i_SSL_SESSION\fR it would be possible,
160 to re-import a session generated from another context (e.g. another
161 application), which might lead to malfunctions. Therefore each application
162 must set its own session id context \fBsid_ctx\fR which is used to distinguish
163 the contexts and is stored in exported sessions. The \fBsid_ctx\fR can be
164 any kind of binary data with a given length, it is therefore possible
165 to use e.g. the name of the application and/or the hostname and/or service
168 The session id context becomes part of the session. The session id context
169 is set by the \s-1SSL/TLS\s0 server. The \fISSL_CTX_set_session_id_context()\fR and
170 \&\fISSL_set_session_id_context()\fR functions are therefore only useful on the
173 OpenSSL clients will check the session id context returned by the server
174 when reusing a session.
176 The maximum length of the \fBsid_ctx\fR is limited to
177 \&\fB\s-1SSL_MAX_SSL_SESSION_ID_LENGTH\s0\fR.
179 .IX Header "WARNINGS"
180 If the session id context is not set on an \s-1SSL/TLS\s0 server and client
181 certificates are used, stored sessions
182 will not be reused but a fatal error will be flagged and the handshake
185 If a server returns a different session id context to an OpenSSL client
186 when reusing a session, an error will be flagged and the handshake will
187 fail. OpenSSL servers will always return the correct session id context,
188 as an OpenSSL server checks the session id context itself before reusing
189 a session as described above.
191 .IX Header "RETURN VALUES"
192 \&\fISSL_CTX_set_session_id_context()\fR and \fISSL_set_session_id_context()\fR
193 return the following values:
195 The length \fBsid_ctx_len\fR of the session id context \fBsid_ctx\fR exceeded
196 the maximum allowed length of \fB\s-1SSL_MAX_SSL_SESSION_ID_LENGTH\s0\fR. The error
197 is logged to the error stack.
200 The operation succeeded.
202 .IX Header "SEE ALSO"