SSL_CTX_set_session_id_context(3SSL_CTX_set_session_id_context(3)

NAME    [Toc]    [Back]

       SSL_CTX_set_session_id_context, SSL_set_session_id_context
       - Set context within which session can be  reused  (server
       side only)

SYNOPSIS    [Toc]    [Back]

       #include <openssl/ssl.h>

       int SSL_CTX_set_session_id_context(
               SSL_CTX   *ctx,   const  unsigned  char  *sid_ctx,
       unsigned int sid_ctx_len  );  int  SSL_set_session_id_context(

               SSL    *ssl,   const   unsigned   char   *sid_ctx,
       unsigned int sid_ctx_len );

DESCRIPTION    [Toc]    [Back]

       The  SSL_CTX_set_session_id_context()  function  sets  the
       context  sid_ctx of length sid_ctx_len within which a session
 can be reused for the ctx object.

       The SSL_set_session_id_context() function sets the context
       sid_ctx  of  length sid_ctx_len within which a session can
       be reused for the ssl object.

NOTES    [Toc]    [Back]

       Sessions are generated  within  a  certain  context.  When
       exporting  or  importing  sessions with i2d_SSL_SESSION or
       d2i_SSL_SESSION it is possible, to reimport a session generated
  from  another  context (e.g. another application),
       which might lead to malfunctions. Therefore, each application
  must set its own session id context sid_ctx which is
       used to distinguish the contexts and is stored in exported
       sessions.  The sid_ctx can be any kind of binary data with
       a given length. For example, it is  possible  to  use  the
       name  of  the application, the hostname and/or the service
       name.

       The session id context becomes part of  the  session.  The
       session  id  context  is  set  by  the SSL/TLS server. The
       SSL_CTX_set_session_id_context()     and      SSL_set_session_id_context()
  functions  are therefore only useful on
       the server side.

       OpenSSL clients will check the session id context returned
       by the server when reusing a session.

       The   maximum   length   of  the  sid_ctx  is  limited  to
       SSL_MAX_SSL_SESSION_ID_LENGTH.

RESTRICTIONS    [Toc]    [Back]

       If the session id context is not set on an SSL/TLS server,
       stored  sessions will not be reused. A fatal error will be
       flagged and the handshake will fail.

       If a server returns a different session id context  to  an
       OpenSSL  client  when  reusing a session, an error will be
       flagged and the handshake will fail.  OpenSSL servers will
       always  return  the correct session id context, because an
       OpenSSL  server  checks  the  session  id  context  before
       reusing a session.

RETURN VALUES    [Toc]    [Back]

       The   SSL_CTX_set_session_id_context()   and  SSL_set_session_id_context()
 functions return the following values: 0

              The  length  sid_ctx_len  of the session id context
              sid_ctx exceeded  the  maximum  allowed  length  of
              SSL_MAX_SSL_SESSION_ID_LENGTH.  The error is logged
              to the error stack.  1

              The operation succeeded.

SEE ALSO    [Toc]    [Back]

       Functions: ssl(3)



                                SSL_CTX_set_session_id_context(3)