- NetBSD Manual Pages
SSL_CTX_set_session_id_context(3) OpenSSL SSL_CTX_set_session_id_context(3)
Powered by man-cgi (2021-06-01).
Maintained for NetBSD
by Kimmo Suominen.
Based on man-cgi by Panagiotis Christias.
SSL_CTX_set_session_id_context, SSL_set_session_id_context - set con-
text within which session can be reused (server side only)
int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx,
unsigned int sid_ctx_len);
int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
unsigned int sid_ctx_len);
SSL_CTX_set_session_id_context() sets the context sid_ctx of length
sid_ctx_len within which a session can be reused for the ctx object.
SSL_set_session_id_context() sets the context sid_ctx of length
sid_ctx_len within which a session can be reused for the ssl object.
Sessions are generated within a certain context. When exporting/import-
ing sessions with i2d_SSL_SESSION/d2i_SSL_SESSION it would be possible,
to re-import a session generated from another context (e.g. another
application), which might lead to malfunctions. Therefore each applica-
tion must set its own session id context sid_ctx which is used to dis-
tinguish the contexts and is stored in exported sessions. The sid_ctx
can be any kind of binary data with a given length, it is therefore
possible to use e.g. the name of the application and/or the hostname
and/or service name ...
The session id context becomes part of the session. The session id con-
text is set by the SSL/TLS server. The SSL_CTX_set_session_id_context()
and SSL_set_session_id_context() functions are therefore only useful on
the server side.
OpenSSL clients will check the session id context returned by the
server when reusing a session.
The maximum length of the sid_ctx is limited to SSL_MAX_SSL_SES-
If the session id context is not set on an SSL/TLS server and client
certificates are used, stored sessions will not be reused but a fatal
error will be flagged and the handshake will fail.
If a server returns a different session id context to an OpenSSL client
when reusing a session, an error will be flagged and the handshake will
fail. OpenSSL servers will always return the correct session id con-
text, as an OpenSSL server checks the session id context itself before
reusing a session as described above.
SSL_CTX_set_session_id_context() and SSL_set_session_id_context()
return the following values:
0 The length sid_ctx_len of the session id context sid_ctx exceeded
the maximum allowed length of SSL_MAX_SSL_SESSION_ID_LENGTH. The
error is logged to the error stack.
1 The operation succeeded.
0.9.8e 2005-03-25 SSL_CTX_set_session_id_context(3)