]>
Commit | Line | Data |
---|---|---|
1e4a9d88 HL |
1 | =pod |
2 | ||
3 | =head1 NAME | |
4 | ||
83df44ae HL |
5 | SSL_set_incoming_stream_policy, SSL_INCOMING_STREAM_POLICY_AUTO, |
6 | SSL_INCOMING_STREAM_POLICY_ACCEPT, | |
7 | SSL_INCOMING_STREAM_POLICY_REJECT - manage the QUIC incoming stream | |
1e4a9d88 HL |
8 | rejection policy |
9 | ||
10 | =head1 SYNOPSIS | |
11 | ||
12 | #include <openssl/ssl.h> | |
13 | ||
83df44ae HL |
14 | #define SSL_INCOMING_STREAM_POLICY_AUTO |
15 | #define SSL_INCOMING_STREAM_POLICY_ACCEPT | |
16 | #define SSL_INCOMING_STREAM_POLICY_REJECT | |
1e4a9d88 | 17 | |
83df44ae | 18 | int SSL_set_incoming_stream_policy(SSL *conn, int policy, |
1e4a9d88 HL |
19 | uint64_t app_error_code); |
20 | ||
21 | =head1 DESCRIPTION | |
22 | ||
83df44ae | 23 | SSL_set_incoming_stream_policy() policy changes the incoming stream |
1e4a9d88 HL |
24 | rejection policy for a QUIC connection. Depending on the policy configured, |
25 | OpenSSL QUIC may automatically reject incoming streams initiated by the peer. | |
26 | This is intended to ensure that legacy applications using single-stream | |
27 | operation with a default stream on a QUIC connection SSL object are not passed | |
28 | remotely-initiated streams by a peer which those applications are not prepared | |
29 | to handle. | |
30 | ||
5fc256cd | 31 | I<app_error_code> is an application error code which will be used in any QUIC |
1e4a9d88 HL |
32 | B<STOP_SENDING> or B<RESET_STREAM> frames generated to implement the rejection |
33 | policy. The default application error code is 0. | |
34 | ||
5fc256cd | 35 | The valid values for I<policy> are: |
1e4a9d88 HL |
36 | |
37 | =over 4 | |
38 | ||
83df44ae | 39 | =item SSL_INCOMING_STREAM_POLICY_AUTO |
1e4a9d88 HL |
40 | |
41 | This is the default setting. Incoming streams are accepted according to the | |
42 | following rules: | |
43 | ||
44 | =over 4 | |
45 | ||
46 | =item * | |
47 | ||
de521629 HL |
48 | If the default stream mode (configured using L<SSL_set_default_stream_mode(3)>) |
49 | is set to B<SSL_DEFAULT_STREAM_MODE_AUTO_BIDI> (the default) or | |
1e4a9d88 HL |
50 | B<SSL_DEFAULT_STREAM_MODE_AUTO_UNI>, the incoming stream is rejected. |
51 | ||
52 | =item * | |
53 | ||
54 | Otherwise (where the default stream mode is B<SSL_DEFAULT_STREAM_MODE_NONE>), | |
55 | the application is assumed to be stream aware, and the incoming stream is | |
56 | accepted. | |
57 | ||
58 | =back | |
59 | ||
83df44ae | 60 | =item SSL_INCOMING_STREAM_POLICY_ACCEPT |
1e4a9d88 HL |
61 | |
62 | Always accept incoming streams, allowing them to be dequeued using | |
63 | L<SSL_accept_stream(3)>. | |
64 | ||
83df44ae | 65 | =item SSL_INCOMING_STREAM_POLICY_REJECT |
1e4a9d88 HL |
66 | |
67 | Always reject incoming streams. | |
68 | ||
69 | =back | |
70 | ||
71 | Where an incoming stream is rejected, it is rejected immediately and it is not | |
72 | possible to gain access to the stream using L<SSL_accept_stream(3)>. The stream | |
73 | is rejected using QUIC B<STOP_SENDING> and B<RESET_STREAM> frames as | |
74 | appropriate. | |
75 | ||
76 | =head1 RETURN VALUES | |
77 | ||
78 | Returns 1 on success and 0 on failure. | |
79 | ||
80 | This function fails if called on a QUIC stream SSL object, or on a non-QUIC SSL | |
81 | object. | |
82 | ||
83 | =head1 SEE ALSO | |
84 | ||
1e4a9d88 HL |
85 | L<SSL_set_default_stream_mode(3)>, L<SSL_accept_stream(3)> |
86 | ||
87 | =head1 HISTORY | |
88 | ||
83df44ae | 89 | SSL_set_incoming_stream_policy() was added in OpenSSL 3.2. |
1e4a9d88 HL |
90 | |
91 | =head1 COPYRIGHT | |
92 | ||
93 | Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved. | |
94 | ||
95 | Licensed under the Apache License 2.0 (the "License"). You may not use | |
96 | this file except in compliance with the License. You can obtain a copy | |
97 | in the file LICENSE in the source distribution or at | |
98 | L<https://www.openssl.org/source/license.html>. | |
99 | ||
100 | =cut |