[thirdparty/openssl.git] / doc / man3 / SSL_set_incoming_stream_policy.pod

=pod

=head1 NAME

SSL_set_incoming_stream_policy, SSL_INCOMING_STREAM_POLICY_AUTO,
SSL_INCOMING_STREAM_POLICY_ACCEPT,
SSL_INCOMING_STREAM_POLICY_REJECT - manage the QUIC incoming stream
rejection policy

=head1 SYNOPSIS

 #include <openssl/ssl.h>

 #define SSL_INCOMING_STREAM_POLICY_AUTO
 #define SSL_INCOMING_STREAM_POLICY_ACCEPT
 #define SSL_INCOMING_STREAM_POLICY_REJECT

 int SSL_set_incoming_stream_policy(SSL *conn, int policy,
                                           uint64_t app_error_code);

=head1 DESCRIPTION

SSL_set_incoming_stream_policy() policy changes the incoming stream
rejection policy for a QUIC connection. Depending on the policy configured,
OpenSSL QUIC may automatically reject incoming streams initiated by the peer.
This is intended to ensure that legacy applications using single-stream
operation with a default stream on a QUIC connection SSL object are not passed
remotely-initiated streams by a peer which those applications are not prepared
to handle.

I<app_error_code> is an application error code which will be used in any QUIC
B<STOP_SENDING> or B<RESET_STREAM> frames generated to implement the rejection
policy. The default application error code is 0.

The valid values for I<policy> are:

=over 4

=item SSL_INCOMING_STREAM_POLICY_AUTO

This is the default setting. Incoming streams are accepted according to the
following rules:

=over 4

=item *

If the default stream mode (configured using L<SSL_set_default_stream_mode(3)>)
is set to B<SSL_DEFAULT_STREAM_MODE_AUTO_BIDI> (the default) or
B<SSL_DEFAULT_STREAM_MODE_AUTO_UNI>, the incoming stream is rejected.

=item *

Otherwise (where the default stream mode is B<SSL_DEFAULT_STREAM_MODE_NONE>),
the application is assumed to be stream aware, and the incoming stream is
accepted.

=back

=item SSL_INCOMING_STREAM_POLICY_ACCEPT

Always accept incoming streams, allowing them to be dequeued using
L<SSL_accept_stream(3)>.

=item SSL_INCOMING_STREAM_POLICY_REJECT

Always reject incoming streams.

=back

Where an incoming stream is rejected, it is rejected immediately and it is not
possible to gain access to the stream using L<SSL_accept_stream(3)>. The stream
is rejected using QUIC B<STOP_SENDING> and B<RESET_STREAM> frames as
appropriate.

=head1 RETURN VALUES

Returns 1 on success and 0 on failure.

This function fails if called on a QUIC stream SSL object, or on a non-QUIC SSL
object.

=head1 SEE ALSO

L<SSL_set_default_stream_mode(3)>, L<SSL_accept_stream(3)>

=head1 HISTORY

SSL_set_incoming_stream_policy() was added in OpenSSL 3.2.

=head1 COPYRIGHT

Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the Apache License 2.0 (the "License").  You may not use
this file except in compliance with the License.  You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.

=cut
Commit	Line	Data
1e4a9d88 HL	1	=pod
	2
	3	=head1 NAME
	4
83df44ae HL	5	SSL_set_incoming_stream_policy, SSL_INCOMING_STREAM_POLICY_AUTO,
	6	SSL_INCOMING_STREAM_POLICY_ACCEPT,
	7	SSL_INCOMING_STREAM_POLICY_REJECT - manage the QUIC incoming stream
1e4a9d88 HL	8	rejection policy
	9
	10	=head1 SYNOPSIS
	11
	12	#include <openssl/ssl.h>
	13
83df44ae HL	14	#define SSL_INCOMING_STREAM_POLICY_AUTO
	15	#define SSL_INCOMING_STREAM_POLICY_ACCEPT
	16	#define SSL_INCOMING_STREAM_POLICY_REJECT
1e4a9d88	17
83df44ae	18	int SSL_set_incoming_stream_policy(SSL *conn, int policy,
1e4a9d88 HL	19	uint64_t app_error_code);
	20
	21	=head1 DESCRIPTION
	22
83df44ae	23	SSL_set_incoming_stream_policy() policy changes the incoming stream
1e4a9d88 HL	24	rejection policy for a QUIC connection. Depending on the policy configured,
	25	OpenSSL QUIC may automatically reject incoming streams initiated by the peer.
	26	This is intended to ensure that legacy applications using single-stream
	27	operation with a default stream on a QUIC connection SSL object are not passed
	28	remotely-initiated streams by a peer which those applications are not prepared
	29	to handle.
	30
5fc256cd	31	I<app_error_code> is an application error code which will be used in any QUIC
1e4a9d88 HL	32	B<STOP_SENDING> or B<RESET_STREAM> frames generated to implement the rejection
	33	policy. The default application error code is 0.
	34
5fc256cd	35	The valid values for I<policy> are:
1e4a9d88 HL	36
	37	=over 4
	38
83df44ae	39	=item SSL_INCOMING_STREAM_POLICY_AUTO
1e4a9d88 HL	40
	41	This is the default setting. Incoming streams are accepted according to the
	42	following rules:
	43
	44	=over 4
	45
	46	=item *
	47
de521629 HL	48	If the default stream mode (configured using L<SSL_set_default_stream_mode(3)>)
de521629 HL	49	is set to B<SSL_DEFAULT_STREAM_MODE_AUTO_BIDI> (the default) or
1e4a9d88 HL	50	B<SSL_DEFAULT_STREAM_MODE_AUTO_UNI>, the incoming stream is rejected.
	51
	52	=item *
	53
	54	Otherwise (where the default stream mode is B<SSL_DEFAULT_STREAM_MODE_NONE>),
	55	the application is assumed to be stream aware, and the incoming stream is
	56	accepted.
	57
	58	=back
	59
83df44ae	60	=item SSL_INCOMING_STREAM_POLICY_ACCEPT
1e4a9d88 HL	61
	62	Always accept incoming streams, allowing them to be dequeued using
	63	L<SSL_accept_stream(3)>.
	64
83df44ae	65	=item SSL_INCOMING_STREAM_POLICY_REJECT
1e4a9d88 HL	66
	67	Always reject incoming streams.
	68
	69	=back
	70
	71	Where an incoming stream is rejected, it is rejected immediately and it is not
	72	possible to gain access to the stream using L<SSL_accept_stream(3)>. The stream
	73	is rejected using QUIC B<STOP_SENDING> and B<RESET_STREAM> frames as
	74	appropriate.
	75
	76	=head1 RETURN VALUES
	77
	78	Returns 1 on success and 0 on failure.
	79
	80	This function fails if called on a QUIC stream SSL object, or on a non-QUIC SSL
	81	object.
	82
	83	=head1 SEE ALSO
	84
1e4a9d88 HL	85	L<SSL_set_default_stream_mode(3)>, L<SSL_accept_stream(3)>
	86
	87	=head1 HISTORY
	88
83df44ae	89	SSL_set_incoming_stream_policy() was added in OpenSSL 3.2.
1e4a9d88 HL	90
	91	=head1 COPYRIGHT
	92
	93	Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved.
	94
	95	Licensed under the Apache License 2.0 (the "License"). You may not use
	96	this file except in compliance with the License. You can obtain a copy
	97	in the file LICENSE in the source distribution or at
	98	L<https://www.openssl.org/source/license.html>.
	99
	100	=cut