5 SSL_CTX_set_msg_callback,
6 SSL_CTX_set_msg_callback_arg,
8 SSL_set_msg_callback_arg
9 - install callback for observing protocol messages
13 #include <openssl/ssl.h>
15 void SSL_CTX_set_msg_callback(SSL_CTX *ctx,
16 void (*cb)(int write_p, int version,
17 int content_type, const void *buf,
18 size_t len, SSL *ssl, void *arg));
19 void SSL_CTX_set_msg_callback_arg(SSL_CTX *ctx, void *arg);
21 void SSL_set_msg_callback(SSL *ssl,
22 void (*cb)(int write_p, int version,
23 int content_type, const void *buf,
24 size_t len, SSL *ssl, void *arg));
25 void SSL_set_msg_callback_arg(SSL *ssl, void *arg);
29 SSL_CTX_set_msg_callback() or SSL_set_msg_callback() can be used to
30 define a message callback function I<cb> for observing all SSL/TLS
31 protocol messages (such as handshake messages) that are received or
32 sent, as well as other events that occur during processing.
33 SSL_CTX_set_msg_callback_arg() and SSL_set_msg_callback_arg()
34 can be used to set argument I<arg> to the callback function, which is
35 available for arbitrary application use.
37 SSL_CTX_set_msg_callback() and SSL_CTX_set_msg_callback_arg() specify
38 default settings that will be copied to new B<SSL> objects by
39 L<SSL_new(3)>. SSL_set_msg_callback() and
40 SSL_set_msg_callback_arg() modify the actual settings of an B<SSL>
41 object. Using a B<NULL> pointer for I<cb> disables the message callback.
43 When I<cb> is called by the SSL/TLS library the function arguments have the
50 This flag is B<0> when a protocol message has been received and B<1>
51 when a protocol message has been sent.
55 The protocol version according to which the protocol message is
56 interpreted by the library such as B<TLS1_3_VERSION>, B<TLS1_2_VERSION> etc.
57 This is set to 0 for the SSL3_RT_HEADER pseudo content type (see NOTES below).
61 This is one of the content type values defined in the protocol specification
62 (B<SSL3_RT_CHANGE_CIPHER_SPEC>, B<SSL3_RT_ALERT>, B<SSL3_RT_HANDSHAKE>; but never
63 B<SSL3_RT_APPLICATION_DATA> because the callback will only be called for protocol
64 messages). Alternatively it may be a "pseudo" content type. These pseudo
65 content types are used to signal some other event in the processing of data (see
70 I<buf> points to a buffer containing the protocol message or other data (in the
71 case of pseudo content types), which consists of I<len> bytes. The buffer is no
72 longer valid after the callback function has returned.
76 The B<SSL> object that received or sent the message.
80 The user-defined argument optionally defined by
81 SSL_CTX_set_msg_callback_arg() or SSL_set_msg_callback_arg().
87 Protocol messages are passed to the callback function after decryption
88 and fragment collection where applicable. (Thus record boundaries are
91 If processing a received protocol message results in an error,
92 the callback function may not be called. For example, the callback
93 function will never see messages that are considered too large to be
96 Due to automatic protocol version negotiation, I<version> is not
97 necessarily the protocol version used by the sender of the message: If
98 a TLS 1.0 ClientHello message is received by an SSL 3.0-only server,
99 I<version> will be B<SSL3_VERSION>.
101 Pseudo content type values may be sent at various points during the processing
102 of data. The following pseudo content types are currently defined:
106 =item B<SSL3_RT_HEADER>
108 Used when a record is sent or received. The B<buf> contains the record header
111 =item B<SSL3_RT_INNER_CONTENT_TYPE>
113 Used when an encrypted TLSv1.3 record is sent or received. In encrypted TLSv1.3
114 records the content type in the record header is always
115 SSL3_RT_APPLICATION_DATA. The real content type for the record is contained in
116 an "inner" content type. B<buf> contains the encoded "inner" content type byte.
122 L<ssl(7)>, L<SSL_new(3)>
126 The pseudo content type B<SSL3_RT_INNER_CONTENT_TYPE> was added in OpenSSL
131 Copyright 2001-2017 The OpenSSL Project Authors. All Rights Reserved.
133 Licensed under the OpenSSL license (the "License"). You may not use
134 this file except in compliance with the License. You can obtain a copy
135 in the file LICENSE in the source distribution or at
136 L<https://www.openssl.org/source/license.html>.