GENERATE[html/man3/SSL_CTX_get0_param.html]=man3/SSL_CTX_get0_param.pod
DEPEND[man/man3/SSL_CTX_get0_param.3]=man3/SSL_CTX_get0_param.pod
GENERATE[man/man3/SSL_CTX_get0_param.3]=man3/SSL_CTX_get0_param.pod
-DEPEND[html/man3/SSL_CTX_get0_token_store.html]=man3/SSL_CTX_get0_token_store.pod
-GENERATE[html/man3/SSL_CTX_get0_token_store.html]=man3/SSL_CTX_get0_token_store.pod
-DEPEND[man/man3/SSL_CTX_get0_token_store.3]=man3/SSL_CTX_get0_token_store.pod
-GENERATE[man/man3/SSL_CTX_get0_token_store.3]=man3/SSL_CTX_get0_token_store.pod
DEPEND[html/man3/SSL_CTX_get_verify_mode.html]=man3/SSL_CTX_get_verify_mode.pod
GENERATE[html/man3/SSL_CTX_get_verify_mode.html]=man3/SSL_CTX_get_verify_mode.pod
DEPEND[man/man3/SSL_CTX_get_verify_mode.3]=man3/SSL_CTX_get_verify_mode.pod
html/man3/SSL_CTX_flush_sessions.html \
html/man3/SSL_CTX_free.html \
html/man3/SSL_CTX_get0_param.html \
-html/man3/SSL_CTX_get0_token_store.html \
html/man3/SSL_CTX_get_verify_mode.html \
html/man3/SSL_CTX_has_client_custom_ext.html \
html/man3/SSL_CTX_load_verify_locations.html \
man/man3/SSL_CTX_flush_sessions.3 \
man/man3/SSL_CTX_free.3 \
man/man3/SSL_CTX_get0_param.3 \
-man/man3/SSL_CTX_get0_token_store.3 \
man/man3/SSL_CTX_get_verify_mode.3 \
man/man3/SSL_CTX_has_client_custom_ext.3 \
man/man3/SSL_CTX_load_verify_locations.3 \
+++ /dev/null
-=pod
-
-=head1 NAME
-
-SSL_CTX_get0_token_store, SSL_CTX_set1_token_store
-- QUIC NEW_TOKEN store manipulation
-
-=head1 SYNOPSIS
-
- SSL_TOKEN_STORE *SSL_CTX_get0_token_store(SSL_CTX *ctx);
- int SSL_CTX_set1_token_store(SSL_CTX *ctx, SSL_TOKEN_STORE *hdl);
-
-=head1 DESCRIPTION
-The QUIC protocol supports the exchange of opaque tokens which a client can use
-to reduce the time for a server to validate a client address. These tokens are
-stored on receipt from a server, and automatically reused in the establishment
-of a new future connection to the same server. A token store is automatically
-created on the creation of an B<SSL_CTX> and freed on its release. The
-functions above can be used to fetch and set the token store between independent
-B<SSL_CTX> objects to share those tokens between B<SSL> connections allocated from
-disparate B<SSL_CTX> objects.
-
-SSL_CTX_get0_token_store() returns an opaque handle to the token store for use
-in a subsequent call to SSL_CTX_set1_token_store() on another B<SSL_CTX> object.
-
-SSL_CTX_set1_token_store() assigns a token store fetched fom SSL_CTX_get0_token_store
-to a second B<SSL_CTX> object.
-
-=head1 NOTES
-
-Token stores are internally reference counted. Note that a call to SSL_CTX_get0_token_store
-does not increment the internal reference count. As such, no freeing of the object
-is needed.
-
-When SSL_CTX_set1_token_store() is called, the passed store has its reference count
-incremented. It will be decremented when that B<SSL_CTX> is freed via a call to
-SSL_CTX_free().
-
-These functions are only applicable to QUIC B<SSL_CTX> objects. Using them on
-non-QUIC objects will result in error returns.
-
-=head1 RETURN VALUES
-
-SSL_CTX_get0_token_store() returns an opaque handle to a token store, or NULL in
-the event that an error occured, or if the B<SSL_CTX> object has no store.
-
-SSL_CTX_set1_token_store returns 1 on success or 0 on error.
-
-=head1 EXAMPLES
-
-The following code snippet shows how to share a token store between separate
-B<SSL_CTX> objects
-
- SSL_CTX *ctx1, *ctx2;
- SSL_TOKEN_CACHE *tc;
-
- /*
- * token stores are generally only used for quic client contexts
- */
- ctx1 = SSL_CTX_new(libctx, NULL, OSSL_QUIC_client_method());
- ctx2 = SSL_CTX_new(libctx, NULL, OSSL_QUIC_client_method());
-
- if (ctx1 == NULL || ctx2 == NULL)
- goto err;
- /*
- * Fetch the token store for ctx1
- * Note: no reference is taken on the store
- */
- tc = SSL_CTX_get0_token_store(ctx1);
- if (tc == NULL)
- goto err;
-
- /*
- * Assign the token store from ctx1 to ctx2
- * ctx2 take a reference on the passed store
- * and begins using it
- * At this point any NEW_TOKEN frames received
- * by SSL objects allocated from either CTX are
- * visible and usable by SSL objects allocated
- * from the other CTX
- */
- if (!SSL_CTX_set1_token_store(ctx2, tc))
- goto err;
-
-
-=head1 SEE ALSO
-
-L<ssl(7)>
-
-=head1 HISTORY
-
-The NEW_TOKEN store manipulation functions were added in OpenSSL 3.5.0.
-
-=head1 COPYRIGHT
-
-Copyright 2025 The OpenSSL Project Authors. All Rights Reserved.
-
-Licensed under the Apache License 2.0 (the "License"). You may not use
-this file except in compliance with the License. You can obtain a copy
-in the file LICENSE in the source distribution or at
-L<https://www.openssl.org/source/license.html>.
-
-=cut
size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx);
/* QUIC support */
+typedef struct ssl_token_store_st SSL_TOKEN_STORE;
int SSL_handle_events(SSL *s);
__owur int SSL_get_event_timeout(SSL *s, struct timeval *tv, int *is_infinite);
__owur int SSL_get_rpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc);
__owur SSL *SSL_get0_connection(SSL *s);
__owur int SSL_is_connection(SSL *s);
-typedef struct ssl_token_store_st SSL_TOKEN_STORE;
-__owur SSL_TOKEN_STORE *SSL_CTX_get0_token_store(SSL_CTX *ctx);
-__owur int SSL_CTX_set1_token_store(SSL_CTX *ctx, SSL_TOKEN_STORE *hdl);
-
__owur int SSL_is_listener(SSL *ssl);
__owur SSL *SSL_get0_listener(SSL *s);
#define SSL_LISTENER_FLAG_NO_ACCEPT (1UL << 0)
return;
}
-SSL_TOKEN_STORE *ossl_quic_get0_token_store(SSL_CTX *ctx)
-{
- return ctx->tokencache;
-}
-
-int ossl_quic_set1_token_store(SSL_CTX *ctx, SSL_TOKEN_STORE *hdl)
-{
- SSL_TOKEN_STORE *new = hdl;
- SSL_TOKEN_STORE *old = ctx->tokencache;
- int ref;
-
- if (!CRYPTO_UP_REF(&new->references, &ref))
- return 0;
-
- ctx->tokencache = new;
-
- ossl_quic_free_token_store(old);
- return 1;
-}
-
/**
* @brief build a new QUIC_TOKEN
*
#endif
}
-SSL_TOKEN_STORE *SSL_CTX_get0_token_store(SSL_CTX *ctx)
-{
-#ifndef OPENSSL_NO_QUIC
- return ossl_quic_get0_token_store(ctx);
-#else
- return NULL;
-#endif
-}
-
-int SSL_CTX_set1_token_store(SSL_CTX *ctx, SSL_TOKEN_STORE *hdl)
-{
-#ifndef OPENSSL_NO_QUIC
- return ossl_quic_set1_token_store(ctx, hdl);
-#else
- return 0;
-#endif
-}
-
SSL *SSL_accept_connection(SSL *ssl, uint64_t flags)
{
#ifndef OPENSSL_NO_QUIC
SSL_CTX_get_domain_flags ? 3_5_0 EXIST::FUNCTION:
SSL_get_domain_flags ? 3_5_0 EXIST::FUNCTION:
SSL_CTX_set_new_pending_conn_cb ? 3_5_0 EXIST::FUNCTION:
-SSL_CTX_get0_token_store ? 3_5_0 EXIST::FUNCTION:
-SSL_CTX_set1_token_store ? 3_5_0 EXIST::FUNCTION:
projects / thirdparty / openssl.git / commitdiff
