Update man page to note limitations of callbacks for QUIC

author Neil Horman <nhorman@openssl.org>

Fri, 17 Jan 2025 18:36:26 +0000 (13:36 -0500)

committer Neil Horman <nhorman@openssl.org>

Mon, 17 Feb 2025 16:27:33 +0000 (11:27 -0500)
author Neil Horman <nhorman@openssl.org>
Fri, 17 Jan 2025 18:36:26 +0000 (13:36 -0500)
committer Neil Horman <nhorman@openssl.org>
Mon, 17 Feb 2025 16:27:33 +0000 (11:27 -0500)
diff --git a/doc/man3/SSL_CTX_set_new_pending_conn_cb.pod b/doc/man3/SSL_CTX_set_new_pending_conn_cb.pod

index a50b30298438a9ff580d84c4092590b90152f844..2c9cd3db9f0f22a85eb77fd1e12b309ab05bce19 100644 (file)
--- a/doc/man3/SSL_CTX_set_new_pending_conn_cb.pod
+++ b/doc/man3/SSL_CTX_set_new_pending_conn_cb.pod
@@ -34,6 +34,25 @@ on a subsequent call to SSL_accept_connection().  A nonzero return
  value is treated as success, allowing the new connection to be enqueued to the
  accept queue.
  
+=head1 NOTES
+
+Callbacks in QUIC connections have some limitations to them that should be taken
+into consideration when writing an application.
+
+=over 4
+
+QUIC connections may begin processing prior to when an application calls
+SSL_accept_connection() on them.  As such, it may occur that callbacks are
+delivered to appliations' registered TLS callbacks prior to those SSL objects
+being returned in SSL_accept_connection().  Applications should expect this
+possibilty
+
+In Particular no references should be held on SSL objects passed to callbacks
+for QUIC connections until such time as they are returned through a call to
+SSL_accept_connection.
+
+=back
+
  =head1 HISTORY
  
  SSL_CTX_set_new_pending_conn_cb() was added in OpenSSL 3.5
author	Neil Horman <nhorman@openssl.org>
	Fri, 17 Jan 2025 18:36:26 +0000 (13:36 -0500)
committer	Neil Horman <nhorman@openssl.org>
	Mon, 17 Feb 2025 16:27:33 +0000 (11:27 -0500)