From ddfd561f3c702cc12bbc9259807c344ae51e2efa Mon Sep 17 00:00:00 2001 From: Neil Horman Date: Fri, 17 Jan 2025 13:36:26 -0500 Subject: [PATCH] Update man page to note limitations of callbacks for QUIC MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz Reviewed-by: Saša Nedvědický (Merged from https://github.com/openssl/openssl/pull/26361) --- doc/man3/SSL_CTX_set_new_pending_conn_cb.pod | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/doc/man3/SSL_CTX_set_new_pending_conn_cb.pod b/doc/man3/SSL_CTX_set_new_pending_conn_cb.pod index a50b3029843..2c9cd3db9f0 100644 --- a/doc/man3/SSL_CTX_set_new_pending_conn_cb.pod +++ b/doc/man3/SSL_CTX_set_new_pending_conn_cb.pod @@ -34,6 +34,25 @@ on a subsequent call to SSL_accept_connection(). A nonzero return value is treated as success, allowing the new connection to be enqueued to the accept queue. +=head1 NOTES + +Callbacks in QUIC connections have some limitations to them that should be taken +into consideration when writing an application. + +=over 4 + +QUIC connections may begin processing prior to when an application calls +SSL_accept_connection() on them. As such, it may occur that callbacks are +delivered to appliations' registered TLS callbacks prior to those SSL objects +being returned in SSL_accept_connection(). Applications should expect this +possibilty + +In Particular no references should be held on SSL objects passed to callbacks +for QUIC connections until such time as they are returned through a call to +SSL_accept_connection. + +=back + =head1 HISTORY SSL_CTX_set_new_pending_conn_cb() was added in OpenSSL 3.5 -- 2.47.2