doc: clarify SSL_SESSION ownership in PSK use session callback
Document that when the psk_use_session callback is invoked multiple times
and wishes to return the same SSL_SESSION pointer, it must call
SSL_SESSION_up_ref() first since ownership is transferred on each call.
This prevents use-after-free errors from incorrect callback implementations.
Fixes #28267
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Fri Feb 13 14:36:50 2026
(Merged from https://github.com/openssl/openssl/pull/29771)
projects / thirdparty / openssl.git / commit
