SSL_CTX_set_generate_session_id.pod - OpenGrok cross reference for /openssl/doc/man3/SSL_CTX_set_generate_session

Lines Matching refs:id
13  typedef int (*GEN_SESSION_CB)(SSL *ssl, unsigned char *id,
18  int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
29 SSL_has_matching_session_id() checks, whether a session with id B<id>
36 generates a session id. The session id is an arbitrary sequence of bytes.
37 The length of the session id is between 1 and 32 bytes.  The session id is not
38 security critical but must be unique for the server. Additionally, the session id is
43 session id from pseudo random numbers of the maximum possible length.
44 Using the callback function, the session id can be changed to contain
45 additional information like e.g. a host id in order to improve load balancing
49 B<id> into and a pointer to the maximum allowed length B<id_len>. The
50 buffer at location B<id> is only guaranteed to have the size B<id_len>.
51 The callback is only allowed to generate a shorter id and reduce B<id_len>;
53 B<id> exceeding the given limit.
55 The location B<id> is filled with 0x00 before the callback is called, so the
61 of generating the same session id is extremely small (2^256 for SSLv3/TLSv1).
62 In order to assure the uniqueness of the generated session id, the callback must call
63 SSL_has_matching_session_id() and generate another id if a conflict occurs.
64 If an id conflict is not resolved, the handshake will fail.
65 If the application codes e.g. a unique host id, a unique process number, and
66 a unique sequence number into the session id, uniqueness could easily be
74 not the external one. Since the session id is generated before the
77 can occur in that another thread generates the same session id.
82 The callback must return 0 if it cannot generate a session id for whatever
91 same id is already in the cache, or 0 otherwise.
95 The callback function listed will generate a session id with the
96 server id given, and will fill the rest with pseudo random bytes:
101  static int generate_session_id(SSL *ssl, unsigned char *id,
107          RAND_pseudo_bytes(id, *id_len);
115          memcpy(id, session_id_prefix, strlen(session_id_prefix) < *id_len ?
117      } while (SSL_has_matching_session_id(ssl, id, *id_len)