xref: /openssl/doc/man3/SSL_get_session.pod (revision 9e51f877)
1=pod
2
3=head1 NAME
4
5SSL_get_session, SSL_get0_session, SSL_get1_session - retrieve TLS/SSL session data
6
7=head1 SYNOPSIS
8
9 #include <openssl/ssl.h>
10
11 SSL_SESSION *SSL_get_session(const SSL *ssl);
12 SSL_SESSION *SSL_get0_session(const SSL *ssl);
13 SSL_SESSION *SSL_get1_session(SSL *ssl);
14
15=head1 DESCRIPTION
16
17SSL_get_session() returns a pointer to the B<SSL_SESSION> actually used in
18B<ssl>. The reference count of the B<SSL_SESSION> is not incremented, so
19that the pointer can become invalid by other operations.
20
21SSL_get0_session() is the same as SSL_get_session().
22
23SSL_get1_session() is the same as SSL_get_session(), but the reference
24count of the B<SSL_SESSION> is incremented by one.
25
26=head1 NOTES
27
28The ssl session contains all information required to re-establish the
29connection without a full handshake for SSL versions up to and including
30TLSv1.2. In TLSv1.3 the same is true, but sessions are established after the
31main handshake has occurred. The server will send the session information to the
32client at a time of its choosing, which may be some while after the initial
33connection is established (or never). Calling these functions on the client side
34in TLSv1.3 before the session has been established will still return an
35SSL_SESSION object but that object cannot be used for resuming the session. See
36L<SSL_SESSION_is_resumable(3)> for information on how to determine whether an
37SSL_SESSION object can be used for resumption or not.
38
39Additionally, in TLSv1.3, a server can send multiple messages that establish a
40session for a single connection. In that case, on the client side, the above
41functions will only return information on the last session that was received. On
42the server side they will only return information on the last session that was
43sent, or if no session tickets were sent then the session for the current
44connection.
45
46The preferred way for applications to obtain a resumable SSL_SESSION object is
47to use a new session callback as described in L<SSL_CTX_sess_set_new_cb(3)>.
48The new session callback is only invoked when a session is actually established,
49so this avoids the problem described above where an application obtains an
50SSL_SESSION object that cannot be used for resumption in TLSv1.3. It also
51enables applications to obtain information about all sessions sent by the
52server.
53
54A session will be automatically removed from the session cache and marked as
55non-resumable if the connection is not closed down cleanly, e.g. if a fatal
56error occurs on the connection or L<SSL_shutdown(3)> is not called prior to
57L<SSL_free(3)>.
58
59In TLSv1.3 it is recommended that each SSL_SESSION object is only used for
60resumption once.
61
62SSL_get0_session() returns a pointer to the actual session. As the
63reference counter is not incremented, the pointer is only valid while
64the connection is in use. If L<SSL_clear(3)> or
65L<SSL_free(3)> is called, the session may be removed completely
66(if considered bad), and the pointer obtained will become invalid. Even
67if the session is valid, it can be removed at any time due to timeout
68during L<SSL_CTX_flush_sessions(3)>.
69
70If the data is to be kept, SSL_get1_session() will increment the reference
71count, so that the session will not be implicitly removed by other operations
72but stays in memory. In order to remove the session
73L<SSL_SESSION_free(3)> must be explicitly called once
74to decrement the reference count again.
75
76SSL_SESSION objects keep internal link information about the session cache
77list, when being inserted into one SSL_CTX object's session cache.
78One SSL_SESSION object, regardless of its reference count, must therefore
79only be used with one SSL_CTX object (and the SSL objects created
80from this SSL_CTX object).
81
82=head1 RETURN VALUES
83
84The following return values can occur:
85
86=over 4
87
88=item NULL
89
90There is no session available in B<ssl>.
91
92=item Pointer to an SSL_SESSION
93
94The return value points to the data of an SSL session.
95
96=back
97
98=head1 SEE ALSO
99
100L<ssl(7)>, L<SSL_free(3)>,
101L<SSL_clear(3)>,
102L<SSL_SESSION_free(3)>
103
104=head1 COPYRIGHT
105
106Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
107
108Licensed under the Apache License 2.0 (the "License").  You may not use
109this file except in compliance with the License.  You can obtain a copy
110in the file LICENSE in the source distribution or at
111L<https://www.openssl.org/source/license.html>.
112
113=cut
114