1=pod
2
3=head1 NAME
4
5SSL_set_incoming_stream_policy, SSL_INCOMING_STREAM_POLICY_AUTO,
6SSL_INCOMING_STREAM_POLICY_ACCEPT,
7SSL_INCOMING_STREAM_POLICY_REJECT - manage the QUIC incoming stream
8policy
9
10=head1 SYNOPSIS
11
12 #include <openssl/ssl.h>
13
14 #define SSL_INCOMING_STREAM_POLICY_AUTO
15 #define SSL_INCOMING_STREAM_POLICY_ACCEPT
16 #define SSL_INCOMING_STREAM_POLICY_REJECT
17
18 int SSL_set_incoming_stream_policy(SSL *conn, int policy,
19                                           uint64_t app_error_code);
20
21=head1 DESCRIPTION
22
23SSL_set_incoming_stream_policy() policy changes the incoming stream policy for a
24QUIC connection. Depending on the policy configured, OpenSSL QUIC may
25automatically reject incoming streams initiated by the peer. This is intended to
26ensure that legacy applications using single-stream operation with a default
27stream on a QUIC connection SSL object are not passed remotely-initiated streams
28by a peer which those applications are not prepared to handle.
29
30I<app_error_code> is an application error code which will be used in any QUIC
31B<STOP_SENDING> or B<RESET_STREAM> frames generated to implement the policy. The
32default application error code is 0.
33
34The valid values for I<policy> are:
35
36=over 4
37
38=item SSL_INCOMING_STREAM_POLICY_AUTO
39
40This is the default setting. Incoming streams are accepted according to the
41following rules:
42
43=over 4
44
45=item *
46
47If the default stream mode (configured using L<SSL_set_default_stream_mode(3)>)
48is set to B<SSL_DEFAULT_STREAM_MODE_AUTO_BIDI> (the default) or
49B<SSL_DEFAULT_STREAM_MODE_AUTO_UNI>, the incoming stream is rejected.
50
51=item *
52
53Otherwise (where the default stream mode is B<SSL_DEFAULT_STREAM_MODE_NONE>),
54the application is assumed to be stream aware, and the incoming stream is
55accepted.
56
57=back
58
59=item SSL_INCOMING_STREAM_POLICY_ACCEPT
60
61Always accept incoming streams, allowing them to be dequeued using
62L<SSL_accept_stream(3)>.
63
64=item SSL_INCOMING_STREAM_POLICY_REJECT
65
66Always reject incoming streams.
67
68=back
69
70Where an incoming stream is rejected, it is rejected immediately and it is not
71possible to gain access to the stream using L<SSL_accept_stream(3)>. The stream
72is rejected using QUIC B<STOP_SENDING> and B<RESET_STREAM> frames as
73appropriate.
74
75=head1 RETURN VALUES
76
77Returns 1 on success and 0 on failure.
78
79This function fails if called on a QUIC stream SSL object, or on a non-QUIC SSL
80object.
81
82=head1 SEE ALSO
83
84L<SSL_set_default_stream_mode(3)>, L<SSL_accept_stream(3)>
85
86=head1 HISTORY
87
88SSL_set_incoming_stream_policy() was added in OpenSSL 3.2.
89
90=head1 COPYRIGHT
91
92Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved.
93
94Licensed under the Apache License 2.0 (the "License").  You may not use
95this file except in compliance with the License.  You can obtain a copy
96in the file LICENSE in the source distribution or at
97L<https://www.openssl.org/source/license.html>.
98
99=cut
100