jcs.org
jcs's openbsd hax
openbsd
1.\" $OpenBSD: SSL_get_session.3,v 1.9 2025/06/08 22:52:00 schwarze Exp $
2.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
3.\"
4.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
5.\" Copyright (c) 2000, 2001, 2005, 2013, 2016 The OpenSSL Project.
6.\" All rights reserved.
7.\"
8.\" Redistribution and use in source and binary forms, with or without
9.\" modification, are permitted provided that the following conditions
10.\" are met:
11.\"
12.\" 1. Redistributions of source code must retain the above copyright
13.\" notice, this list of conditions and the following disclaimer.
14.\"
15.\" 2. Redistributions in binary form must reproduce the above copyright
16.\" notice, this list of conditions and the following disclaimer in
17.\" the documentation and/or other materials provided with the
18.\" distribution.
19.\"
20.\" 3. All advertising materials mentioning features or use of this
21.\" software must display the following acknowledgment:
22.\" "This product includes software developed by the OpenSSL Project
23.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
24.\"
25.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26.\" endorse or promote products derived from this software without
27.\" prior written permission. For written permission, please contact
28.\" openssl-core@openssl.org.
29.\"
30.\" 5. Products derived from this software may not be called "OpenSSL"
31.\" nor may "OpenSSL" appear in their names without prior written
32.\" permission of the OpenSSL Project.
33.\"
34.\" 6. Redistributions of any form whatsoever must retain the following
35.\" acknowledgment:
36.\" "This product includes software developed by the OpenSSL Project
37.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)"
38.\"
39.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50.\" OF THE POSSIBILITY OF SUCH DAMAGE.
51.\"
52.Dd $Mdocdate: June 8 2025 $
53.Dt SSL_GET_SESSION 3
54.Os
55.Sh NAME
56.Nm SSL_get_session ,
57.Nm SSL_get0_session ,
58.Nm SSL_get1_session
59.Nd retrieve TLS/SSL session data
60.Sh SYNOPSIS
61.Lb libssl libcrypto
62.In openssl/ssl.h
63.Ft SSL_SESSION *
64.Fn SSL_get_session "const SSL *ssl"
65.Ft SSL_SESSION *
66.Fn SSL_get0_session "const SSL *ssl"
67.Ft SSL_SESSION *
68.Fn SSL_get1_session "SSL *ssl"
69.Sh DESCRIPTION
70.Fn SSL_get_session
71returns a pointer to the
72.Vt SSL_SESSION
73actually used in
74.Fa ssl .
75The reference count of the
76.Vt SSL_SESSION
77is not incremented, so that the pointer can become invalid by other operations.
78.Pp
79.Fn SSL_get0_session
80is the same as
81.Fn SSL_get_session .
82.Pp
83.Fn SSL_get1_session
84is the same as
85.Fn SSL_get_session ,
86but the reference count of the
87.Vt SSL_SESSION
88is incremented by one.
89.Pp
90The
91.Fa ssl
92session contains all information required to re-establish the connection
93without a new handshake.
94.Pp
95.Fn SSL_get0_session
96returns a pointer to the actual session.
97As the reference counter is not incremented,
98the pointer is only valid while the connection is in use.
99If
100.Xr SSL_clear 3
101or
102.Xr SSL_free 3
103is called, the session may be removed completely (if considered bad),
104and the pointer obtained will become invalid.
105Even if the session is valid,
106it can be removed at any time due to timeout during
107.Xr SSL_CTX_flush_sessions 3 .
108.Pp
109If the data is to be kept,
110.Fn SSL_get1_session
111will increment the reference count, so that the session will not be implicitly
112removed by other operations but stays in memory.
113In order to remove the session,
114.Xr SSL_SESSION_free 3
115must be explicitly called once to decrement the reference count again.
116.Pp
117.Vt SSL_SESSION
118objects keep internal link information about the session cache list when being
119inserted into one
120.Vt SSL_CTX
121object's session cache.
122One
123.Vt SSL_SESSION
124object, regardless of its reference count, must therefore only be used with one
125.Vt SSL_CTX
126object (and the
127.Vt SSL
128objects created from this
129.Vt SSL_CTX
130object).
131.Sh RETURN VALUES
132The following return values can occur:
133.Bl -tag -width Ds
134.It Dv NULL
135There is no session available in
136.Fa ssl .
137.It Pointer to an Vt SSL_SESSION
138The return value points to the data of an
139.Vt SSL
140session.
141.El
142.Sh SEE ALSO
143.Xr ssl 3 ,
144.Xr SSL_clear 3 ,
145.Xr SSL_free 3 ,
146.Xr SSL_SESSION_free 3 ,
147.Xr SSL_SESSION_get0_peer 3 ,
148.Xr SSL_SESSION_get_compress_id 3 ,
149.Xr SSL_SESSION_get_id 3 ,
150.Xr SSL_SESSION_get_protocol_version 3 ,
151.Xr SSL_SESSION_get_time 3 ,
152.Xr SSL_SESSION_new 3 ,
153.Xr SSL_SESSION_print 3 ,
154.Xr SSL_set_session 3
155.Sh HISTORY
156.Fn SSL_get_session
157first appeared in SSLeay 0.5.2 and has been available since
158.Ox 2.4 .
159.Pp
160.Fn SSL_get0_session
161and
162.Fn SSL_get1_session
163first appeared in OpenSSL 0.9.5 and have been available since
164.Ox 2.7 .