1SSL_GET_SESSION(3) OpenSSL SSL_GET_SESSION(3)
2
3
4
6 SSL_get_session, SSL_get0_session, SSL_get1_session - retrieve TLS/SSL
7 session data
8
10 #include <openssl/ssl.h>
11
12 SSL_SESSION *SSL_get_session(const SSL *ssl);
13 SSL_SESSION *SSL_get0_session(const SSL *ssl);
14 SSL_SESSION *SSL_get1_session(SSL *ssl);
15
17 SSL_get_session() returns a pointer to the SSL_SESSION actually used in
18 ssl. The reference count of the SSL_SESSION is not incremented, so that
19 the pointer can become invalid by other operations.
20
21 SSL_get0_session() is the same as SSL_get_session().
22
23 SSL_get1_session() is the same as SSL_get_session(), but the reference
24 count of the SSL_SESSION is incremented by one.
25
27 The ssl session contains all information required to re-establish the
28 connection without a full handshake for SSL versions up to and
29 including TLSv1.2. In TLSv1.3 the same is true, but sessions are
30 established after the main handshake has occurred. The server will send
31 the session information to the client at a time of its choosing, which
32 may be some while after the initial connection is established (or
33 never). Calling these functions on the client side in TLSv1.3 before
34 the session has been established will still return an SSL_SESSION
35 object but that object cannot be used for resuming the session. See
36 SSL_SESSION_is_resumable(3) for information on how to determine whether
37 an SSL_SESSION object can be used for resumption or not.
38
39 Additionally, in TLSv1.3, a server can send multiple messages that
40 establish a session for a single connection. In that case the above
41 functions will only return information on the last session that was
42 received.
43
44 The preferred way for applications to obtain a resumable SSL_SESSION
45 object is to use a new session callback as described in
46 SSL_CTX_sess_set_new_cb(3). The new session callback is only invoked
47 when a session is actually established, so this avoids the problem
48 described above where an application obtains an SSL_SESSION object that
49 cannot be used for resumption in TLSv1.3. It also enables applications
50 to obtain information about all sessions sent by the server.
51
52 A session will be automatically removed from the session cache and
53 marked as non-resumable if the connection is not closed down cleanly,
54 e.g. if a fatal error occurs on the connection or SSL_shutdown(3) is
55 not called prior to SSL_free(3).
56
57 In TLSv1.3 it is recommended that each SSL_SESSION object is only used
58 for resumption once.
59
60 SSL_get0_session() returns a pointer to the actual session. As the
61 reference counter is not incremented, the pointer is only valid while
62 the connection is in use. If SSL_clear(3) or SSL_free(3) is called, the
63 session may be removed completely (if considered bad), and the pointer
64 obtained will become invalid. Even if the session is valid, it can be
65 removed at any time due to timeout during SSL_CTX_flush_sessions(3).
66
67 If the data is to be kept, SSL_get1_session() will increment the
68 reference count, so that the session will not be implicitly removed by
69 other operations but stays in memory. In order to remove the session
70 SSL_SESSION_free(3) must be explicitly called once to decrement the
71 reference count again.
72
73 SSL_SESSION objects keep internal link information about the session
74 cache list, when being inserted into one SSL_CTX object's session
75 cache. One SSL_SESSION object, regardless of its reference count, must
76 therefore only be used with one SSL_CTX object (and the SSL objects
77 created from this SSL_CTX object).
78
80 The following return values can occur:
81
82 NULL
83 There is no session available in ssl.
84
85 Pointer to an SSL_SESSION
86 The return value points to the data of an SSL session.
87
89 ssl(7), SSL_free(3), SSL_clear(3), SSL_SESSION_free(3)
90
92 Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
93
94 Licensed under the OpenSSL license (the "License"). You may not use
95 this file except in compliance with the License. You can obtain a copy
96 in the file LICENSE in the source distribution or at
97 <https://www.openssl.org/source/license.html>.
98
99
100
1011.1.1i 2021-07-22 SSL_GET_SESSION(3)