xref: /freebsd/secure/lib/libcrypto/man/man3/SSL_CTX_set_msg_callback.3 (revision d4033e6d37747f5213bb245c8e605406703a8766) 
 -*- mode: troff; coding: utf-8 -*-
 Automatically generated by Pod::Man 5.0102 (Pod::Simple 3.45)

 Standard preamble:
 ========================================================================
..

..


..
 \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>.
. ds C` ""
. ds C' ""
'br\}
. ds C`
. ds C'
'br\}

 Escape single quotes in literal strings from groff's Unicode transform.

 If the F register is >0, we'll generate index entries on stderr for
 titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
 entries marked with X<> in POD. Of course, you'll have to process the
 output yourself in some meaningful fashion.

 Avoid warning from groff about undefined register 'F'.
..
.nr rF 0
. if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{\
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF
 ========================================================================

 Title "SSL_CTX_SET_MSG_CALLBACK 3ossl" 
 SSL_CTX_SET_MSG_CALLBACK 3ossl 2025-09-30 3.5.4 OpenSSL
 For nroff, turn off justification. Always turn off hyphenation; it makes
 way too many mistakes in technical documents.
 NAME
SSL_CTX_set_msg_callback,
SSL_CTX_set_msg_callback_arg,
SSL_set_msg_callback,
SSL_set_msg_callback_arg,
SSL_trace
\- install callback for observing protocol messages

 SYNOPSIS
 Header "SYNOPSIS" .Vb 1
 #include <openssl/ssl.h>
\&
 void SSL_CTX_set_msg_callback(SSL_CTX *ctx,
  void (*cb)(int write_p, int version,
  int content_type, const void *buf,
  size_t len, SSL *ssl, void *arg));
 void SSL_CTX_set_msg_callback_arg(SSL_CTX *ctx, void *arg);
\&
 void SSL_set_msg_callback(SSL *ssl,
  void (*cb)(int write_p, int version,
  int content_type, const void *buf,
  size_t len, SSL *ssl, void *arg));
 void SSL_set_msg_callback_arg(SSL *ssl, void *arg);
\&
 void SSL_trace(int write_p, int version, int content_type,
  const void *buf, size_t len, SSL *ssl, void *arg);
.Ve

 DESCRIPTION
 Header "DESCRIPTION" \fBSSL_CTX_set_msg_callback() or SSL_set_msg_callback() can be used to
define a message callback function cb for observing all SSL/TLS/QUIC
protocol messages (such as handshake messages) that are received or
sent, as well as other events that occur during processing.
\fBSSL_CTX_set_msg_callback_arg() and SSL_set_msg_callback_arg()
can be used to set argument arg to the callback function, which is
available for arbitrary application use.


\fBSSL_CTX_set_msg_callback() and SSL_CTX_set_msg_callback_arg() specify
default settings that will be copied to new SSL objects by
\fBSSL_new\|(3). SSL_set_msg_callback() and
\fBSSL_set_msg_callback_arg() modify the actual settings of an SSL
object. Using a NULL pointer for cb disables the message callback.


When cb is called by the SSL/TLS/QUIC library the function arguments have the
following meaning:

 write_p 4
 Item "write_p" This flag is 0 when a protocol message has been received and 1
when a protocol message has been sent.

 version 4
 Item "version" The protocol version according to which the protocol message is
interpreted by the library such as TLS1_3_VERSION, TLS1_2_VERSION,
\fBOSSL_QUIC1_VERSION etc. For the SSL3_RT_HEADER pseudo
content type (see NOTES below) this value will be the decoded
version/legacy_version field of the record header.

 content_type 4
 Item "content_type" This is one of the content type values defined in the protocol specification
(SSL3_RT_CHANGE_CIPHER_SPEC, SSL3_RT_ALERT, SSL3_RT_HANDSHAKE; but never
\fBSSL3_RT_APPLICATION_DATA because the callback will only be called for protocol
messages). Alternatively it may be a "pseudo" content type. These pseudo
content types are used to signal some other event in the processing of data (see
NOTES below).

 "buf, len" 4
 Item "buf, len" \fIbuf points to a buffer containing the protocol message or other data (in the
case of pseudo content types), which consists of len bytes. The buffer is no
longer valid after the callback function has returned.

 ssl 4
 Item "ssl" The SSL object that received or sent the message.

 arg 4
 Item "arg" The user-defined argument optionally defined by
\fBSSL_CTX_set_msg_callback_arg() or SSL_set_msg_callback_arg().


The SSL_trace() function can be used as a pre-written callback in a call to
\fBSSL_CTX_set_msg_callback() or SSL_set_msg_callback(). It requires a BIO to be
set as the callback argument via SSL_CTX_set_msg_callback_arg() or
\fBSSL_set_msg_callback_arg(). Setting this callback will cause human readable
diagostic tracing information about an SSL/TLS/QUIC connection to be written to
the BIO.

 NOTES
 Header "NOTES" Protocol messages are passed to the callback function after decryption
and fragment collection where applicable. (Thus record boundaries are
not visible.)


If processing a received protocol message results in an error,
the callback function may not be called. For example, the callback
function will never see messages that are considered too large to be
processed.


Due to automatic protocol version negotiation, version is not
necessarily the protocol version used by the sender of the message: If
a TLS 1.0 ClientHello message is received by an SSL 3.0-only server,
\fIversion will be SSL3_VERSION.


Pseudo content type values may be sent at various points during the processing
of data. The following pseudo content types are currently defined:

 SSL3_RT_HEADER 4
 Item "SSL3_RT_HEADER" Used when a TLS record is sent or received. The buf contains the record header
bytes only.

 SSL3_RT_INNER_CONTENT_TYPE 4
 Item "SSL3_RT_INNER_CONTENT_TYPE" Used when an encrypted TLSv1.3 record is sent or received. In encrypted TLSv1.3
records the content type in the record header is always
SSL3_RT_APPLICATION_DATA. The real content type for the record is contained in
an "inner" content type. buf contains the encoded "inner" content type byte.

 SSL3_RT_QUIC_DATAGRAM 4
 Item "SSL3_RT_QUIC_DATAGRAM" Used when a QUIC datagram is sent or received.

 SSL3_RT_QUIC_PACKET 4
 Item "SSL3_RT_QUIC_PACKET" Used when a QUIC packet is sent or received.

 SSL3_RT_QUIC_FRAME_FULL 4
 Item "SSL3_RT_QUIC_FRAME_FULL" Used when a QUIC frame is sent or received. This is only used for non-crypto
and stream data related frames. The full QUIC frame data is supplied.

 SSL3_RT_QUIC_FRAME_HEADER 4
 Item "SSL3_RT_QUIC_FRAME_HEADER" Used when a QUIC stream data or crypto frame is sent or received. Only the QUIC
frame header data is supplied.

 SSL3_RT_QUIC_FRAME_PADDING 4
 Item "SSL3_RT_QUIC_FRAME_PADDING" Used when a sequence of one or more QUIC padding frames is sent or received.
A padding frame consists of a single byte and it is common to have multiple
such frames in a sequence. Rather than supplying each frame individually the
callback will supply all the padding frames in one go via this pseudo content
type.

 "RETURN VALUES"
 Header "RETURN VALUES" \fBSSL_CTX_set_msg_callback(), SSL_CTX_set_msg_callback_arg(), SSL_set_msg_callback()
and SSL_set_msg_callback_arg() do not return values.

 "SEE ALSO"
 Header "SEE ALSO" \fBssl\|(7), SSL_new\|(3)

 HISTORY
 Header "HISTORY" The pseudo content type SSL3_RT_INNER_CONTENT_TYPE was added in OpenSSL 1.1.1.


The pseudo content types SSL3_RT_QUIC_DATAGRAM, SSL3_RT_QUIC_PACKET,
\fBSSL3_RT_QUIC_FRAME_FULL, SSL3_RT_QUIC_FRAME_HEADER and
\fBSSL3_RT_QUIC_FRAME_PADDING were added in OpenSSL 3.2.


In versions previous to OpenSSL 3.0 cb was called with 0 as version for
the pseudo content type SSL3_RT_HEADER for TLS records.


In versions previous to OpenSSL 3.2 cb was called with 0 as version for
the pseudo content type SSL3_RT_HEADER for DTLS records.

 COPYRIGHT
 Header "COPYRIGHT" Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved.


Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
<https://www.openssl.org/source/license.html>.