1=pod 2 3=head1 NAME 4 5SSL_CTX_set_info_callback, 6SSL_CTX_get_info_callback, 7SSL_set_info_callback, 8SSL_get_info_callback 9- handle information callback for SSL connections 10 11=head1 SYNOPSIS 12 13 #include <openssl/ssl.h> 14 15 void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*callback)()); 16 void (*SSL_CTX_get_info_callback(const SSL_CTX *ctx))(); 17 18 void SSL_set_info_callback(SSL *ssl, void (*callback)()); 19 void (*SSL_get_info_callback(const SSL *ssl))(); 20 21=head1 DESCRIPTION 22 23SSL_CTX_set_info_callback() sets the B<callback> function, that can be used to 24obtain state information for SSL objects created from B<ctx> during connection 25setup and use. The setting for B<ctx> is overridden from the setting for 26a specific SSL object, if specified. 27When B<callback> is NULL, no callback function is used. 28 29SSL_set_info_callback() sets the B<callback> function, that can be used to 30obtain state information for B<ssl> during connection setup and use. 31When B<callback> is NULL, the callback setting currently valid for 32B<ctx> is used. 33 34SSL_CTX_get_info_callback() returns a pointer to the currently set information 35callback function for B<ctx>. 36 37SSL_get_info_callback() returns a pointer to the currently set information 38callback function for B<ssl>. 39 40=head1 NOTES 41 42When setting up a connection and during use, it is possible to obtain state 43information from the SSL/TLS engine. When set, an information callback function 44is called whenever a significant event occurs such as: the state changes, 45an alert appears, or an error occurs. 46 47The callback function is called as B<callback(SSL *ssl, int where, int ret)>. 48The B<where> argument specifies information about where (in which context) 49the callback function was called. If B<ret> is 0, an error condition occurred. 50If an alert is handled, SSL_CB_ALERT is set and B<ret> specifies the alert 51information. 52 53B<where> is a bit-mask made up of the following bits: 54 55=over 4 56 57=item SSL_CB_LOOP 58 59Callback has been called to indicate state change or some other significant 60state machine event. This may mean that the callback gets invoked more than once 61per state in some situations. 62 63=item SSL_CB_EXIT 64 65Callback has been called to indicate exit of a handshake function. This will 66happen after the end of a handshake, but may happen at other times too such as 67on error or when IO might otherwise block and nonblocking is being used. 68 69=item SSL_CB_READ 70 71Callback has been called during read operation. 72 73=item SSL_CB_WRITE 74 75Callback has been called during write operation. 76 77=item SSL_CB_ALERT 78 79Callback has been called due to an alert being sent or received. 80 81=item SSL_CB_READ_ALERT (SSL_CB_ALERT|SSL_CB_READ) 82 83=item SSL_CB_WRITE_ALERT (SSL_CB_ALERT|SSL_CB_WRITE) 84 85=item SSL_CB_ACCEPT_LOOP (SSL_ST_ACCEPT|SSL_CB_LOOP) 86 87=item SSL_CB_ACCEPT_EXIT (SSL_ST_ACCEPT|SSL_CB_EXIT) 88 89=item SSL_CB_CONNECT_LOOP (SSL_ST_CONNECT|SSL_CB_LOOP) 90 91=item SSL_CB_CONNECT_EXIT (SSL_ST_CONNECT|SSL_CB_EXIT) 92 93=item SSL_CB_HANDSHAKE_START 94 95Callback has been called because a new handshake is started. It also occurs when 96resuming a handshake following a pause to handle early data. 97 98=item SSL_CB_HANDSHAKE_DONE 99 100Callback has been called because a handshake is finished. It also occurs if the 101handshake is paused to allow the exchange of early data. 102 103=back 104 105The current state information can be obtained using the 106L<SSL_state_string(3)> family of functions. 107 108The B<ret> information can be evaluated using the 109L<SSL_alert_type_string(3)> family of functions. 110 111=head1 RETURN VALUES 112 113SSL_set_info_callback() does not provide diagnostic information. 114 115SSL_get_info_callback() returns the current setting. 116 117=head1 EXAMPLES 118 119The following example callback function prints state strings, information 120about alerts being handled and error messages to the B<bio_err> BIO. 121 122 void apps_ssl_info_callback(SSL *s, int where, int ret) 123 { 124 const char *str; 125 int w = where & ~SSL_ST_MASK; 126 127 if (w & SSL_ST_CONNECT) 128 str = "SSL_connect"; 129 else if (w & SSL_ST_ACCEPT) 130 str = "SSL_accept"; 131 else 132 str = "undefined"; 133 134 if (where & SSL_CB_LOOP) { 135 BIO_printf(bio_err, "%s:%s\n", str, SSL_state_string_long(s)); 136 } else if (where & SSL_CB_ALERT) { 137 str = (where & SSL_CB_READ) ? "read" : "write"; 138 BIO_printf(bio_err, "SSL3 alert %s:%s:%s\n", str, 139 SSL_alert_type_string_long(ret), 140 SSL_alert_desc_string_long(ret)); 141 } else if (where & SSL_CB_EXIT) { 142 if (ret == 0) { 143 BIO_printf(bio_err, "%s:failed in %s\n", 144 str, SSL_state_string_long(s)); 145 } else if (ret < 0) { 146 BIO_printf(bio_err, "%s:error in %s\n", 147 str, SSL_state_string_long(s)); 148 } 149 } 150 } 151 152=head1 SEE ALSO 153 154L<ssl(7)>, L<SSL_state_string(3)>, 155L<SSL_alert_type_string(3)> 156 157=head1 COPYRIGHT 158 159Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. 160 161Licensed under the Apache License 2.0 (the "License"). You may not use 162this file except in compliance with the License. You can obtain a copy 163in the file LICENSE in the source distribution or at 164L<https://www.openssl.org/source/license.html>. 165 166=cut 167