xref: /freebsd/crypto/openssl/doc/man3/SSL_CTX_set_info_callback.pod (revision 90ec6a30353aa7caaf995ea50e2e23aa5a099600)
1=pod
2
3=head1 NAME
4
5SSL_CTX_set_info_callback,
6SSL_CTX_get_info_callback,
7SSL_set_info_callback,
8SSL_get_info_callback
9- handle information callback for SSL connections
10
11=head1 SYNOPSIS
12
13 #include <openssl/ssl.h>
14
15 void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*callback)());
16 void (*SSL_CTX_get_info_callback(const SSL_CTX *ctx))();
17
18 void SSL_set_info_callback(SSL *ssl, void (*callback)());
19 void (*SSL_get_info_callback(const SSL *ssl))();
20
21=head1 DESCRIPTION
22
23SSL_CTX_set_info_callback() sets the B<callback> function, that can be used to
24obtain state information for SSL objects created from B<ctx> during connection
25setup and use. The setting for B<ctx> is overridden from the setting for
26a specific SSL object, if specified.
27When B<callback> is NULL, no callback function is used.
28
29SSL_set_info_callback() sets the B<callback> function, that can be used to
30obtain state information for B<ssl> during connection setup and use.
31When B<callback> is NULL, the callback setting currently valid for
32B<ctx> is used.
33
34SSL_CTX_get_info_callback() returns a pointer to the currently set information
35callback function for B<ctx>.
36
37SSL_get_info_callback() returns a pointer to the currently set information
38callback function for B<ssl>.
39
40=head1 NOTES
41
42When setting up a connection and during use, it is possible to obtain state
43information from the SSL/TLS engine. When set, an information callback function
44is called whenever a significant event occurs such as: the state changes,
45an alert appears, or an error occurs.
46
47The callback function is called as B<callback(SSL *ssl, int where, int ret)>.
48The B<where> argument specifies information about where (in which context)
49the callback function was called. If B<ret> is 0, an error condition occurred.
50If an alert is handled, SSL_CB_ALERT is set and B<ret> specifies the alert
51information.
52
53B<where> is a bit mask made up of the following bits:
54
55=over 4
56
57=item SSL_CB_LOOP
58
59Callback has been called to indicate state change or some other significant
60state machine event. This may mean that the callback gets invoked more than once
61per state in some situations.
62
63=item SSL_CB_EXIT
64
65Callback has been called to indicate exit of a handshake function. This will
66happen after the end of a handshake, but may happen at other times too such as
67on error or when IO might otherwise block and nonblocking is being used.
68
69=item SSL_CB_READ
70
71Callback has been called during read operation.
72
73=item SSL_CB_WRITE
74
75Callback has been called during write operation.
76
77=item SSL_CB_ALERT
78
79Callback has been called due to an alert being sent or received.
80
81=item SSL_CB_READ_ALERT               (SSL_CB_ALERT|SSL_CB_READ)
82
83=item SSL_CB_WRITE_ALERT              (SSL_CB_ALERT|SSL_CB_WRITE)
84
85=item SSL_CB_ACCEPT_LOOP              (SSL_ST_ACCEPT|SSL_CB_LOOP)
86
87=item SSL_CB_ACCEPT_EXIT              (SSL_ST_ACCEPT|SSL_CB_EXIT)
88
89=item SSL_CB_CONNECT_LOOP             (SSL_ST_CONNECT|SSL_CB_LOOP)
90
91=item SSL_CB_CONNECT_EXIT             (SSL_ST_CONNECT|SSL_CB_EXIT)
92
93=item SSL_CB_HANDSHAKE_START
94
95Callback has been called because a new handshake is started. It also occurs when
96resuming a handshake following a pause to handle early data.
97
98=item SSL_CB_HANDSHAKE_DONE
99
100Callback has been called because a handshake is finished.  It also occurs if the
101handshake is paused to allow the exchange of early data.
102
103=back
104
105The current state information can be obtained using the
106L<SSL_state_string(3)> family of functions.
107
108The B<ret> information can be evaluated using the
109L<SSL_alert_type_string(3)> family of functions.
110
111=head1 RETURN VALUES
112
113SSL_set_info_callback() does not provide diagnostic information.
114
115SSL_get_info_callback() returns the current setting.
116
117=head1 EXAMPLES
118
119The following example callback function prints state strings, information
120about alerts being handled and error messages to the B<bio_err> BIO.
121
122 void apps_ssl_info_callback(SSL *s, int where, int ret)
123 {
124     const char *str;
125     int w = where & ~SSL_ST_MASK;
126
127     if (w & SSL_ST_CONNECT)
128         str = "SSL_connect";
129     else if (w & SSL_ST_ACCEPT)
130         str = "SSL_accept";
131     else
132         str = "undefined";
133
134     if (where & SSL_CB_LOOP) {
135         BIO_printf(bio_err, "%s:%s\n", str, SSL_state_string_long(s));
136     } else if (where & SSL_CB_ALERT) {
137         str = (where & SSL_CB_READ) ? "read" : "write";
138         BIO_printf(bio_err, "SSL3 alert %s:%s:%s\n", str,
139                    SSL_alert_type_string_long(ret),
140                    SSL_alert_desc_string_long(ret));
141     } else if (where & SSL_CB_EXIT) {
142         if (ret == 0) {
143             BIO_printf(bio_err, "%s:failed in %s\n",
144                        str, SSL_state_string_long(s));
145         } else if (ret < 0) {
146             BIO_printf(bio_err, "%s:error in %s\n",
147                        str, SSL_state_string_long(s));
148         }
149     }
150 }
151
152=head1 SEE ALSO
153
154L<ssl(7)>, L<SSL_state_string(3)>,
155L<SSL_alert_type_string(3)>
156
157=head1 COPYRIGHT
158
159Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved.
160
161Licensed under the OpenSSL license (the "License").  You may not use
162this file except in compliance with the License.  You can obtain a copy
163in the file LICENSE in the source distribution or at
164L<https://www.openssl.org/source/license.html>.
165
166=cut
167