1=pod 2 3=head1 NAME 4 5SSL_get_session, SSL_get0_session, SSL_get1_session - retrieve TLS/SSL session data 6 7=head1 SYNOPSIS 8 9 #include <openssl/ssl.h> 10 11 SSL_SESSION *SSL_get_session(const SSL *ssl); 12 SSL_SESSION *SSL_get0_session(const SSL *ssl); 13 SSL_SESSION *SSL_get1_session(SSL *ssl); 14 15=head1 DESCRIPTION 16 17SSL_get_session() returns a pointer to the B<SSL_SESSION> actually used in 18B<ssl>. The reference count of the B<SSL_SESSION> is not incremented, so 19that the pointer can become invalid by other operations. 20 21SSL_get0_session() is the same as SSL_get_session(). 22 23SSL_get1_session() is the same as SSL_get_session(), but the reference 24count of the B<SSL_SESSION> is incremented by one. 25 26=head1 NOTES 27 28The ssl session contains all information required to re-establish the 29connection without a full handshake for SSL versions up to and including 30TLSv1.2. In TLSv1.3 the same is true, but sessions are established after the 31main handshake has occurred. The server will send the session information to the 32client at a time of its choosing, which may be some while after the initial 33connection is established (or never). Calling these functions on the client side 34in TLSv1.3 before the session has been established will still return an 35SSL_SESSION object but that object cannot be used for resuming the session. See 36L<SSL_SESSION_is_resumable(3)> for information on how to determine whether an 37SSL_SESSION object can be used for resumption or not. 38 39Additionally, in TLSv1.3, a server can send multiple messages that establish a 40session for a single connection. In that case the above functions will only 41return information on the last session that was received. 42 43The preferred way for applications to obtain a resumable SSL_SESSION object is 44to use a new session callback as described in L<SSL_CTX_sess_set_new_cb(3)>. 45The new session callback is only invoked when a session is actually established, 46so this avoids the problem described above where an application obtains an 47SSL_SESSION object that cannot be used for resumption in TLSv1.3. It also 48enables applications to obtain information about all sessions sent by the 49server. 50 51A session will be automatically removed from the session cache and marked as 52non-resumable if the connection is not closed down cleanly, e.g. if a fatal 53error occurs on the connection or L<SSL_shutdown(3)> is not called prior to 54L<SSL_free(3)>. 55 56In TLSv1.3 it is recommended that each SSL_SESSION object is only used for 57resumption once. 58 59SSL_get0_session() returns a pointer to the actual session. As the 60reference counter is not incremented, the pointer is only valid while 61the connection is in use. If L<SSL_clear(3)> or 62L<SSL_free(3)> is called, the session may be removed completely 63(if considered bad), and the pointer obtained will become invalid. Even 64if the session is valid, it can be removed at any time due to timeout 65during L<SSL_CTX_flush_sessions(3)>. 66 67If the data is to be kept, SSL_get1_session() will increment the reference 68count, so that the session will not be implicitly removed by other operations 69but stays in memory. In order to remove the session 70L<SSL_SESSION_free(3)> must be explicitly called once 71to decrement the reference count again. 72 73SSL_SESSION objects keep internal link information about the session cache 74list, when being inserted into one SSL_CTX object's session cache. 75One SSL_SESSION object, regardless of its reference count, must therefore 76only be used with one SSL_CTX object (and the SSL objects created 77from this SSL_CTX object). 78 79=head1 RETURN VALUES 80 81The following return values can occur: 82 83=over 4 84 85=item NULL 86 87There is no session available in B<ssl>. 88 89=item Pointer to an SSL_SESSION 90 91The return value points to the data of an SSL session. 92 93=back 94 95=head1 SEE ALSO 96 97L<ssl(7)>, L<SSL_free(3)>, 98L<SSL_clear(3)>, 99L<SSL_SESSION_free(3)> 100 101=head1 COPYRIGHT 102 103Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. 104 105Licensed under the OpenSSL license (the "License"). You may not use 106this file except in compliance with the License. You can obtain a copy 107in the file LICENSE in the source distribution or at 108L<https://www.openssl.org/source/license.html>. 109 110=cut 111