diff options
Diffstat (limited to 'crypto/openssl/doc/man3/SSL_new.pod')
-rw-r--r-- | crypto/openssl/doc/man3/SSL_new.pod | 75 |
1 files changed, 70 insertions, 5 deletions
diff --git a/crypto/openssl/doc/man3/SSL_new.pod b/crypto/openssl/doc/man3/SSL_new.pod index 222e9d5886d3..b8680526b8db 100644 --- a/crypto/openssl/doc/man3/SSL_new.pod +++ b/crypto/openssl/doc/man3/SSL_new.pod @@ -26,10 +26,75 @@ structure are freed. SSL_up_ref() increments the reference count for an existing B<SSL> structure. -SSL_dup() duplicates an existing B<SSL> structure into a new allocated one. All -settings are inherited from the original B<SSL> structure. Dynamic data (i.e. -existing connection details) are not copied, the new B<SSL> is set into an -initial accept (server) or connect (client) state. +The function SSL_dup() creates and returns a new B<SSL> structure from the same +B<SSL_CTX> that was used to create I<s>. It additionally duplicates a subset of +the settings in I<s> into the new B<SSL> object. + +For SSL_dup() to work, the connection MUST be in its initial state and +MUST NOT have yet started the SSL handshake. For connections that are not in +their initial state SSL_dup() just increments an internal +reference count and returns the I<same> handle. It may be possible to +use L<SSL_clear(3)> to recycle an SSL handle that is not in its initial +state for re-use, but this is best avoided. Instead, save and restore +the session, if desired, and construct a fresh handle for each connection. + +The subset of settings in I<s> that are duplicated are: + +=over 4 + +=item any session data if configured (including the session_id_context) + +=item any tmp_dh settings set via L<SSL_set_tmp_dh(3)>, +L<SSL_set_tmp_dh_callback(3)>, or L<SSL_set_dh_auto(3)> + +=item any configured certificates, private keys or certificate chains + +=item any configured signature algorithms, or client signature algorithms + +=item any DANE settings + +=item any Options set via L<SSL_set_options(3)> + +=item any Mode set via L<SSL_set_mode(3)> + +=item any minimum or maximum protocol settings set via +L<SSL_set_min_proto_version(3)> or L<SSL_set_max_proto_version(3)> (Note: Only +from OpenSSL 1.1.1h and above) + +=item any Verify mode, callback or depth set via L<SSL_set_verify(3)> or +L<SSL_set_verify_depth(3)> or any configured X509 verification parameters + +=item any msg callback or info callback set via L<SSL_set_msg_callback(3)> or +L<SSL_set_info_callback(3)> + +=item any default password callback set via L<SSL_set_default_passwd_cb(3)> + +=item any session id generation callback set via L<SSL_set_generate_session_id(3)> + +=item any configured Cipher List + +=item initial accept (server) or connect (client) state + +=item the max cert list value set via L<SSL_set_max_cert_list(3)> + +=item the read_ahead value set via L<SSL_set_read_ahead(3)> + +=item application specific data set via L<SSL_set_ex_data(3)> + +=item any CA list or client CA list set via L<SSL_set0_CA_list(3)>, +SSL_set0_client_CA_list() or similar functions + +=item any security level settings or callbacks + +=item any configured serverinfo data + +=item any configured PSK identity hint + +=item any configured custom extensions + +=item any client certificate types configured via SSL_set1_client_certificate_types + +=back =head1 RETURN VALUES @@ -59,7 +124,7 @@ L<ssl(7)> =head1 COPYRIGHT -Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy |