NAME
SSL_set_psk_use_session_callback
,
SSL_psk_use_session_cb_func
—
set TLS pre-shared key client
callback
SYNOPSIS
#include
<openssl/ssl.h>
typedef int
(*SSL_psk_use_session_cb_func)
(SSL
*ssl, const EVP_MD *md, const
unsigned char **id, size_t *idlen,
SSL_SESSION **session);
void
SSL_set_psk_use_session_callback
(SSL
*ssl, SSL_psk_use_session_cb_func cb);
DESCRIPTION
LibreSSL provides the stub function
SSL_set_psk_use_session_callback
()
to allow compiling application programs that contain optional support for
TLSv1.3 pre-shared keys.
LibreSSL does not support
TLS pre-shared keys, and no action occurs when
SSL_set_psk_use_session_callback
()
is called. In particular, both arguments are ignored. During session
negotiation, LibreSSL never calls the callback cb and
always behaves as if that callback succeeded and set the
*session pointer to NULL
. That
is, LibreSSL never sends a pre-shared key to the server and never aborts the
handshake for lack of a pre-shared key.
With OpenSSL, a client
application wishing to use TLSv1.3 pre-shared keys can install a callback
function cb using
SSL_set_psk_use_session_callback
().
The OpenSSL library may call cb once or twice during
session negotiation. If the callback fails, OpenSSL aborts connection setup.
If the callback succeeds but sets the *session pointer
to NULL
, OpenSSL continues the handshake but does
not send a pre-shared key to the server.
RETURN VALUES
The SSL_psk_use_session_cb_func
() callback
is expected to return 1 on success or 0 on failure.
HISTORY
SSL_set_psk_use_session_callback
() and
SSL_psk_use_session_cb_func
() first appeared in
OpenSSL 1.1.1 and have been available since OpenBSD
7.0.