diff options
author | Matt Caswell <matt@openssl.org> | 2017-04-26 15:16:18 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2017-04-26 16:46:47 +0100 |
commit | b89646684d920d3014979f8a73b96aecb61c7b1f (patch) | |
tree | 93a47960743849e11bf09f30c9d134ece6d1f92c | |
parent | 5b3e5f00a63446a5de633277a33dc013c22e7231 (diff) | |
download | openssl-b89646684d920d3014979f8a73b96aecb61c7b1f.tar.gz |
Clarify that SSL_CTX_remove_session() marks a session as non-resumable
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3008)
-rw-r--r-- | doc/man3/SSL_CTX_add_session.pod | 4 | ||||
-rw-r--r-- | doc/man3/SSL_CTX_sess_set_get_cb.pod | 3 |
2 files changed, 4 insertions, 3 deletions
diff --git a/doc/man3/SSL_CTX_add_session.pod b/doc/man3/SSL_CTX_add_session.pod index dd92c3a231..02d93b8b1d 100644 --- a/doc/man3/SSL_CTX_add_session.pod +++ b/doc/man3/SSL_CTX_add_session.pod @@ -21,8 +21,8 @@ reference count for session B<c> is incremented by 1. If a session with the same session id already exists, the old session is removed by calling L<SSL_SESSION_free(3)>. -SSL_CTX_remove_session() removes the session B<c> from the context B<ctx>. -L<SSL_SESSION_free(3)> is called once for B<c>. +SSL_CTX_remove_session() removes the session B<c> from the context B<ctx> and +marks it as non-resumable. L<SSL_SESSION_free(3)> is called once for B<c>. SSL_add_session() and SSL_remove_session() are synonyms for their SSL_CTX_*() counterparts. diff --git a/doc/man3/SSL_CTX_sess_set_get_cb.pod b/doc/man3/SSL_CTX_sess_set_get_cb.pod index 55edd1c1a6..65f1e4e7c5 100644 --- a/doc/man3/SSL_CTX_sess_set_get_cb.pod +++ b/doc/man3/SSL_CTX_sess_set_get_cb.pod @@ -67,7 +67,8 @@ be established with a single connection. In these case the new_session_cb() function will be invoked multiple times. In TLSv1.3 it is recommended that each SSL_SESSION object is only used for -resumption once. +resumption once. One way of enforcing that is for applications to call +L<SSL_CTX_remove_session(3)> after a session has been used. The remove_session_cb() is called, whenever the SSL engine removes a session from the internal cache. This happens when the session is removed because |