diff options
| author | Matt Caswell <matt@openssl.org> | 2017-07-13 18:02:18 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2017-08-31 15:02:58 +0100 |
| commit | e17e1df77e651e557ad8fc67e2bea0bbcf98f153 (patch) | |
| tree | 15b1a7d064ffcdefdb86d62d58c5710e282dd2d8 /doc | |
| parent | 02a3ed5a95ca0cb9f5173343dc10739a354713ac (diff) | |
| download | openssl-e17e1df77e651e557ad8fc67e2bea0bbcf98f153.tar.gz | |
Add documentation for SSL_SESSION_set_max_early_data()
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3926)
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/man3/SSL_CTX_set_psk_client_callback.pod | 4 | ||||
| -rw-r--r-- | doc/man3/SSL_read_early_data.pod | 11 |
2 files changed, 13 insertions, 2 deletions
diff --git a/doc/man3/SSL_CTX_set_psk_client_callback.pod b/doc/man3/SSL_CTX_set_psk_client_callback.pod index 919b6af292..5a48e13129 100644 --- a/doc/man3/SSL_CTX_set_psk_client_callback.pod +++ b/doc/man3/SSL_CTX_set_psk_client_callback.pod @@ -98,6 +98,10 @@ be TLS1_3_VERSION. =back +Additionally the maximum early data value should be set via a call to +L<SSL_SESSION_set_max_early_data(3)> if the PSK will be used for sending early +data. + Alternatively an SSL_SESSION created from a previous non-PSK handshake may also be used as the basis for a PSK. diff --git a/doc/man3/SSL_read_early_data.pod b/doc/man3/SSL_read_early_data.pod index f0237faf40..a593b147b8 100644 --- a/doc/man3/SSL_read_early_data.pod +++ b/doc/man3/SSL_read_early_data.pod @@ -7,6 +7,7 @@ SSL_CTX_set_max_early_data, SSL_get_max_early_data, SSL_CTX_get_max_early_data, SSL_SESSION_get_max_early_data, +SSL_SESSION_set_max_early_data, SSL_write_early_data, SSL_read_early_data, SSL_get_early_data_status @@ -21,6 +22,7 @@ SSL_get_early_data_status int SSL_set_max_early_data(SSL *s, uint32_t max_early_data); uint32_t SSL_get_max_early_data(const SSL *s); uint32_t SSL_SESSION_get_max_early_data(const SSL_SESSION *s); + int SSL_SESSION_set_max_early_data(SSL_SESSION *s, uint32_t max_early_data); int SSL_write_early_data(SSL *s, const void *buf, size_t num, size_t *written); @@ -59,6 +61,10 @@ determine if a session established with a server can be used to send early data. If the session cannot be used then this function will return 0. Otherwise it will return the maximum number of early data bytes that can be sent. +The function SSL_SESSION_set_max_early_data() sets the maximum number of early +data bytes that can be sent for a session. This would typically be used when +creating a PSK session file (see L<SSL_CTX_set_psk_use_session_callback(3)>). + A client uses the function SSL_write_early_data() to send early data. This function is similar to the L<SSL_write_ex(3)> function, but with the following differences. See L<SSL_write_ex(3)> for information on how to write bytes to @@ -207,8 +213,8 @@ SSL_get_max_early_data(), SSL_CTX_get_max_early_data() and SSL_SESSION_get_max_early_data() return the maximum number of early data bytes that may be sent. -SSL_set_max_early_data() and SSL_CTX_set_max_early_data() return 1 for success -or 0 for failure. +SSL_set_max_early_data(), SSL_CTX_set_max_early_data() and +SSL_SESSION_set_max_early_data() return 1 for success or 0 for failure. SSL_get_early_data_status() returns SSL_EARLY_DATA_ACCEPTED if early data was accepted by the server, SSL_EARLY_DATA_REJECTED if early data was rejected by @@ -222,6 +228,7 @@ L<SSL_read_ex(3)>, L<SSL_connect(3)>, L<SSL_accept(3)>, L<SSL_do_handshake(3)>, +L<SSL_CTX_set_psk_use_session_callback(3)>, L<ssl(7)> =head1 HISTORY |