SSL_CTX_set_info_callback, SSL_CTX_get_info_callback, SSL_set_info_callback,
SSL_get_info_callback - handle information callback for SSL connections
#include <openssl/ssl.h>
void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*callback)());
void (*SSL_CTX_get_info_callback(const SSL_CTX *ctx))();
void SSL_set_info_callback(SSL *ssl, void (*callback)());
void (*SSL_get_info_callback(const SSL *ssl))();
SSL_CTX_set_info_callback() sets the callback function, that can
be used to obtain state information for SSL objects created from ctx
during connection setup and use. The setting for ctx is overridden from
the setting for a specific SSL object, if specified. When callback is
NULL, no callback function is used.
SSL_set_info_callback() sets the callback function,
that can be used to obtain state information for ssl during
connection setup and use. When callback is NULL, the callback setting
currently valid for ctx is used.
SSL_CTX_get_info_callback() returns a pointer to the
currently set information callback function for ctx.
SSL_get_info_callback() returns a pointer to the currently
set information callback function for ssl.
When setting up a connection and during use, it is possible to obtain state
information from the SSL/TLS engine. When set, an information callback
function is called whenever a significant event occurs such as: the state
changes, an alert appears, or an error occurs.
The callback function is called as callback(SSL *ssl, int
where, int ret). The where argument specifies information about
where (in which context) the callback function was called. If ret is
0, an error condition occurred. If an alert is handled, SSL_CB_ALERT is set
and ret specifies the alert information.
where is a bitmask made up of the following bits:
- SSL_CB_LOOP
- Callback has been called to indicate state change or some other
significant state machine event. This may mean that the callback gets
invoked more than once per state in some situations.
- SSL_CB_EXIT
- Callback has been called to indicate exit of a handshake function. This
will happen after the end of a handshake, but may happen at other times
too such as on error or when IO might otherwise block and non-blocking is
being used.
- SSL_CB_READ
- Callback has been called during read operation.
- SSL_CB_WRITE
- Callback has been called during write operation.
- SSL_CB_ALERT
- Callback has been called due to an alert being sent or received.
- SSL_CB_READ_ALERT (SSL_CB_ALERT|SSL_CB_READ)
- SSL_CB_WRITE_ALERT (SSL_CB_ALERT|SSL_CB_WRITE)
- SSL_CB_ACCEPT_LOOP (SSL_ST_ACCEPT|SSL_CB_LOOP)
- SSL_CB_ACCEPT_EXIT (SSL_ST_ACCEPT|SSL_CB_EXIT)
- SSL_CB_CONNECT_LOOP (SSL_ST_CONNECT|SSL_CB_LOOP)
- SSL_CB_CONNECT_EXIT (SSL_ST_CONNECT|SSL_CB_EXIT)
- SSL_CB_HANDSHAKE_START
- Callback has been called because a new handshake is started. In TLSv1.3
this is also used for the start of post-handshake message exchanges such
as for the exchange of session tickets, or for key updates. It also occurs
when resuming a handshake following a pause to handle early data.
- SSL_CB_HANDSHAKE_DONE 0x20
- Callback has been called because a handshake is finished. In TLSv1.3 this
is also used at the end of an exchange of post-handshake messages such as
for session tickets or key updates. It also occurs if the handshake is
paused to allow the exchange of early data.
The current state information can be obtained using the
SSL_state_string(3) family of functions.
The ret information can be evaluated using the
SSL_alert_type_string(3) family of functions.
SSL_set_info_callback() does not provide diagnostic information.
SSL_get_info_callback() returns the current setting.
The following example callback function prints state strings, information about
alerts being handled and error messages to the bio_err BIO.
void apps_ssl_info_callback(SSL *s, int where, int ret)
{
const char *str;
int w = where & ~SSL_ST_MASK;
if (w & SSL_ST_CONNECT)
str = "SSL_connect";
else if (w & SSL_ST_ACCEPT)
str = "SSL_accept";
else
str = "undefined";
if (where & SSL_CB_LOOP) {
BIO_printf(bio_err, "%s:%s\n", str, SSL_state_string_long(s));
} else if (where & SSL_CB_ALERT) {
str = (where & SSL_CB_READ) ? "read" : "write";
BIO_printf(bio_err, "SSL3 alert %s:%s:%s\n", str,
SSL_alert_type_string_long(ret),
SSL_alert_desc_string_long(ret));
} else if (where & SSL_CB_EXIT) {
if (ret == 0) {
BIO_printf(bio_err, "%s:failed in %s\n",
str, SSL_state_string_long(s));
} else if (ret < 0) {
BIO_printf(bio_err, "%s:error in %s\n",
str, SSL_state_string_long(s));
}
}
}
ssl(7), SSL_state_string(3), SSL_alert_type_string(3)
Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You
may not use this file except in compliance with the License. You can obtain
a copy in the file LICENSE in the source distribution or at
<https://www.openssl.org/source/license.html>.