path: root/doc/man3/SSL_new.pod
diff options
authorJung-uk Kim <jkim@FreeBSD.org>2020-09-22 14:27:08 +0000
committerJung-uk Kim <jkim@FreeBSD.org>2020-09-22 14:27:08 +0000
commit92f02b3b0f21350e7c92a16ca9b594ad7682c717 (patch)
tree00444fe1520f87a0f22770b5c0be936737fb2179 /doc/man3/SSL_new.pod
parent65aa3028e51cba07879f3dc4608949c5c6b9fcc0 (diff)
Import OpenSSL 1.1.1h.vendor/openssl/1.1.1h
Notes: svn path=/vendor-crypto/openssl/dist/; revision=365997 svn path=/vendor-crypto/openssl/1.1.1h/; revision=365998; tag=vendor/openssl/1.1.1h
Diffstat (limited to 'doc/man3/SSL_new.pod')
1 files changed, 70 insertions, 5 deletions
diff --git a/doc/man3/SSL_new.pod b/doc/man3/SSL_new.pod
index 222e9d5886d3..b8680526b8db 100644
--- a/doc/man3/SSL_new.pod
+++ b/doc/man3/SSL_new.pod
@@ -26,10 +26,75 @@ structure are freed.
SSL_up_ref() increments the reference count for an
existing B<SSL> structure.
-SSL_dup() duplicates an existing B<SSL> structure into a new allocated one. All
-settings are inherited from the original B<SSL> structure. Dynamic data (i.e.
-existing connection details) are not copied, the new B<SSL> is set into an
-initial accept (server) or connect (client) state.
+The function SSL_dup() creates and returns a new B<SSL> structure from the same
+B<SSL_CTX> that was used to create I<s>. It additionally duplicates a subset of
+the settings in I<s> into the new B<SSL> object.
+For SSL_dup() to work, the connection MUST be in its initial state and
+MUST NOT have yet started the SSL handshake. For connections that are not in
+their initial state SSL_dup() just increments an internal
+reference count and returns the I<same> handle. It may be possible to
+use L<SSL_clear(3)> to recycle an SSL handle that is not in its initial
+state for re-use, but this is best avoided. Instead, save and restore
+the session, if desired, and construct a fresh handle for each connection.
+The subset of settings in I<s> that are duplicated are:
+=over 4
+=item any session data if configured (including the session_id_context)
+=item any tmp_dh settings set via L<SSL_set_tmp_dh(3)>,
+L<SSL_set_tmp_dh_callback(3)>, or L<SSL_set_dh_auto(3)>
+=item any configured certificates, private keys or certificate chains
+=item any configured signature algorithms, or client signature algorithms
+=item any DANE settings
+=item any Options set via L<SSL_set_options(3)>
+=item any Mode set via L<SSL_set_mode(3)>
+=item any minimum or maximum protocol settings set via
+L<SSL_set_min_proto_version(3)> or L<SSL_set_max_proto_version(3)> (Note: Only
+from OpenSSL 1.1.1h and above)
+=item any Verify mode, callback or depth set via L<SSL_set_verify(3)> or
+L<SSL_set_verify_depth(3)> or any configured X509 verification parameters
+=item any msg callback or info callback set via L<SSL_set_msg_callback(3)> or
+=item any default password callback set via L<SSL_set_default_passwd_cb(3)>
+=item any session id generation callback set via L<SSL_set_generate_session_id(3)>
+=item any configured Cipher List
+=item initial accept (server) or connect (client) state
+=item the max cert list value set via L<SSL_set_max_cert_list(3)>
+=item the read_ahead value set via L<SSL_set_read_ahead(3)>
+=item application specific data set via L<SSL_set_ex_data(3)>
+=item any CA list or client CA list set via L<SSL_set0_CA_list(3)>,
+SSL_set0_client_CA_list() or similar functions
+=item any security level settings or callbacks
+=item any configured serverinfo data
+=item any configured PSK identity hint
+=item any configured custom extensions
+=item any client certificate types configured via SSL_set1_client_certificate_types
@@ -59,7 +124,7 @@ L<ssl(7)>
-Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy