path: root/doc/ssl/SSL_CTX_set_tlsext_servername_callback.pod
diff options
Diffstat (limited to 'doc/ssl/SSL_CTX_set_tlsext_servername_callback.pod')
1 files changed, 62 insertions, 0 deletions
diff --git a/doc/ssl/SSL_CTX_set_tlsext_servername_callback.pod b/doc/ssl/SSL_CTX_set_tlsext_servername_callback.pod
new file mode 100644
index 000000000000..3b0a50956d9b
--- /dev/null
+++ b/doc/ssl/SSL_CTX_set_tlsext_servername_callback.pod
@@ -0,0 +1,62 @@
+=head1 NAME
+SSL_CTX_set_tlsext_servername_callback, SSL_CTX_set_tlsext_servername_arg,
+SSL_get_servername_type, SSL_get_servername - handle server name indication
+=head1 SYNOPSIS
+ #include <openssl/ssl.h>
+ long SSL_CTX_set_tlsext_servername_callback(SSL_CTX *ctx,
+ int (*cb)(SSL *, int *, void *));
+ long SSL_CTX_set_tlsext_servername_arg(SSL_CTX *ctx, void *arg);
+ const char *SSL_get_servername(const SSL *s, const int type);
+ int SSL_get_servername_type(const SSL *s);
+SSL_CTX_set_tlsext_servername_callback() sets the application callback B<cb>
+used by a server to perform any actions or configuration required based on
+the servername extension received in the incoming connection. When B<cb>
+is NULL, SNI is not used. The B<arg> value is a pointer which is passed to
+the application callback.
+SSL_CTX_set_tlsext_servername_arg() sets a context-specific argument to be
+passed into the callback for this B<SSL_CTX>.
+SSL_get_servername() returns a servername extension value of the specified
+type if provided in the Client Hello or NULL.
+SSL_get_servername_type() returns the servername type or -1 if no servername
+is present. Currently the only supported type (defined in RFC3546) is
+=head1 NOTES
+The ALPN and SNI callbacks are both executed during Client Hello processing.
+The servername callback is executed first, followed by the ALPN callback.
+SSL_CTX_set_tlsext_servername_callback() and
+SSL_CTX_set_tlsext_servername_arg() both always return 1 indicating success.
+=head1 SEE ALSO
+L<ssl(7)>, L<SSL_CTX_set_alpn_select_cb(3)>,
+Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+Licensed under the OpenSSL license (the "License"). You may not use
+this file except in compliance with the License. You can obtain a copy
+in the file LICENSE in the source distribution or at