SSL_CTX_set_session_id_context(3)SSL_CTX_set_session_id_context(3)NAME
SSL_CTX_set_session_id_context, SSL_set_session_id_context - Set con‐
text within which session can be reused (server side only)
SYNOPSIS
#include <openssl/ssl.h>
int SSL_CTX_set_session_id_context(
SSL_CTX *ctx, const unsigned char *sid_ctx,
unsigned int sid_ctx_len ); int SSL_set_session_id_context(
SSL *ssl, const unsigned char *sid_ctx,
unsigned int sid_ctx_len );
DESCRIPTION
The SSL_CTX_set_session_id_context() function sets the context sid_ctx
of length sid_ctx_len within which a session can be reused for the ctx
object.
The SSL_set_session_id_context() function sets the context sid_ctx of
length sid_ctx_len within which a session can be reused for the ssl
object.
NOTES
Sessions are generated within a certain context. When exporting or
importing sessions with i2d_SSL_SESSION or d2i_SSL_SESSION it is possi‐
ble, to reimport a session generated from another context (e.g. another
application), which might lead to malfunctions. Therefore, each appli‐
cation must set its own session id context sid_ctx which is used to
distinguish the contexts and is stored in exported sessions. The
sid_ctx can be any kind of binary data with a given length. For exam‐
ple, it is possible to use the name of the application, the hostname
and/or the service name.
The session id context becomes part of the session. The session id con‐
text is set by the SSL/TLS server. The SSL_CTX_set_session_id_context()
and SSL_set_session_id_context() functions are therefore only useful on
the server side.
OpenSSL clients will check the session id context returned by the
server when reusing a session.
The maximum length of the sid_ctx is limited to SSL_MAX_SSL_SES‐
SION_ID_LENGTH.
RESTRICTIONS
If the session id context is not set on an SSL/TLS server, stored ses‐
sions will not be reused. A fatal error will be flagged and the hand‐
shake will fail.
If a server returns a different session id context to an OpenSSL client
when reusing a session, an error will be flagged and the handshake will
fail. OpenSSL servers will always return the correct session id con‐
text, because an OpenSSL server checks the session id context before
reusing a session.
RETURN VALUES
The SSL_CTX_set_session_id_context() and SSL_set_session_id_context()
functions return the following values: 0
The length sid_ctx_len of the session id context sid_ctx
exceeded the maximum allowed length of SSL_MAX_SSL_SES‐
SION_ID_LENGTH. The error is logged to the error stack. 1
The operation succeeded.
SEE ALSO
Functions: ssl(3)SSL_CTX_set_session_id_context(3)