SSL_SET_PSK_USE_SESSION_(3) Library Functions ManualSSL_SET_PSK_USE_SESSION_(3)
NAME
SSL_set_psk_use_session_callback, SSL_psk_use_session_cb_func — set TLS pre-shared key client callback
SYNOPSIS
#include <openssl/ssl.h>
typedef int
(*SSL_psk_use_session_cb_func)(SSL *ssl, const EVP_MD *md, const unsigned char **id, size_t *idlen, SSL_SESSION **session);
void
SSL_set_psk_use_session_callback(SSL *ssl, SSL_psk_use_session_cb_func cb);
DESCRIPTION
LibreSSL provides the stub function SSL_set_psk_use_session_callback() to allow compiling application programs that contain optional support for TLSv1.3 pre-shared keys.
LibreSSL does not support TLS pre-shared keys, and no action occurs when SSL_set_psk_use_session_callback() is called. In particular, both arguments are ignored. During session negotiation, LibreSSL never calls the callback cb and always behaves as if that callback succeeded and set the *session pointer to NULL. That is, LibreSSL never sends a pre-shared key to the server and never aborts the handshake for lack of a pre-shared key.
With OpenSSL, a client application wishing to use TLSv1.3 pre-shared keys can install a callback function cb using SSL_set_psk_use_session_callback(). The OpenSSL library may call cb once or twice during session negotiation. If the callback fails, OpenSSL aborts connection setup. If the callback succeeds but sets the *session pointer to NULL, OpenSSL continues the handshake but does not send a pre-shared key to the server.
RETURN VALUES
The SSL_psk_use_session_cb_func() callback is expected to return 1 on success or 0 on failure.
HISTORY
SSL_set_psk_use_session_callback() and SSL_psk_use_session_cb_func() first appeared in OpenSSL 1.1.1 and have been available since OpenBSD 7.0. GNU September 14,SSL_SET_PSK_USE_SESSION_CALLBACK2021 (3)