SSL_CTX_set_msg_callback, SSL_CTX_set_msg_callback_arg, SSL_set_msg_callback,
SSL_set_msg_callback_arg - install callback for observing protocol messages
#include <openssl/ssl.h>
void SSL_CTX_set_msg_callback(SSL_CTX *ctx,
void (*cb)(int write_p, int version,
int content_type, const void *buf,
size_t len, SSL *ssl, void *arg));
void SSL_CTX_set_msg_callback_arg(SSL_CTX *ctx, void *arg);
void SSL_set_msg_callback(SSL *ssl,
void (*cb)(int write_p, int version,
int content_type, const void *buf,
size_t len, SSL *ssl, void *arg));
void SSL_set_msg_callback_arg(SSL *ssl, void *arg);
SSL_CTX_set_msg_callback() or
SSL_set_msg_callback() can be used
to define a message callback function
cb for observing all SSL/TLS
protocol messages (such as handshake messages) that are received or sent, as
well as other events that occur during processing.
SSL_CTX_set_msg_callback_arg() and
SSL_set_msg_callback_arg()
can be used to set argument
arg to the callback function, which is
available for arbitrary application use.
SSL_CTX_set_msg_callback() and
SSL_CTX_set_msg_callback_arg()
specify default settings that will be copied to new
SSL objects by
SSL_new(3).
SSL_set_msg_callback() and
SSL_set_msg_callback_arg() modify the actual settings of an
SSL
object. Using a
NULL pointer for
cb disables the message
callback.
When
cb is called by the SSL/TLS library the function arguments have the
following meaning:
- write_p
- This flag is 0 when a protocol message has been
received and 1 when a protocol message has been sent.
- version
- The protocol version according to which the protocol
message is interpreted by the library such as TLS1_3_VERSION,
TLS1_2_VERSION etc. This is set to 0 for the SSL3_RT_HEADER pseudo
content type (see NOTES below).
- content_type
- This is one of the content type values defined in the
protocol specification ( SSL3_RT_CHANGE_CIPHER_SPEC,
SSL3_RT_ALERT, SSL3_RT_HANDSHAKE; but never
SSL3_RT_APPLICATION_DATA because the callback will only be called
for protocol messages). Alternatively it may be a "pseudo"
content type. These pseudo content types are used to signal some other
event in the processing of data (see NOTES below).
-
buf, len
-
buf points to a buffer containing the protocol
message or other data (in the case of pseudo content types), which
consists of len bytes. The buffer is no longer valid after the
callback function has returned.
- ssl
- The SSL object that received or sent the
message.
- arg
- The user-defined argument optionally defined by
SSL_CTX_set_msg_callback_arg() or
SSL_set_msg_callback_arg().
Protocol messages are passed to the callback function after decryption and
fragment collection where applicable. (Thus record boundaries are not
visible.)
If processing a received protocol message results in an error, the callback
function may not be called. For example, the callback function will never see
messages that are considered too large to be processed.
Due to automatic protocol version negotiation,
version is not necessarily
the protocol version used by the sender of the message: If a TLS 1.0
ClientHello message is received by an SSL 3.0-only server,
version will
be
SSL3_VERSION.
Pseudo content type values may be sent at various points during the processing
of data. The following pseudo content types are currently defined:
- SSL3_RT_HEADER
- Used when a record is sent or received. The buf
contains the record header bytes only.
- SSL3_RT_INNER_CONTENT_TYPE
- Used when an encrypted TLSv1.3 record is sent or received.
In encrypted TLSv1.3 records the content type in the record header is
always SSL3_RT_APPLICATION_DATA. The real content type for the record is
contained in an "inner" content type. buf contains the
encoded "inner" content type byte.
SSL_CTX_set_msg_callback(),
SSL_CTX_set_msg_callback_arg(),
SSL_set_msg_callback() and
SSL_set_msg_callback_arg() do not
return values.
ssl(7),
SSL_new(3)
The pseudo content type
SSL3_RT_INNER_CONTENT_TYPE was added in OpenSSL
1.1.1.
Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy in the
file LICENSE in the source distribution or at
<
https://www.openssl.org/source/license.html>.