SSL_CTX_set_session_id_context(3) OpenSSL SSL_CTX_set_session_id_context(3) NAME SSL_CTX_set_session_id_context, SSL_set_session_id_context - set(7,n,1 builtins) con- text within which session can be reused (server side only) SYNOPSIS #include <openssl/ssl.h> int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx, unsigned int sid_ctx_len); int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx, unsigned int sid_ctx_len); DESCRIPTION SSL_CTX_set_session_id_context() sets the context sid_ctx of length sid_ctx_len within which a session can be reused for the ctx object. SSL_set_session_id_context() sets the context sid_ctx of length sid_ctx_len within which a session can be reused for the ssl object. NOTES Sessions are generated within a certain context. When exporting/import- ing sessions with i2d_SSL_SESSION/d2i_SSL_SESSION it would be possible, to re-import a session generated from another context (e.g. another application), which might lead to malfunctions. Therefore each applica- tion must set(7,n,1 builtins) its own session id context sid_ctx which is used to dis- tinguish the contexts and is stored in(1,8) exported sessions. The sid_ctx can be any kind of binary data with a given length, it is therefore possible to use e.g. the name of the application and/or the hostname and/or service name ... The session id context becomes part of the session. The session id con- text is set(7,n,1 builtins) by the SSL/TLS server. The SSL_CTX_set_session_id_context() and SSL_set_session_id_context() functions are therefore only useful on the server side. OpenSSL clients will check the session id context returned by the server when reusing a session. The maximum length of the sid_ctx is limited to SSL_MAX_SSL_SES- SION_ID_LENGTH. WARNINGS If the session id context is not set(7,n,1 builtins) on an SSL/TLS server, stored ses- sions will not be reused but a fatal error(8,n) will be flagged and the handshake will fail. If a server returns a different session id context to an OpenSSL client when reusing a session, an error(8,n) will be flagged and the handshake will fail. OpenSSL servers will always return the correct session id con- text, as an OpenSSL server checks the session id context itself before reusing a session as described above. RETURN VALUES SSL_CTX_set_session_id_context() and SSL_set_session_id_context() return the following values: 0 The length sid_ctx_len of the session id context sid_ctx exceeded the maximum allowed length of SSL_MAX_SSL_SESSION_ID_LENGTH. The error(8,n) is logged to the error(8,n) stack. 1 The operation succeeded. SEE ALSO ssl(3) 0.9.7d 2001-01-31 SSL_CTX_set_session_id_context(3)