113d40330Schristos=pod 213d40330Schristos 313d40330Schristos=head1 NAME 413d40330Schristos 513d40330SchristosSSL_dup, SSL_new, SSL_up_ref - create an SSL structure for a connection 613d40330Schristos 713d40330Schristos=head1 SYNOPSIS 813d40330Schristos 913d40330Schristos #include <openssl/ssl.h> 1013d40330Schristos 1113d40330Schristos SSL *SSL_dup(SSL *s); 1213d40330Schristos SSL *SSL_new(SSL_CTX *ctx); 1313d40330Schristos int SSL_up_ref(SSL *s); 1413d40330Schristos 1513d40330Schristos=head1 DESCRIPTION 1613d40330Schristos 1713d40330SchristosSSL_new() creates a new B<SSL> structure which is needed to hold the 1813d40330Schristosdata for a TLS/SSL connection. The new structure inherits the settings 1913d40330Schristosof the underlying context B<ctx>: connection method, 2013d40330Schristosoptions, verification settings, timeout settings. An B<SSL> structure is 2113d40330Schristosreference counted. Creating an B<SSL> structure for the first time increments 2213d40330Schristosthe reference count. Freeing it (using SSL_free) decrements it. When the 2313d40330Schristosreference count drops to zero, any memory or resources allocated to the B<SSL> 2413d40330Schristosstructure are freed. 2513d40330Schristos 2613d40330SchristosSSL_up_ref() increments the reference count for an 2713d40330Schristosexisting B<SSL> structure. 2813d40330Schristos 29f30e0929SchristosThe function SSL_dup() creates and returns a new B<SSL> structure from the same 30f30e0929SchristosB<SSL_CTX> that was used to create I<s>. It additionally duplicates a subset of 31f30e0929Schristosthe settings in I<s> into the new B<SSL> object. 32f30e0929Schristos 33f30e0929SchristosFor SSL_dup() to work, the connection MUST be in its initial state and 34f30e0929SchristosMUST NOT have yet started the SSL handshake. For connections that are not in 35f30e0929Schristostheir initial state SSL_dup() just increments an internal 36f30e0929Schristosreference count and returns the I<same> handle. It may be possible to 37f30e0929Schristosuse L<SSL_clear(3)> to recycle an SSL handle that is not in its initial 38*4778aedeSchristosstate for reuse, but this is best avoided. Instead, save and restore 39f30e0929Schristosthe session, if desired, and construct a fresh handle for each connection. 40f30e0929Schristos 41f30e0929SchristosThe subset of settings in I<s> that are duplicated are: 42f30e0929Schristos 43f30e0929Schristos=over 4 44f30e0929Schristos 45f30e0929Schristos=item any session data if configured (including the session_id_context) 46f30e0929Schristos 47f30e0929Schristos=item any tmp_dh settings set via L<SSL_set_tmp_dh(3)>, 48f30e0929SchristosL<SSL_set_tmp_dh_callback(3)>, or L<SSL_set_dh_auto(3)> 49f30e0929Schristos 50f30e0929Schristos=item any configured certificates, private keys or certificate chains 51f30e0929Schristos 52f30e0929Schristos=item any configured signature algorithms, or client signature algorithms 53f30e0929Schristos 54f30e0929Schristos=item any DANE settings 55f30e0929Schristos 56f30e0929Schristos=item any Options set via L<SSL_set_options(3)> 57f30e0929Schristos 58f30e0929Schristos=item any Mode set via L<SSL_set_mode(3)> 59f30e0929Schristos 60f30e0929Schristos=item any minimum or maximum protocol settings set via 61f30e0929SchristosL<SSL_set_min_proto_version(3)> or L<SSL_set_max_proto_version(3)> (Note: Only 62f30e0929Schristosfrom OpenSSL 1.1.1h and above) 63f30e0929Schristos 64b0d17251Schristos=item any verify mode, callback or depth set via L<SSL_set_verify(3)> or 65f30e0929SchristosL<SSL_set_verify_depth(3)> or any configured X509 verification parameters 66f30e0929Schristos 67f30e0929Schristos=item any msg callback or info callback set via L<SSL_set_msg_callback(3)> or 68f30e0929SchristosL<SSL_set_info_callback(3)> 69f30e0929Schristos 70f30e0929Schristos=item any default password callback set via L<SSL_set_default_passwd_cb(3)> 71f30e0929Schristos 72f30e0929Schristos=item any session id generation callback set via L<SSL_set_generate_session_id(3)> 73f30e0929Schristos 74f30e0929Schristos=item any configured Cipher List 75f30e0929Schristos 76f30e0929Schristos=item initial accept (server) or connect (client) state 77f30e0929Schristos 78f30e0929Schristos=item the max cert list value set via L<SSL_set_max_cert_list(3)> 79f30e0929Schristos 80f30e0929Schristos=item the read_ahead value set via L<SSL_set_read_ahead(3)> 81f30e0929Schristos 82f30e0929Schristos=item application specific data set via L<SSL_set_ex_data(3)> 83f30e0929Schristos 84f30e0929Schristos=item any CA list or client CA list set via L<SSL_set0_CA_list(3)>, 85f30e0929SchristosSSL_set0_client_CA_list() or similar functions 86f30e0929Schristos 87f30e0929Schristos=item any security level settings or callbacks 88f30e0929Schristos 89f30e0929Schristos=item any configured serverinfo data 90f30e0929Schristos 91f30e0929Schristos=item any configured PSK identity hint 92f30e0929Schristos 93f30e0929Schristos=item any configured custom extensions 94f30e0929Schristos 95f30e0929Schristos=item any client certificate types configured via SSL_set1_client_certificate_types 96f30e0929Schristos 97f30e0929Schristos=back 9813d40330Schristos 9913d40330Schristos=head1 RETURN VALUES 10013d40330Schristos 10113d40330SchristosThe following return values can occur: 10213d40330Schristos 10313d40330Schristos=over 4 10413d40330Schristos 10513d40330Schristos=item NULL 10613d40330Schristos 10713d40330SchristosThe creation of a new SSL structure failed. Check the error stack to 10813d40330Schristosfind out the reason. 10913d40330Schristos 11013d40330Schristos=item Pointer to an SSL structure 11113d40330Schristos 11213d40330SchristosThe return value points to an allocated SSL structure. 11313d40330Schristos 11413d40330SchristosSSL_up_ref() returns 1 for success and 0 for failure. 11513d40330Schristos 11613d40330Schristos=back 11713d40330Schristos 11813d40330Schristos=head1 SEE ALSO 11913d40330Schristos 12013d40330SchristosL<SSL_free(3)>, L<SSL_clear(3)>, 12113d40330SchristosL<SSL_CTX_set_options(3)>, 12213d40330SchristosL<SSL_get_SSL_CTX(3)>, 12313d40330SchristosL<ssl(7)> 12413d40330Schristos 12513d40330Schristos=head1 COPYRIGHT 12613d40330Schristos 127*4778aedeSchristosCopyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved. 12813d40330Schristos 129b0d17251SchristosLicensed under the Apache License 2.0 (the "License"). You may not use 13013d40330Schristosthis file except in compliance with the License. You can obtain a copy 13113d40330Schristosin the file LICENSE in the source distribution or at 13213d40330SchristosL<https://www.openssl.org/source/license.html>. 13313d40330Schristos 13413d40330Schristos=cut 135