1*23eb925fStb.\" $OpenBSD: SSL_CTX_set_msg_callback.3,v 1.5 2021/04/15 16:43:27 tb Exp $ 2ffba89b3Sschwarze.\" OpenSSL SSL_CTX_set_msg_callback.pod e9b77246 Jan 20 19:58:49 2017 +0100 3ffba89b3Sschwarze.\" OpenSSL SSL_CTX_set_msg_callback.pod b97fdb57 Nov 11 09:33:09 2016 +0100 4f1a3c524Sschwarze.\" 5059b3974Sschwarze.\" This file was written by Bodo Moeller <bodo@openssl.org>. 6059b3974Sschwarze.\" Copyright (c) 2001, 2014, 2016 The OpenSSL Project. All rights reserved. 7f1a3c524Sschwarze.\" 8059b3974Sschwarze.\" Redistribution and use in source and binary forms, with or without 9059b3974Sschwarze.\" modification, are permitted provided that the following conditions 10059b3974Sschwarze.\" are met: 11059b3974Sschwarze.\" 12059b3974Sschwarze.\" 1. Redistributions of source code must retain the above copyright 13059b3974Sschwarze.\" notice, this list of conditions and the following disclaimer. 14059b3974Sschwarze.\" 15059b3974Sschwarze.\" 2. Redistributions in binary form must reproduce the above copyright 16059b3974Sschwarze.\" notice, this list of conditions and the following disclaimer in 17059b3974Sschwarze.\" the documentation and/or other materials provided with the 18059b3974Sschwarze.\" distribution. 19059b3974Sschwarze.\" 20059b3974Sschwarze.\" 3. All advertising materials mentioning features or use of this 21059b3974Sschwarze.\" software must display the following acknowledgment: 22059b3974Sschwarze.\" "This product includes software developed by the OpenSSL Project 23059b3974Sschwarze.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 24059b3974Sschwarze.\" 25059b3974Sschwarze.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 26059b3974Sschwarze.\" endorse or promote products derived from this software without 27059b3974Sschwarze.\" prior written permission. For written permission, please contact 28059b3974Sschwarze.\" openssl-core@openssl.org. 29059b3974Sschwarze.\" 30059b3974Sschwarze.\" 5. Products derived from this software may not be called "OpenSSL" 31059b3974Sschwarze.\" nor may "OpenSSL" appear in their names without prior written 32059b3974Sschwarze.\" permission of the OpenSSL Project. 33059b3974Sschwarze.\" 34059b3974Sschwarze.\" 6. Redistributions of any form whatsoever must retain the following 35059b3974Sschwarze.\" acknowledgment: 36059b3974Sschwarze.\" "This product includes software developed by the OpenSSL Project 37059b3974Sschwarze.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" 38059b3974Sschwarze.\" 39059b3974Sschwarze.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 40059b3974Sschwarze.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 41059b3974Sschwarze.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 42059b3974Sschwarze.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 43059b3974Sschwarze.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 44059b3974Sschwarze.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 45059b3974Sschwarze.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 46059b3974Sschwarze.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47059b3974Sschwarze.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 48059b3974Sschwarze.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 49059b3974Sschwarze.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 50059b3974Sschwarze.\" OF THE POSSIBILITY OF SUCH DAMAGE. 51059b3974Sschwarze.\" 52*23eb925fStb.Dd $Mdocdate: April 15 2021 $ 53f1a3c524Sschwarze.Dt SSL_CTX_SET_MSG_CALLBACK 3 54f1a3c524Sschwarze.Os 55f1a3c524Sschwarze.Sh NAME 56f1a3c524Sschwarze.Nm SSL_CTX_set_msg_callback , 57f1a3c524Sschwarze.Nm SSL_CTX_set_msg_callback_arg , 58f1a3c524Sschwarze.Nm SSL_set_msg_callback , 59f1a3c524Sschwarze.Nm SSL_set_msg_callback_arg 60f1a3c524Sschwarze.Nd install callback for observing protocol messages 61f1a3c524Sschwarze.Sh SYNOPSIS 62f1a3c524Sschwarze.In openssl/ssl.h 63f1a3c524Sschwarze.Ft void 64f1a3c524Sschwarze.Fo SSL_CTX_set_msg_callback 65f1a3c524Sschwarze.Fa "SSL_CTX *ctx" 66f1a3c524Sschwarze.Fa "void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)" 67f1a3c524Sschwarze.Fc 68f1a3c524Sschwarze.Ft void 69f1a3c524Sschwarze.Fn SSL_CTX_set_msg_callback_arg "SSL_CTX *ctx" "void *arg" 70f1a3c524Sschwarze.Ft void 71f1a3c524Sschwarze.Fo SSL_set_msg_callback 72f1a3c524Sschwarze.Fa "SSL *ssl" 73f1a3c524Sschwarze.Fa "void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)" 74f1a3c524Sschwarze.Fc 75f1a3c524Sschwarze.Ft void 76f1a3c524Sschwarze.Fn SSL_set_msg_callback_arg "SSL *ssl" "void *arg" 77f1a3c524Sschwarze.Sh DESCRIPTION 78f1a3c524Sschwarze.Fn SSL_CTX_set_msg_callback 79f1a3c524Sschwarzeor 80f1a3c524Sschwarze.Fn SSL_set_msg_callback 81f1a3c524Sschwarzecan be used to define a message callback function 82f1a3c524Sschwarze.Fa cb 83f1a3c524Sschwarzefor observing all SSL/TLS protocol messages (such as handshake messages) 84f1a3c524Sschwarzethat are received or sent. 85f1a3c524Sschwarze.Fn SSL_CTX_set_msg_callback_arg 86f1a3c524Sschwarzeand 87f1a3c524Sschwarze.Fn SSL_set_msg_callback_arg 88f1a3c524Sschwarzecan be used to set argument 89f1a3c524Sschwarze.Fa arg 90f1a3c524Sschwarzeto the callback function, which is available for arbitrary application use. 91f1a3c524Sschwarze.Pp 92f1a3c524Sschwarze.Fn SSL_CTX_set_msg_callback 93f1a3c524Sschwarzeand 94f1a3c524Sschwarze.Fn SSL_CTX_set_msg_callback_arg 95f1a3c524Sschwarzespecify default settings that will be copied to new 96f1a3c524Sschwarze.Vt SSL 97f1a3c524Sschwarzeobjects by 98f1a3c524Sschwarze.Xr SSL_new 3 . 99f1a3c524Sschwarze.Fn SSL_set_msg_callback 100f1a3c524Sschwarzeand 101f1a3c524Sschwarze.Fn SSL_set_msg_callback_arg 102f1a3c524Sschwarzemodify the actual settings of an 103f1a3c524Sschwarze.Vt SSL 104f1a3c524Sschwarzeobject. 105f1a3c524SschwarzeUsing a 106f1a3c524Sschwarze.Dv NULL 107f1a3c524Sschwarzepointer for 108f1a3c524Sschwarze.Fa cb 109f1a3c524Sschwarzedisables the message callback. 110f1a3c524Sschwarze.Pp 111f1a3c524SschwarzeWhen 112f1a3c524Sschwarze.Fa cb 113f1a3c524Sschwarzeis called by the SSL/TLS library for a protocol message, 114f1a3c524Sschwarzethe function arguments have the following meaning: 115f1a3c524Sschwarze.Bl -tag -width Ds 116f1a3c524Sschwarze.It Fa write_p 117f1a3c524SschwarzeThis flag is 0 when a protocol message has been received and 1 when a protocol 118f1a3c524Sschwarzemessage has been sent. 119f1a3c524Sschwarze.It Fa version 120f1a3c524SschwarzeThe protocol version according to which the protocol message is 121ffba89b3Sschwarzeinterpreted by the library, such as 122ffba89b3Sschwarze.Dv TLS1_VERSION , 123ffba89b3Sschwarze.Dv TLS1_1_VERSION , 124ffba89b3Sschwarze.Dv TLS1_2_VERSION , 125*23eb925fStb.Dv DTLS1_VERSION , 126ffba89b3Sschwarzeor 127*23eb925fStb.Dv DTLS1_2_VERSION . 128f1a3c524Sschwarze.It Fa content_type 129ffba89b3SschwarzeThis is one of the 130f1a3c524Sschwarze.Em ContentType 131f1a3c524Sschwarzevalues defined in the protocol specification 132f1a3c524Sschwarze.Po 133ffba89b3Sschwarze.Dv SSL3_RT_CHANGE_CIPHER_SPEC , 134ffba89b3Sschwarze.Dv SSL3_RT_ALERT , 135ffba89b3Sschwarze.Dv SSL3_RT_HANDSHAKE , 136f1a3c524Sschwarzebut never 137ffba89b3Sschwarze.Dv SSL3_RT_APPLICATION_DATA 138f1a3c524Sschwarzebecause the callback will only be called for protocol messages. 139f1a3c524Sschwarze.Pc 140f1a3c524Sschwarze.It Fa buf , Fa len 141f1a3c524Sschwarze.Fa buf 142f1a3c524Sschwarzepoints to a buffer containing the protocol message, which consists of 143f1a3c524Sschwarze.Fa len 144f1a3c524Sschwarzebytes. 145f1a3c524SschwarzeThe buffer is no longer valid after the callback function has returned. 146f1a3c524Sschwarze.It Fa ssl 147f1a3c524SschwarzeThe 148f1a3c524Sschwarze.Vt SSL 149f1a3c524Sschwarzeobject that received or sent the message. 150f1a3c524Sschwarze.It Fa arg 151f1a3c524SschwarzeThe user-defined argument optionally defined by 152f1a3c524Sschwarze.Fn SSL_CTX_set_msg_callback_arg 153f1a3c524Sschwarzeor 154f1a3c524Sschwarze.Fn SSL_set_msg_callback_arg . 155f1a3c524Sschwarze.El 156059b3974Sschwarze.Pp 157f1a3c524SschwarzeProtocol messages are passed to the callback function after decryption 158f1a3c524Sschwarzeand fragment collection where applicable. 159f1a3c524Sschwarze(Thus record boundaries are not visible.) 160f1a3c524Sschwarze.Pp 161f1a3c524SschwarzeIf processing a received protocol message results in an error, 162f1a3c524Sschwarzethe callback function may not be called. 163f1a3c524SschwarzeFor example, the callback function will never see messages that are considered 164f1a3c524Sschwarzetoo large to be processed. 165f1a3c524Sschwarze.Pp 166f1a3c524SschwarzeDue to automatic protocol version negotiation, 167f1a3c524Sschwarze.Fa version 168f1a3c524Sschwarzeis not necessarily the protocol version used by the sender of the message: 169f1a3c524SschwarzeIf a TLS 1.0 ClientHello message is received by an SSL 3.0-only server, 170f1a3c524Sschwarze.Fa version 171f1a3c524Sschwarzewill be 172f1a3c524Sschwarze.Dv SSL3_VERSION . 173f1a3c524Sschwarze.Sh SEE ALSO 174f1a3c524Sschwarze.Xr ssl 3 , 175f1a3c524Sschwarze.Xr SSL_new 3 176f1a3c524Sschwarze.Sh HISTORY 177f1a3c524Sschwarze.Fn SSL_CTX_set_msg_callback , 178f1a3c524Sschwarze.Fn SSL_CTX_set_msg_callback_arg , 179f1a3c524Sschwarze.Fn SSL_set_msg_callback 180f1a3c524Sschwarzeand 181f1a3c524Sschwarze.Fn SSL_set_msg_callback_arg 18228b5fa2cSschwarzefirst appeared in OpenSSL 0.9.7 and have been available since 18328b5fa2cSschwarze.Ox 3.2 . 184