The SSL and SSL_CTX structures are reference counted. However since libssl
was made opaque there is no way for users of the library to manipulate the
reference counts. This adds functions to enable that.
Reviewed-by: Stephen Henson <steve@openssl.org>
-SSL_CTX_new, SSLv3_method, SSLv3_server_method, SSLv3_client_method,
-TLSv1_method, TLSv1_server_method, TLSv1_client_method, TLSv1_1_method,
-TLSv1_1_server_method, TLSv1_1_client_method, TLS_method,
+SSL_CTX_new, SSL_CTX_up_ref, SSLv3_method, SSLv3_server_method,
+SSLv3_client_method, TLSv1_method, TLSv1_server_method, TLSv1_client_method,
+TLSv1_1_method, TLSv1_1_server_method, TLSv1_1_client_method, TLS_method,
TLS_server_method, TLS_client_method, SSLv23_method, SSLv23_server_method,
SSLv23_client_method, DTLS_method, DTLS_server_method, DTLS_client_method,
DTLSv1_method, DTLSv1_server_method, DTLSv1_client_method,
TLS_server_method, TLS_client_method, SSLv23_method, SSLv23_server_method,
SSLv23_client_method, DTLS_method, DTLS_server_method, DTLS_client_method,
DTLSv1_method, DTLSv1_server_method, DTLSv1_client_method,
#include <openssl/ssl.h>
SSL_CTX *SSL_CTX_new(const SSL_METHOD *method);
#include <openssl/ssl.h>
SSL_CTX *SSL_CTX_new(const SSL_METHOD *method);
+ void SSL_CTX_up_ref(SSL_CTX *ctx);
const SSL_METHOD *TLS_method(void);
const SSL_METHOD *TLS_server_method(void);
const SSL_METHOD *TLS_method(void);
const SSL_METHOD *TLS_server_method(void);
=head1 DESCRIPTION
SSL_CTX_new() creates a new B<SSL_CTX> object as framework to
=head1 DESCRIPTION
SSL_CTX_new() creates a new B<SSL_CTX> object as framework to
-establish TLS/SSL or DTLS enabled connections.
+establish TLS/SSL or DTLS enabled connections. An B<SSL_CTX> object is
+reference counted. Creating an B<SSL_CTX> object for the first time increments
+the reference count. Freeing it (using SSL_CTX_free) decrements it. When the
+reference count drops to zero, any memory or resources allocated to the
+B<SSL_CTX> object are freed. SSL_CTX_up_ref() increments the reference count for
+an existing B<SSL_CTX> structure.
-SSL_new - create a new SSL structure for a connection
+SSL_new, SSL_up_ref - create a new SSL structure for a connection
=head1 SYNOPSIS
#include <openssl/ssl.h>
SSL *SSL_new(SSL_CTX *ctx);
=head1 SYNOPSIS
#include <openssl/ssl.h>
SSL *SSL_new(SSL_CTX *ctx);
+ void SSL_up_ref(SSL *s);
=head1 DESCRIPTION
SSL_new() creates a new B<SSL> structure which is needed to hold the
data for a TLS/SSL connection. The new structure inherits the settings
of the underlying context B<ctx>: connection method,
=head1 DESCRIPTION
SSL_new() creates a new B<SSL> structure which is needed to hold the
data for a TLS/SSL connection. The new structure inherits the settings
of the underlying context B<ctx>: connection method,
-options, verification settings, timeout settings.
+options, verification settings, timeout settings. An B<SSL> structure is
+reference counted. Creating an B<SSL> structure for the first time increments
+the reference count. Freeing it (using SSL_free) decrements it. When the
+reference count drops to zero, any memory or resources allocated to the B<SSL>
+structure are freed. SSL_up_ref() increments the reference count for an
+existing B<SSL> structure.
=item SSL_CTX *B<SSL_CTX_new>(const SSL_METHOD *meth);
=item SSL_CTX *B<SSL_CTX_new>(const SSL_METHOD *meth);
+=item void SSL_CTX_up_ref(SSL_CTX *ctx);
+
=item int B<SSL_CTX_remove_session>(SSL_CTX *ctx, SSL_SESSION *c);
=item int B<SSL_CTX_sess_accept>(SSL_CTX *ctx);
=item int B<SSL_CTX_remove_session>(SSL_CTX *ctx, SSL_SESSION *c);
=item int B<SSL_CTX_sess_accept>(SSL_CTX *ctx);
=item SSL *B<SSL_new>(SSL_CTX *ctx);
=item SSL *B<SSL_new>(SSL_CTX *ctx);
+=item void SSL_up_ref(SSL *s);
+
=item long B<SSL_num_renegotiations>(SSL *ssl);
=item int B<SSL_peek>(SSL *ssl, void *buf, int num);
=item long B<SSL_num_renegotiations>(SSL *ssl);
=item int B<SSL_peek>(SSL *ssl, void *buf, int num);
__owur int SSL_CTX_set_cipher_list(SSL_CTX *, const char *str);
__owur SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth);
__owur int SSL_CTX_set_cipher_list(SSL_CTX *, const char *str);
__owur SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth);
+void SSL_CTX_up_ref(SSL_CTX *ctx);
void SSL_CTX_free(SSL_CTX *);
__owur long SSL_CTX_set_timeout(SSL_CTX *ctx, long t);
__owur long SSL_CTX_get_timeout(const SSL_CTX *ctx);
void SSL_CTX_free(SSL_CTX *);
__owur long SSL_CTX_set_timeout(SSL_CTX *ctx, long t);
__owur long SSL_CTX_get_timeout(const SSL_CTX *ctx);
unsigned int sid_ctx_len);
SSL *SSL_new(SSL_CTX *ctx);
unsigned int sid_ctx_len);
SSL *SSL_new(SSL_CTX *ctx);
+void SSL_up_ref(SSL *s);
__owur int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
unsigned int sid_ctx_len);
__owur int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
unsigned int sid_ctx_len);
+void SSL_up_ref(SSL *s)
+{
+ CRYPTO_add(&s->references, 1, CRYPTO_LOCK_SSL);
+}
+
int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx,
unsigned int sid_ctx_len)
{
int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx,
unsigned int sid_ctx_len)
{
+void SSL_CTX_up_ref(SSL_CTX *ctx)
+{
+ CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX);
+}
+
void SSL_CTX_free(SSL_CTX *a)
{
int i;
void SSL_CTX_free(SSL_CTX *a)
{
int i;
SSL_clear_options 468 1_1_0 EXIST::FUNCTION:
SSL_set_options 469 1_1_0 EXIST::FUNCTION:
SSL_get_options 470 1_1_0 EXIST::FUNCTION:
SSL_clear_options 468 1_1_0 EXIST::FUNCTION:
SSL_set_options 469 1_1_0 EXIST::FUNCTION:
SSL_get_options 470 1_1_0 EXIST::FUNCTION:
+SSL_up_ref 471 1_1_0 EXIST::FUNCTION:
+SSL_CTX_up_ref 472 1_1_0 EXIST::FUNCTION: