From: Lutz Jänicke <jaenicke@openssl.org>
Date: Thu, 27 Mar 2003 22:04:05 +0000 (+0000)
Subject: Add warning about unwanted side effect when calling SSL_CTX_free():
X-Git-Tag: BEN_FIPS_TEST_1~38^2~185
X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=423b1a840c72423ae20b3dcbfe34f4b204a125bf;ds=sidebyside

Add warning about unwanted side effect when calling SSL_CTX_free():
sessions in the external session cache might be removed.
Submitted by: "Nadav Har'El" <nyh@math.technion.ac.il>

PR: 547
---

diff --git a/doc/ssl/SSL_CTX_free.pod b/doc/ssl/SSL_CTX_free.pod
index 55e592f5f8..51d8676968 100644
--- a/doc/ssl/SSL_CTX_free.pod
+++ b/doc/ssl/SSL_CTX_free.pod
@@ -20,12 +20,22 @@ It also calls the free()ing procedures for indirectly affected items, if
 applicable: the session cache, the list of ciphers, the list of Client CAs,
 the certificates and keys.
 
+=head1 WARNINGS
+
+If a session-remove callback is set (SSL_CTX_sess_set_remove_cb()), this
+callback will be called for each session being freed from B<ctx>'s
+session cache. This implies, that all corresponding sessions from an
+external session cache are removed as well. If this is not desired, the user
+should explicitly unset the callback by calling
+SSL_CTX_sess_set_remove_cb(B<ctx>, NULL) prior to calling SSL_CTX_free().
+
 =head1 RETURN VALUES
 
 SSL_CTX_free() does not provide diagnostic information.
 
 =head1 SEE ALSO
 
-L<SSL_CTX_new(3)|SSL_CTX_new(3)>, L<ssl(3)|ssl(3)>
+L<SSL_CTX_new(3)|SSL_CTX_new(3)>, L<ssl(3)|ssl(3)>,
+L<SSL_CTX_sess_set_get_cb(3)|SSL_CTX_sess_set_get_cb(3)>
 
 =cut
diff --git a/doc/ssl/SSL_CTX_sess_set_get_cb.pod b/doc/ssl/SSL_CTX_sess_set_get_cb.pod
index 7c0b2baf6c..b9d54a40a1 100644
--- a/doc/ssl/SSL_CTX_sess_set_get_cb.pod
+++ b/doc/ssl/SSL_CTX_sess_set_get_cb.pod
@@ -60,10 +60,11 @@ B<sess>. If the callback returns B<0>, the session will be immediately
 removed again.
 
 The remove_session_cb() is called, whenever the SSL engine removes a session
-from the internal cache. This happens if the session is removed because
-it is expired or when a connection was not shutdown cleanly. The
-remove_session_cb() is passed the B<ctx> and the ssl session B<sess>.
-It does not provide any feedback.
+from the internal cache. This happens when the session is removed because
+it is expired or when a connection was not shutdown cleanly. It also happens
+for all sessions in the internal session cache when
+L<SSL_CTX_free(3)|SSL_CTX_free(3)> is called. The remove_session_cb() is passed
+the B<ctx> and the ssl session B<sess>. It does not provide any feedback.
 
 The get_session_cb() is only called on SSL/TLS servers with the session id
 proposed by the client. The get_session_cb() is always called, also when
@@ -80,6 +81,7 @@ L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>.
 L<ssl(3)|ssl(3)>, L<d2i_SSL_SESSION(3)|d2i_SSL_SESSION(3)>,
 L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>,
 L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)>,
-L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>
+L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>,
+L<SSL_CTX_free(3)|SSL_CTX_free(3)>
 
 =cut