@@ -467,26 +467,40 @@
info channel major minor message type
This form of callback is invoked by the OpenSSL function
- SSL_CTX_set_info_callback()
.
+ SSL_CTX_set_info_callback()
during connection setup
+ and use.
- The major and minor arguments are used to
- represent the state information bitmask.
- Possible values for major are:
handshake, alert, connect, accept
.
- Possible values for minor are:
start, done, read, write, loop, exit
.
- The message argument is a descriptive string which may
be generated either by
SSL_state_string_long()
or by
SSL_alert_desc_string_long()
, depending on context.
- For alerts, the possible values for type are:
-
warning, fatal, and unknown
.
+ warning, fatal, and unknown
. For others,
+ info
is used.
+
+
+ message channel direction version content_type data
+
+
+ This form of callback is invoked by the OpenSSL function
+ SSL_set_msg_callback()
whenever a message is sent or
+ received. It is only available when
+ OpenSSL is complied with the enable-ssl-trace option.
+ Where direction is Sent or Received, version is the
+ protocol version, content_type is the message content type,
+ and data is more info on the message from the SSL_trace
API.
+
+
session session_id ticket lifetime
@@ -528,13 +542,13 @@
alpn protocol
For servers, this form of callback is invoked when the client ALPN
- extension is received and the first -alpn specified protocol common
- to the both the client and server is selected. If none, the first
- client specified protocol is used.
+ extension is received. Where protocol is the first
+ -alpn specified protocol common to the both the client and
+ server. If none, the first client specified protocol is used.
@@ -552,13 +566,14 @@
sni servername
For servers, this form of callback is invoked when the SNI extension
- from the client is received. This is used when a server supports multiple
- names, so the right certificate can be used. Called after hello
- callback but before ALPN callback.
+ from the client is received. Where servername is the client
+ provided server name from the -servername option. This is
+ used when a server supports multiple names, so the right certificate
+ can be used. Called after hello callback but before ALPN callback.
@@ -565,11 +580,12 @@
verify channel depth cert status error
This form of callback is invoked by OpenSSL when a new certificate
is received from the peer. It allows the client to check the
- certificate chain verification results and choose whether to continue or not.
+ certificate verification results and choose whether to continue
+ or not. It is called for each certificate in the certificate chain.
- The depth argument is an integer representing the
current depth on the certificate chain, with
0
as the peer certificate and higher values going
up to the Certificate Authority (CA).